Recurring payments include repeat billing payments, such as subscriptions and membership fees. A recurring payment can be for a one-off amount, or it can be for a regular amount, such as a weekly, monthly, or annual charge. In all instances where recurring payments are set up, you must have requested authorization from the cardholder to take repeat payments.
Recurring payments are supported via the Paysafe Customer Vault API and Card Payments API. Merchants can use the Customer Vault API to create a customer profile and link a card or payment method to the profile. The Paysafe platform returns a payment token that can then be included in subsequent payment authorization and settlement requests, without requiring the merchant to collect card details again from the cardholder.
The Card Verification Value (CVV/CVV2/CVD) is not stored in the Customer Vault. Depending on the type of transaction, you may need to obtain this value from the customer and include it in your authorization request. For example:
- Regular payment (e.g., customer returning to your website for an additional purchase) – You must obtain the CVV from the customer and include it together with the token obtained from the Customer Vault.
- Transaction flagged as a recurring payment – Regular or subscription payments can be flagged by including the storedcredential object and setting it to recurring type in your authorization request. If you set the occurrence value to "INITIAL" you will need to obtain the customer's CVV. If you set it to "RECURRING" then you do not need to include it.
For details, see the StoredCredential object in the API Reference section.
Only low-risk merchants are able to use the recurring option for an authorization request. Merchants designated as trading in a high-risk category face additional restrictions. See the table below for examples.
|Merchant Category Code (MCC)||Category||Restrictions|
|6012||Financial Services||You must obtain cardholder authorization for each transaction from the customer and include their CVV/CVV2 value with each transaction, plus additional data (e.g., recipient name, date of birth, and postal/zip code). See the API Reference section.|
|7994, 7995||Online Gaming||You must obtain cardholder authorization for each transaction from the customer and include their CVV/CVV2 value with each transaction.|
Contact customer support for details of any restrictions relating to your merchant category code.
When setting up a recurring payment mandate with your customer, you must provide the customer with the following details:
- The frequency of the recurring transactions
- The period over which the recurring payments will be taken
If your customers are based in UK or EEA:
- The card schemes require that you use 3D Secure 2 for the initial authorization, when setting up the recurring plan.
- Request that your customer is ‘Challenged’ by their bank by setting the requestor challenge preference field to ‘CHALLENGE_MANDATED’ in the 3DS2 authentication request.
- Add the stored credential object to your authorization with the appropriate type (RECURRING or TOPUP) and occurrence set to INITIAL to indicate the initial payment.
- Do not request 3DS2 exemption on the Initial payment.
- When you receive a successful payment response from the Initial Recurring Payment, you should store the Initial Transaction ID in your back office for later processing in the subsequent Merchant-Initiated payment, Initial Transaction ID field.
- (Only applicable to tokenized transactions) Use the returned payment token from the initial transaction and include it in your subsequent authorization request.
- If your customers are based in UK/EEA, please provide:
- The Initial Transaction ID of the Initial payment where the relationship with the customer was established in the stored credential object.
- Alternatively, if the initial payment was created with another PSP and you don’t have the Paysafe Initial Transaction ID, please supply the External Initial Transaction ID (also called Visa Original Transaction ID (OTID) or Mastercard Trace ID) in the stored credential object.
- It is important that you provide a reference to the original transaction as without it you may receive an increased number of declines on your recurring payments.
The Paysafe Customer Vault API can be used for storing the profiles and card payment methods or bank account details of customers who have registered on your website and are frequent users of your service. In this scenario, each new purchase should be treated as a new payment request and not as a repeat billing or subscription transaction. This means that you should:
- Collect the customer's card CVV/CV2 value (recommended to ensure the customer has access to the payment card in card-not-present transactions);
- Authenticate the cardholder using the 3D Secure API (for customers in regions where 3D Secure is used);
- Fully authorize the payment using the Card Payments API, including the token obtained from the Customer Vault API.