Volver al Glosario

Credential On File (COF)

En este artículo:

What is a Credential On File (COF) transaction?

A Credential On File (COF) transaction is one in which the merchant uses a customer’s previously stored payment information because the cardholder has expressly authorized its storage and use for future purchases.

How does a COF work?

Card data (for example, number or token) is stored after the customer provides it in an initial transaction. The merchant can reuse this information for subsequent purchases without the customer needing to enter it again.

There are two main types of COF transactions:

  • CIT (Customer Initiated Transaction): Transactions initiated by the cardholder. The customer directly authorizes the payment using stored data.

  • MIT (Merchant Initiated Transaction): Transactions initiated by the merchant. The merchant processes the payment based on a prior agreement with the customer, such as subscriptions or automatic payments.

Why are COF transactions important?

Correctly identifying COF transactions is key under PSD2 regulations, as in merchant-initiated payments, the cardholder is not authenticated in real time.

For this reason, specific security protocols must be applied to ensure the transaction is protected. If transactions are not properly flagged as COF, they may be declined by the issuer, affecting both the customer experience and the merchant’s operations.

A common example of this type of transaction is a monthly subscription to a streaming service, where the merchant securely stores the card data to make automatic charges every month.

Temas destacados

Explora los conceptos más relevantes para impulsar tu negocio online.

PCI DSS

What is the PCI DSS standard? The Payment Card Industry Data Security Standard (PCI DSS) is a security standard designed to protect cardholder data and other sensitive authentication information during processing, storage and/or transmission.
See more

Tokenization

What is tokenization? Tokenization is the process of protecting sensitive data by replacing it with tokens, which are non-sensitive equivalents. A token does not contain real value or meaning; it is simply an identifier that allows those sensitive data points to be referenced securely.
See more

PSD2

What is PSD2? PSD2 (Payment Services Directive 2) is the latest European regulation covering payment services, affecting online payments as well as card and mobile payments.
See more
Newsletter

No te pierdas ninguna novedad

Suscríbete a nuestra newsletter y recibe las últimas noticias, novedades de producto y tendencias fintech directamente en tu correo.

    PayNoPain
    Powered by  GDPR Cookie Compliance
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.