Recurring payments include repeat billing payments, such as subscriptions and membership fees. A recurring payment can be for a one-off amount, or it can be for a regular amount, such as a weekly, monthly, or annual charge. In all instances where recurring payments are set up, you must have requested authorization from the cardholder to take repeat payments.
Recurring payments are supported via the Paysafe Customer Vault API and Card Payments API. Merchants can use the Customer Vault API to create a customer profile and link a card or payment method to the profile. The Paysafe platform returns a payment token that can then be included in subsequent payment authorization and settlement requests, without requiring the merchant to collect card details again from the cardholder.
Is the Card Verification Value Required?
The Card Verification Value (CVV/CVV2/CVD) is not stored in the Customer Vault. Depending on the type of transaction, you may need to obtain this value from the customer and include it in your authorization request. For example:
- Regular payment (e.g., customer returning to your website for an additional purchase) – You must obtain the CVV from the customer and include it together with the token obtained from the Customer Vault.
- Transaction flagged as a recurring payment – Regular or subscription payments can be flagged by including the recurring parameter in your authorization request. If this parameter value is set to "INITIAL" you will need to obtain the customer's CVV. If it is set to "RECURRING" then you do not need to include it.
For details, see the Card Auth object in the API Reference section.
Restrictions on the Use of Recurring Payments
Only low-risk merchants are able to use the recurring option for an authorization request. Merchants designated as trading in a high-risk category face additional restrictions. See the table below for examples.
|Merchant Category Code (MCC)||Category||Restrictions|
|6012||Financial Services||You must obtain cardholder authorization for each transaction from the customer and include their CVV/CVV2 value with each transaction, plus additional data (e.g., recipient name, date of birth, and postal/zip code). See the visaAdditionalAuthData topic in the API Reference section.|
|7994, 7995||Online Gaming||You must obtain cardholder authorization for each transaction from the customer and include their CVV/CVV2 value with each transaction.|
Contact customer support for details of any restrictions relating to your merchant category code.
Setting Up the Initial Recurring Payment
When setting up a recurring payment mandate with your customer, you must provide the customer with the following details:
- The frequency of the recurring transactions
- The period over which the recurring payments will be taken
The card schemes recommend that you use 3D Secure for the initial authorization transaction when setting up the recurring payment.
Processing a Recurring Payment
- Use the returned payment token and include it in your authorization request.
- If an initial authorization was not obtained when the token was created, you should also obtain the customer's CVV/CV2 value and include this with the authorization request.
Processing Payments for Returning Customers
The Paysafe Customer Vault API can be used for storing the profiles and card payment methods or bank account details of customers who have registered on your website and are frequent users of your service. In this scenario, each new purchase should be treated as a new payment request and not as a repeat billing or subscription transaction. This means that you should:
- Collect the customer's card CVV/CV2 value (recommended to ensure the customer has access to the payment card in card-not-present transactions);
- Authenticate the cardholder using the 3D Secure API (for customers in regions where 3D Secure is used);
- Fully authorize the payment using the Card Payments API, including the token obtained from the Customer Vault API.