marcopolo Online payment
Sign up

Introduction

Recurring payments are the ideal solution for a higher conversion rate. Once your customers have processed a successful transaction including 3-D Secure, you may

  • Request subsequent transactions on your customers' behalf (i.e. for subscriptions/installments)
  • Prefill your customers' card data on your payment page

Doing this requires storing sensitive card data. However, to keep your current PCI compliancy level, leave this to us! Our solution allows you to

  • Store sensitive payment data safely on our platform and use them for planned or unscheduled recurring payments
  • Enhance your customers’ shopping experience by prefilling fields on the payment page and skipping SCA whenever possible
This feature is available for all credit card payment methods

Understand recurring payments and use cases

The basis for recurring payments is the so-called token. When tokenising a card, we store the card credentials on our platform in a secure vault. In exchange, we return a token to your servers. Storing this token on your server has no impact on your PCI-DSS level. Hence, a token points to a card profile linked to a specific customer. This allows you to re-use the card for subsequent payments to

The SCA ruleset and the card scheme’s Credentials-On-File regulation (COF) determine the creation and use of tokens:

  • You need to request Strong Customer Authentication (SCA) when creating a token. The SCA legitimates the token’s fair use for subsequent transactions without 3-D Secure for Subscriptions/installments / Delayed payments/Pay-per-use and with a chance for frictionless flow for 1-Click-Payments
  • COF requires you to be consistent and transparent when using tokens. Once you have created a a token, you need to follow the so-called Dynamic Linking principle: You must use a separate token for scheduled recurring payments and another one for unscheduled recurring payments. You are not allowed to cross-use a single token for both scenarios.

Understand use cases

Once you have created a token, you need to use it exclusively for one of the use cases:

To ensure the Dynamic Linking principle is applied, your customers' issuers associate every token with a traceId.  Our platform sends this traceId in the background to the issuer with every transaction a token is used for. This way the issuers can trace the appropriate use of the token for every transaction. If issuers cannot match a token/traceId with the one used for previous transactions, they might decline the transaction 

Process recurring payments

To respect the aforementioned rules, every first/subsequent transaction request requires you to send specific properties along with your request.
Have a look at the relevant properties and how to include them appropriately in specific use cases:

Property Description
cardPaymentMethodSpecificInput.
tokenize
token

tokenize: Indicates whether you want to create a token for this transaction
Fixed value "true" for creating a new token. Used only when creating the token with the first transaction regardless of the usage pattern

token: Points to the card profile stored on our platform you want to use for a recurring payment. Use the value returned in property token from your initial CreatePayment/CreateHostedCheckout request

cardPaymentMethodSpecificInput.
unscheduledCardOnFileRequestor
unscheduledCardOnFileSequenceIndicator
unscheduledCardOnFileRequestor: COF-specific property that indicates the party initating the transaction. Possible values:

unscheduledCardOnFileSequenceIndicator: COF-specific property that indicates whether the transaction is the first or subsequent payment of series of recurring transactions. Possible values:

threeDSecure.challengeIndicator

SCA-specific property to indicate the preferred 3-D Secure flow for this transaction

Fixed value "challenge-required" for creating a new token to process the transaction with SCA. The SCA legitimates the use of the token for upcoming recurring payments without 3-D Secure (for use cases Use token for subscriptions/installments and Use token for delayed payments/Pay-per-use) or at least with frictionless flow (for use case Use token for 1-Click-Payments).

For use case Use token for 1-Click-Payments, we recommend value "no-challenge-requested" to raise the chance of a frictionless flow. Not relevant for any MIT uses cases.

cardPaymentMethodSpecificInput.isRecurring Used exclusively with fixed value "true" for use case

Use token for subscriptions/installments
to indicate that COF information is used to process this payment

cardPaymentMethodSpecificInput.transactionChannel Used exclusively with fixed value "ECOMMERCE" for use case

Use token for subscriptions/installments
to indicate that COF information is used to process this payment

Find more information about these properties in our Full API reference.

Check out the dedicated chapters to know what to send for each possible use case:

Was this page helpful?

Do you have any comments?

Thank you for your response.