To comply with the Stored Credential Transactions (SCTs) framework, Zuora has provided support for SCTs for specific payment methods and payment gateways since 2019. Since the 2023.07.R2 release in July 2023, Zuora has rolled out the automatic creation of stored credential profiles for Credit Card, Debit Card, Apple Pay and Google Pay payment methods. Zuora’s automatic creation of stored credential profiles is based on the assumption that you have a process in place to capture the agreement elsewhere from your customers.
For Payment Pages implemented through Direct POST to perform CITs within Zuora, you still need to implement a way for customers to give consent for their payment credentials to be stored on file, and then configure your Payment Pages to set the Direct POST fields for stored credentials.
For certain payment gateways such as Adyen, you must enable a specific setting at the gateway side to ensure the network transaction ID (NTI) is returned from the gateway to Zuora. For details, check Zuora's Overview article for the gateway and contact gateway's support.
New payment methods
For payment methods that are newly created through UI, API operations, or Payment Pages, the stored credential profiles including the NTI or equivalent will be created and activated for all supported card brands.
If you want the NTI to be added when creating a payment method, ensure that the Verify new payment method setting is enabled on the gateway instance configuration page. Otherwise, only an empty stored credential profile in Agreed status will be created.
If the Verify new payment method setting is enabled, a stored credential profile with the following properties is automatically created by Zuora.
Zuora will send a cardholder-initiated transaction (CIT) to the payment gateway to validate the stored credential profile. If the CIT succeeds, the status of the stored credential profile will be Active. If the CIT does not succeed, Zuora will not create a stored credential profile.
If the payment gateway does not support the stored credential transaction framework, the status of the stored credential profile will be Agreed.
|Profile type||Recurring||The stored credential profile can be used to process recurring but not unscheduled transactions.|
|Consent agreement source||External||Indicates that you have established the consent agreement with your customers through an external system outside of Zuora.|
Existing payment methods
For existing payment methods that do not have an active stored credential profile, Zuora creates and activates stored credential profiles of the recurring type and stores the NTI that is returned from the gateway when processing payment transactions. The NTI can be returned from the gateway through either the Sharing NTI feature or the payment grandfathering process.
Zuora supports using the Network Transaction ID (NTI) generated by card networks, such as Visa and Mastercard, in payment processing on different payment gateways. For example, there is an Adyen 2.0 gateway instance and a Stripe v2 gateway instance on your tenant. An NTI generated by Visa is stored on a card that was successfully used with the Adyen gateway instance, while no NTI is stored from a transaction with the Stripe gateway instance. With this Sharing NTI feature enabled, when processing a payment via the Stripe gateway instance, Zuora will use the NTI stored from the transaction initiated through Adyen. If there is more than one sharing NTI on your tenant, the latest one will be used.
Note that this feature is not universally supported across all payment gateway integrations. The following gateway integrations support this feature:
- Adyen Integration v2.0
- Chase Paymentech Orbital Gateway
- CyberSource v2.0
- Stripe v2
- Worldline Global Collect
- Access Worldpay
- Worldpay 1.4
The Sharing NTI feature is generally available in Sandbox environments. To enable it in Production environments, submit a request at Zuora Global Support.
For cases that are not supported through the Sharing NTI feature, Zuora stores the NTI that is generated when performing payment grandfathering. The gateway uses an interim NTI to do payment grandfathering. In the case that the gateway no longer supports interim NTI values, the grandfathering period is over on the gateway end, so the payment grandfathering will fail and Zuora will not be able to retrieve the NTI. To stay in compliance with the Stored Credential regulation, Zuora must use the NTI that is retrieved from a successful authorization or payment on subsequent requests. If the grandfathering method does not work, the end-users must be brought back on-session to re-add their payment method details so that Zuora can retrieve and store the NTI.
The following gateway integrations in Zuora support stored credential transactions.
Note that Chase Orbital Gateway integration supports both recurring and unscheduled stored credential transactions. The other integrations support only recurring stored credential transactions.
|Payment gateway||Visa||Mastercard||Discover||American Express||JCB||Diners Club|
|Adyen Integration v2.0|
|Chase Paymentech Orbital Gateway|
|CyberSource, Payment API v2.0|
|First Data Payeezy Gateway|
|Vantiv (Now Worldpay)|
|Vantiv Payment Gateway, API v8.10|
|Worldline Global Collect|
If you use a gateway that is not in the preceding table, Zuora will process payments as usual, but the payments will not comply with the Stored Credential Transaction framework.
Zuora supports stored credential transactions for the following types of payment methods:
|Payment method||Payment gateway integrations that support SCTs for the payment method|
|Credit Card/Debit Card||All payment gateway integrations listed in the Payment gateways section|
Stored credential profile status
- Agreed - The stored credential profile has not been validated via an authorization transaction with the payment gateway.
- Active - The stored credential profile has been validated via an authorization transaction with the payment gateway.
- Canceled - The stored credentials are no longer valid, per a customer request. Zuora cannot use the stored credentials in transactions.
- Expired - The stored credentials are no longer valid, per an expiration policy in the stored credential transaction framework. Zuora cannot use the stored credentials in transactions.
Stored credential profile types
Zuora supports the following types of stored credential profiles:
- Recurring profile: Indicates that you have obtained the customer’s consent to initiate future transactions at regular intervals.
- Unscheduled profile: Indicates that you have obtained the customer’s consent to initiate future transactions that do not occur on scheduled or regularly occurring transaction dates. Only one Unscheduled profile is allowed for each payment method. Currently, the Unscheduled profile is only supported in Chase Orbital Gateway integration.
When configuring your Zuora tenant, the goal is to contain an Active stored credential profile for the payment methods created on the preceding gateway instances.
View and manage stored credential profiles
Through the Zuora UI or API operations, you can view and manage the stored credential profiles created by Zuora or by yourself. For details, see Manage stored credential profiles.
The stored credential profile with the “Unscheduled” type is only supported for Chase Orbital Gateway integration.
For general information about Visa's Stored Credential Transaction framework, see Visa's guidance for merchants.