Skip to main content

Overview of support for stored credential transactions

Zuora

Overview of support for stored credential transactions

  1. Last updated
  2. Save as PDF

To comply with the Stored Credential Transactions (SCTs) framework, Zuora has provided support for SCTs for specific payment methods and payment gateways since 2019. Since the 2023.07.R2 release in July 2023, Zuora has rolled out the automatic creation of stored credential profiles for Credit Card, Debit Card, Apple Pay and Google Pay payment methods. For payment methods newly created through UI, API operations, or Payment Pages, the stored credential profiles including the network transaction ID (NTI) or equivalent will be created and activated for all supported card brands.

If you want the NTI to be added when creating a payment method, ensure that the Verify new payment method setting is enabled on the gateway instance configuration page. Otherwise, only an empty stored credential profile in Agreed status will be created.

If the Verify new payment method setting is enabled, a stored credential profile with the following properties is automatically created by Zuora.

Property Value Description
Profile action Activate

Zuora will send a cardholder-initiated transaction (CIT) to the payment gateway to validate the stored credential profile. If the CIT succeeds, the status of the stored credential profile will be Active. If the CIT does not succeed, Zuora will not create a stored credential profile.

If the payment gateway does not support the stored credential transaction framework, the status of the stored credential profile will be Agreed.
Profile type Recurring The stored credential profile can be used to process recurring but not unscheduled transactions.
Consent agreement source External Indicates that you have established the consent agreement with your customers through an external system outside of Zuora.

For existing payment methods that do not have an active stored credential profile, Zuora has created and activated stored credential profiles of the recurring type and stored the NTI that is returned from the gateway when performing payment grandfathering. The gateway uses an interim NTI to do payment grandfathering. In the case that the gateway no longer supports interim NTI values, the grandfathering period is over on the gateway end, so the payment grandfathering will fail and Zuora will not be able to retrieve the NTI. To stay in compliance with the Stored Credential regulation, Zuora must use the NTI that is retrieved from a successful authorization or payment on subsequent requests. If the grandfathering method does not work, the end-users must be brought back on-session to re-add their payment method details so that Zuora can retrieve and store the NTI.

Zuora’s automatic creation of stored credential profiles is based on the assumption that you have a process in place to capture the agreement elsewhere from your customers.

Through the Zuora UI or API operations, you can view and manage the stored credential profiles created by Zuora or by yourself. For details, see Manage stored credential profiles.

For Payment Pages implemented through Direct POST to perform CITs within Zuora, you still need to implement a way for customers to give consent for their payment credentials to be stored on file, and then configure your Payment Pages to set the Direct POST fields for stored credentials.

Payment gateways

The following gateway integrations in Zuora support stored credential transactions.

Note that Chase Orbital Gateway integration supports both recurring and unscheduled stored credential transactions. The other integrations support only recurring stored credential transactions.

Payment gateway Visa Mastercard Discover American Express JCB Diners Club
Adyen Integration v2.0 File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png
BlueSnap Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png    
Braintree Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png  
Chase Orbital Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png  
Checkout.com File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png
CyberSource, Payment API v2.0 File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png    
First Data Payeezy Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png    
Helix File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png   File:Z_Media/checkmarkGreen_xsm.png    
Moneris File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png    
NMI Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png
Opayo Direct File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png
PayPal Payflow File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png    
SaferPay File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png   File:Z_Media/checkmarkGreen_xsm.png
Stripe v2 Payment Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png
Vantiv (Now Worldpay) Payment Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png
Vantiv Payment Gateway, API v8.10 File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png      
Worldline Global Collect File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png
Worldpay Payment Gateway File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png File:Z_Media/checkmarkGreen_xsm.png

If you use a gateway that is not in the preceding table, Zuora will process payments as usual, but the payments will not comply with the Stored Credential Transaction framework.

Payment methods

Zuora supports stored credential transactions for the following types of payment methods:

Payment method Payment gateway integrations that support SCTs for the payment method
Credit Card/Debit Card All payment gateway integrations listed in the Payment gateways section
Apple Pay
  • Chase Paymentech Orbital Gateway
  • CyberSource Payment API v2.0
  • Vantiv (Now Worldpay)
  • Stripe v2
  • Checkout.com - Only support generating stored credential profiles for Apple Pay when processing payments. Generating stored credential profiles for Apple Pay when creating payment methods is not supported.
Google Pay
  • Adyen Integration v2.0
  • Chase Paymentech Orbital Gateway

Stored credential profile status

  • Agreed - The stored credential profile has not been validated via an authorization transaction with the payment gateway.
  • Active - The stored credential profile has been validated via an authorization transaction with the payment gateway.
  • Canceled - The stored credentials are no longer valid, per a customer request. Zuora cannot use the stored credentials in transactions.
  • Expired - The stored credentials are no longer valid, per an expiration policy in the stored credential transaction framework. Zuora cannot use the stored credentials in transactions.

Stored credential profile types

Zuora supports the following types of stored credential profiles:

  • Recurring profile: Indicates that you have obtained the customer’s consent to initiate future transactions at regular intervals.
  • Unscheduled profile: Indicates that you have obtained the customer’s consent to initiate future transactions that do not occur on scheduled or regularly occurring transaction dates. Only one Unscheduled profile is allowed for each payment method. Currently, the Unscheduled profile is only supported in Chase Orbital Gateway integration.

When configuring your Zuora tenant, the goal is to contain an Active stored credential profile for the payment methods created on the preceding gateway instances.

Limitations

The stored credential profile with the “Unscheduled” type is only supported for Chase Orbital Gateway integration.

Related articles 

For general information about Visa's Stored Credential Transaction framework, see Visa's guidance for merchants.