I am a developer for an e-commerce platform that supports multiple merchants using Authorize.Net. We use the API to create and manage Customer Profiles, Payment Profiles, and to make transactions. Recently one of our merchants received an email about COF (Card on File) compliance and wanted to know whether we are complying with the mandate. I was directed to the following link https://support.authorize.net/s/article/Authorize-Net-Mandate-Compliance-Overview and am looking for some clarification on what is required from us.
We have Merchant Initiated Transactions that occur for subscription charges (not using ARB), though we are using Payment Profiles to accomplish this. Is Authorize.Net able to populate the necessary COF fields for these types of transactions automatically, or do we need to supply parameters to the 'createTransactionRequest'?
From what I have read, the COF fields only apply to Merchants who are storing payment credentials for future use. Though in this case Authorize Net is storing the credentials for our Merchants, it stands to reason that we would need to provide parameters (subsequentAuthInformation, originalNetworkTransId, reason etc.) which Authorize Net may not be able to supply.