What are card-on-file transactions?

Card-on-file transactions are up there among the fastest and most convenient payment types. Customers want speed above all else, and nothing says speed more than the simple press of a button. Card-on-file transactions are adaptable to any industry and work particularly well with subscription-based businesses such as insurance, streaming services, or utility services. This article explores card-on-file transactions, how they work, and their benefits and disadvantages.

What are card-on-file transactions?

Card-on-file transactions are transactions where the cardholder’s details don’t have to be introduced. The cardholder needs to authorise the merchant to store their card details for future purchases. Once payment details are stored, every purchase from then on can be initiated simply by clicking a button. In the case of recurring payments, the card details are held, and the price automatically leaves the customer’s account on a set date.

Card-on-file transactions are prevalent in subscription-based services such as video and music streaming platforms. These services already contain all the payment information they need from the customer and are allowed by the customer to charge their card on a set basis. But card-on-file transactions are becoming increasingly popular in many other business models. E-commerce, for instance, is an industry that experienced exponential growth and that is helping shape other sectors too. Marketplaces like Amazon or eBay enable customers to purchase products using the card details already stored on the platform.  

Millennials are more likely to use online payments.

Advantages of card-on-file transactions

The main advantage we see is the speed and convenience of transactions for customers. Offering customers a fast and frictionless payment experience with one-click checkouts gives businesses the upper hand in retaining them and making them loyal to the brand. When competition is sky-high and new innovative players are frequently coming up, this is fundamental to nail. The less work the customer has to do, the better.

Enterprises can also leverage the latest technology to ensure data protection and payment security with card-on-file transactions. Technologies such as tokenisation and encryption are prevalent for card-on-file transactions, and it’s easy to see how they are relevant.

Disadvantages of card-on-file transactions

When it comes to the disadvantages of using card-on-file, one of the most significant risks of card-on-file transactions is safely storing this payment data. This can easily be a concern for customers, as they may not be aware of the security tools used to protect their data. However, aside from the potential reluctance from customers, these transactions are as safe as any other payment method.

Customers also do need to update their card details should they lose their card or should the card expire. This is an added task to the simplicity of card-on-file payments and a distinguishing factor between card-on-file and digital wallets. Customers don’t have to worry about updating their payment details with digital wallets, even when their card expires. These details are updated automatically, and the digital wallet is ready to use at any time, giving customers more flexibility and assurance. Because customers need to update their details on their accounts, card-on-file has a more significant risk of customer churn due to lost, stolen, or expired cards.

Payment networks regulations for card-on-file transactions

Card networks often issue their own set of regulations to protect customer data. These apply primarily to how merchants handle and manage stored payment credentials. While each payment network’s rules may be slightly different, there are some general terms that all of them include. These are:

  • Merchants must obtain consent from the cardholder before storing any payment details
  • Merchants must disclose precisely how the cardholder’s payment details are stored and when they will be used
  • Merchants must notify cardholders whenever there are any changes to the terms of use
  • Merchants must use specific data indicators to identify transactions made using stored payment data
Payment references are important for companies to match the payment with the customer account.

Card-on-file EMV payment tokenization

We have mentioned security as a concern for card-on-file transactions, and statistics back it up. In the UK, in 2020 only, the value of annual losses from CNP fraud reached £452.6 million (Statista report). This is a worrying figure that has been increasing over the past two decades. To prevent fraud and help protect customers’ card data, merchants can use various security technologies such as 3D Secure and Tokenisation. While these technologies are vital, they also can’t affect the user experience and the seamless journey customers expect.  

EMV payment tokenisation ensures that fraudsters can’t access the data stored in merchants’ databases. It replaces the customers’ primary account number (PAN) with a unique token. Even if fraudsters can get into the transaction flow, these tokenised numbers aren’t unreadable. This type of security tool enhances data protection while still ensuring that customers get a frictionless experience. You can read more about card tokenisation in our previous article or access a complete guide to payment tokenisation here.

While card-on-file transactions come with their risks, they are a very convenient way for merchants to process transactions,  and they are also heavily regulated. When storing and managing cardholders ‘ details, it is essential to keep in mind both the payment networks’ set of regulations and the international standards for payments, such as the PCI DSS, as meeting these standards ensures your customers’ protection.

Imburse can deliver a fully Level 1 PCI compliant solution while offering a truly payment provider agnostic ecosystem and highly customizable user interfaces and journeys. Imburse is PCI Level 1 compliant, delivering a suite of services and features that suit the enterprise’s broad needs.

About Imburse

Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using various payment technologies and providers around the globe.

In a world where consumers’ payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or needs, Imburse will connect you to your choice of technology and provider.

Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.

Share to: