Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Card On File (COF) Mandate Compliance



I am a developer for an e-commerce platform that supports multiple merchants using Authorize.Net. We use the API to create and manage Customer Profiles, Payment Profiles, and to make transactions. Recently one of our merchants received an email about COF (Card on File) compliance and wanted to know whether we are complying with the mandate. I was directed to the following link and am looking for some clarification on what is required from us.


We have Merchant Initiated Transactions that occur for subscription charges (not using ARB), though we are using Payment Profiles to accomplish this. Is Authorize.Net able to populate the necessary COF fields for these types of transactions automatically, or do we need to supply parameters to the 'createTransactionRequest'?


From what I have read, the COF fields only apply to Merchants who are storing payment credentials for future use. Though in this case Authorize Net is storing the credentials for our Merchants, it stands to reason that we would need to provide parameters (subsequentAuthInformation, originalNetworkTransId, reason etc.) which Authorize Net may not be able to supply.


I found this article which goes into detail on how to implement support for Card-On-File transactions, but this seems to only apply to the FDC Nashville processor, and I'm not sure which processor(s) our merchants are using.


Thanks in advance,

Who Me Too'd this topic