PCI DSS compliance: Everything you need to know
Following similar regulations by Visa in 2017, Mastercard announced the introduction of a new card-on-file indicator for identifying recurring Mastercard transactions performed with stored payment credentials.
Recurring transactions are known as card-on-file transactions or subscription transactions.
A card-on-file transaction is a transaction where a cardholder authorised a merchant to store the cardholder’s Mastercard or Maestro payment details. And then the cardholder authorises that same merchant to bill the cardholder’s stored Mastercard or Maestro account.
A card-on-file transaction can be cardholder-initiated transactions (such as an ecommerce transaction, mail order transaction, or phone order transaction) or, as a result of an agreement with the cardholder, merchant-initiated (such as installment payments and Account Status Inquiry (Account Validations)). Account Status Inquiry for new cards should not include the new card-on-file indicator.
A recurring transaction can be classified as a subscription payment when:
From June 12, 2018, merchants processing Mastercard transactions in all regions are required to submit the correct transaction indicators as follows:
By default we will flag recurring transactions as subscription so you don’t have to.
For merchants offering recurring transactions that are not subscription, we can flag your traffic as card-on-file for you.
Please contact your dedicated Account Manager or our support team to finalise the configuration.
For merchants processing both card-on-file transactions as well as subscription transactions on the same merchant account we also offer an API field for flagging recurring transactions.
In order to identify when you are sending an authorisation referring to a recurring payment or to a card-on-file transaction, you need to provide attribute “recurringProcessingModel” in your API call.
In terms of your Adyen integration, the same technical changes/configurations are required in order to adhere to both Visa and Mastercard compliance updates.
Please make sure that you make any necessary changes by June 12, 2018.
Mastercard will monitor the use of the new indicators for compliance purposes.
Non-compliant assessment fees could be communicated in the future.
We will monitor issuer behavior during the rollout of the new transaction indicators to rule out any negative impact when sending the new indicators to issuers.