On This Page
REST API

Processing Payments with TMS and Network Tokens

For Tokenized Payments, there are two primary business models with numerous transaction types for merchants. These two models include credential-on-file (COF) and merchant-initiated transaction (MIT) mandates, which enable issuers to identify such transactions.
  1. Credential-on-File (COF) Mandate
    The COF mandate enables a merchant to identify any pre-existing relationship between a cardholder and an issuer using a common identifier.
  2. Merchant-Initiated Transaction (MIT) Mandate
    The MIT mandate ensures that merchants, acquirers, and issuers understand the transaction processing cycle. The MIT framework introduces a global standard for identifying transaction intent and whether a transaction is merchant initiated (without participation of cardholder). For COF transactions, the cardholder does not need to enter card details because the merchant uses payment credentials previously stored by the cardholder using a customer’s merchant profile. 
Processing Customer-Initiated Transactions (CIT)
For initial CIT transaction processing:
  1. Establishment of Relationship
    The initial transaction must be identified as a COF transaction even when it is the first instance (whether a zero-dollar authorization or first transaction). A COF network token can be requested at this time. The cardholder must be present for this initial transaction.
    Merchant Action:
     A TMS token request can be made along with an enrollment request to provision a COF network token. TMS stores the COF network token value and meta data such as network transaction ID, token expiry date, ...etc. for subsequent use.
  2. Consumer-Initiated Transaction (CIT) using COF
    A CIT uses payment information provided by the cardholder. The cardholder orders an item online and instructs you to use the payment information that is saved in your system. A token can be used when requesting the payment.  During the request TMS will send the COF network token with a cryptogram to the payment processor. Cybersource TMS stores the network transaction ID which can be used for future MIT transactions.
    Merchant Action:
     A TMS token request can be made along with an enrollment request to provision a COF network token. TMS stores the COF network token value and meta data such as network transaction ID, token expiry date, ...etc. for subsequent use. The initial transaction will be processed using the PAN / TMS token while the network token is being provisioned.
Processing Merchant-Initiated Transactions (MIT)
Merchants must evaluate their business to determine whether their transactions correspond to the network-defined designations for MIT. Follow the industry-specific and standing instructions, which vary across the card brands. The types of MIT’s include:
  1. Resubmission:
      A merchant resubmits transactions that request an authorization but were declined due to insufficient funds while the goods or services were already delivered to the cardholder. A merchant in this situation can resubmit the request to recover outstanding debt from cardholders.
  2. Reauthorization:
      A merchant initiates a reauthorization when the original order or service is not complete or fulfilled within the valid authorization limit set by Visa.
  3. Installment Payment:
       An installment payment is one transaction in a series of transactions that uses stored credentials. This type of payment requires a cardholder agreement so that the merchant can initiate one or more transactions over a period for a single purchase.
  4. Recurring Payment:
     A Recurring Payment is a transaction in a series of transactions that uses a stored credential and that is processed at fixed, regular intervals (not to exceed one year). This type of transaction requires a cardholder agreement for the merchant to initiate future transactions at regular intervals for the purchase of goods or services.
  5. Unscheduled Credential on File (COF):
     This type of transaction uses a stored credential for a fixed or variable amount and does not occur on a scheduled or regularly occurring transaction date. The cardholder must provide consent for the merchant to initiate one or more future transactions. An example of such a transaction is an account auto-top-up transaction.
Merchant Action:
 Refer to the Cybersource guides for more information on the various MIT transaction types per card brand to ensure you are sending proper payment submissions for the payment request. For MIT transactions, TMS sends the network token and transaction ID when submitting a payment for an MIT.