Card On File (COF) and Customer Initiated Transactions (CIT)

We have received some information from users of Authorize.net that discuss their approach to forthcoming mandates for using saved credit card data:

• Card on File (COF)
  • Customer Initiated Transaction (CIT)
  • Merchant Initiated Transactions (MIT)
• Purchase Return Authorizations (PRA)

Authorize.Net is currently in the process of implementing support for the Visa, MasterCard, and Discover Card on File (COF) for Customer Initiated Transaction (CIT) and Merchant Initiated Transaction (MIT) as well as the separate Purchase Returns Authorization (PRA) Mandates. This article will provide you with the latest, up-to-date information available as well as links to available resources for more information.

 

What does this mean for Auth.net users (and potentially users of other merchant providers)

Card on file (COF) means that you, the merchant, are saving customer payment data for future reuse.

The vast majority of credit card authorizations in Theatre Manager result from cards entered online by patrons or typed/swiped/tapped at the box office as part of a transaction. These transactions are not the subject of this email from Authorize.net Theatre Manager supports post dated or recurring payments for donations and other purchases which may be affected by the Visa, MasterCard, Discover rules. If data is stored in Theatre Manager, post dated payments are considered Card Not Present transactions, and treated as the above - just like they are original transactions with all card data. If data is stored at the credit card company using merchant profiles they may be subject to any of the Visa/Mastercard/Discover data storage changes described by Authorize.net as 'in-progress'. In this case, as it pertains to Theatre Manager, your merchant processor will handle any changes required.

This directive from Authorize.net is targeted and reusable card data stored using merchant profiles at the credit card companies. It does not affect data stored locally in Theatre Manager since those are always processed with full card data in exactly the same manner as all card transactions.

 

How to influence stored credit card data in Theatre Manager

Theatre Manager enables saving card data is via settings in system preferences PCI tab:

• for self hosted - you can pick schedule D in the PCI tab (see explanations of Schedule A/B/C/D) and decide how long you want to save data, or you can pick the other two options.
• for cloud hosted - you can decide to:
  • never store data (schedule C), or
  • only store card data for only post dated payments (schedule D)
• For either self hosted or cloud hosted, you can enable Merchant Profile and Theatre Manager will send card data to your merchant provider to get them to store it. This:
  • moves all responsibility for storing card data to your merchant provider -without-
  • diminishing your ability to use this stored card data for recurring payments.