Overview of support for stored credential transactions
Zuora supports stored credential transactions (SCTs) for various payment methods and gateways, enabling automatic creation of stored credential profiles and compliance with the SCT framework. This includes features like Sharing NTI and payment grandfathering to manage network transaction IDs (NTIs) across different gateways.
Introduction
To comply with the Stored Credential Transactions (SCTs) framework, Zuora has provided support for SCTs for specific payment methods and payment gateways since 2019. Since the 2023.07.R2 release in July 2023, Zuora has rolled out the automatic creation of stored credential profiles for Credit Card, Debit Card, Apple Pay and Google Pay payment methods. Zuora’s automatic creation of stored credential profiles is based on the assumption that you have a process in place to capture the agreement elsewhere from your customers.
For Payment Pages implemented through Direct POST to perform CITs within Zuora, you still need to implement a way for customers to give consent for their payment credentials to be stored on file, and then configure your Payment Pages to set the Direct POST fields for stored credentials .
For certain payment gateways such as Adyen, you must enable a specific setting at the gateway side to ensure the network transaction ID (NTI) is returned from the gateway to Zuora. For details, check Zuora's Overview article for the gateway and contact gateway's support.
Existing payment methods
For existing payment methods that do not have an active stored credential profile, Zuora creates and activates stored credential profiles of the recurring type and stores the NTI that is returned from the gateway when processing payment transactions. If you want the NTI to be returned and added, ensure that the Verify updated payment method setting is enabled on the gateway instance configuration page. The NTI can be returned from the gateway through either the Sharing NTI feature or the payment grandfathering process.
Sharing NTI
Zuora supports using the Network Transaction ID (NTI) generated by card networks, such as Visa and Mastercard, in payment processing on different payment gateways. For example, there is an Adyen 2.0 gateway instance and a Stripe v2 gateway instance on your tenant. An NTI generated by Visa is stored on a card that was successfully used with the Adyen gateway instance, while no NTI is stored from a transaction with the Stripe gateway instance. With this Sharing NTI feature enabled, when processing a payment via the Stripe gateway instance, Zuora will use the NTI stored from the transaction initiated through Adyen. If there is more than one sharing NTI on your tenant, the latest one will be used.
Note that this feature is not universally supported across all payment gateway integrations. The following gateway integrations support this feature:
-
Adyen Integration v2.0
-
BlueSnap
-
Braintree
-
Chase Paymentech Orbital Gateway
-
CyberSource v2.0
-
Helix
-
Moneris
-
Saferpay
-
Stripe v2
-
Worldline Global Collect
-
Access Worldpay
-
Worldpay 1.4
The Sharing NTI feature is generally available in Sandbox environments. To enable it in Production environments, submit a request at Zuora Global Support .
Payment grandfathering
For cases that are not supported through the Sharing NTI feature, Zuora stores the NTI that is generated when performing payment grandfathering. The gateway uses an interim NTI to do payment grandfathering. In the case that the gateway no longer supports interim NTI values, the grandfathering period is over on the gateway end, so the payment grandfathering will fail and Zuora will not be able to retrieve the NTI. To stay in compliance with the Stored Credential regulation, Zuora must use the NTI that is retrieved from a successful authorization or payment on subsequent requests. If the grandfathering method does not work, the end-users must be brought back on-session to re-add their payment method details so that Zuora can retrieve and store the NTI.
Payment methods
Zuora supports stored credential transactions for the following types of payment methods:
-
Credit Card/Debit Card
-
Apple Pay
-
Google Pay
Stored credential profile status
-
Agreed - The stored credential profile has not been validated via an authorization transaction with the payment gateway.
-
Active - The stored credential profile has been validated via an authorization transaction with the payment gateway.
-
Canceled - The stored credentials are no longer valid, per a customer request. Zuora cannot use the stored credentials in transactions.
-
Expired - The stored credentials are no longer valid, per an expiration policy in the stored credential transaction framework. Zuora cannot use the stored credentials in transactions.
Stored credential profile types
Zuora supports the following types of stored credential profiles:
-
Recurring profile: Indicates that you have obtained the customer’s consent to initiate future transactions at regular intervals.
-
Unscheduled profile: Indicates that you have obtained the customer’s consent to initiate future transactions that do not occur on scheduled or regularly occurring transaction dates. Only one Unscheduled profile is allowed for each payment method. Currently, the Unscheduled profile is only supported in Chase Orbital Gateway integration.
When configuring your Zuora tenant, the goal is to contain an Active stored credential profile for the payment methods created on the preceding gateway instances.
View and manage stored credential profiles
Through the Zuora UI or API operations, you can view and manage the stored credential profiles created by Zuora or by yourself. For details, see Manage stored credential profiles .
Limitations
The stored credential profile with the “Unscheduled” type is only supported for Chase Orbital Gateway integration.
Related articles
For general information about Visa's Stored Credential Transaction framework, see Visa's guidance for merchants .