Stored Credential
What Is a Stored Credential? Definition and How It Works
Definition
A stored credential is a payment instrument, card number, network token, or wallet reference, saved by a merchant or payment provider with the cardholder's explicit consent for use in future merchant-initiated transactions, subject to card scheme rules on setup, usage, and data handling.
How it works
A stored credential is created during a Customer-Initiated Transaction (CIT) where the cardholder explicitly agrees to have their payment details retained for future charges. The credential may be a raw Primary Account Number (PAN), a gateway token, or a network token (preferred, as network tokens update automatically on card reissue). From the cardholder's perspective, stored credentials power one-click checkout, subscriptions, and saved payment methods in their account.
Card scheme rules place specific obligations on merchants using stored credentials. At the point of storage the merchant must obtain explicit cardholder consent, disclose how the credential will be used (recurring, instalment, or on-demand charging), and store a reference to the original authorisation (the Stored Credential Framework transaction identifier). This reference must be included in all subsequent Merchant-Initiated Transactions (MITs) using that credential.
Stored credentials must be maintained securely. PAN storage requires PCI DSS Level 1 compliance. Network tokens (issued by the card scheme via the card scheme's tokenisation service) are the preferred alternative: they replace the PAN with a scheme-issued token that remains valid even if the underlying card is replaced or reissued, and they can be updated automatically via the account updater service without the cardholder needing to re-enter details.
Stored credentials become invalid in several situations: the cardholder cancels the agreement, the underlying card expires and no account updater is in place, the issuer declines the credential and marks it as not to be retried, or the merchant's PCI certification lapses. Merchants must have processes to identify and remove invalid stored credentials and to handle re-authorisation with the cardholder when credentials are invalidated.
Why it matters
Network-tokenised stored credentials update automatically on card reissue, reducing involuntary churn from expired card declines, a significant revenue retention mechanism for subscription businesses. Storing raw PANs requires full PCI DSS compliance; network tokens eliminate PAN storage and the associated compliance overhead. Stored credential agreements must be documented at the CIT stage; missing consent documentation is the primary vulnerability in a cardholder dispute over an MIT charge. Without account updater, stored PANs become invalid when the physical card is replaced; the associated decline rate on subscription renewals can be 5-15% for mature card-on-file portfolios. Invalid or unused stored credentials represent both a compliance risk and a data liability; merchants should implement credential expiry and periodic cardholder re-confirmation processes.
With PXP
PXP stores payment credentials as network tokens through its Token Vault by default, eliminating PAN storage and providing automatic credential refresh to maintain stored card relationships. PXP's stored credential management handles the scheme data requirements for MIT transaction flows including original transaction references.
Frequently asked questions
What is the difference between a gateway token and a network token for stored credentials?
A gateway token is issued by the payment provider or gateway to represent a card within their system, it only works with that specific provider. A network token is issued by the card scheme (Visa or Mastercard) and is portable: it represents the card at the scheme level, remains valid across card renewals, and can be used with any acquirer that supports network tokenisation. Network tokens are the preferred stored credential format because they update automatically on reissue and qualify for lower interchange rates in some categories.
How long can a merchant retain a stored credential?
Card scheme rules do not specify a maximum retention period, but stored credentials must be maintained only as long as the cardholder's consent remains valid, i.e., as long as the billing relationship or saved card agreement is active. When a subscription is cancelled, the stored credential agreement is terminated and the credential should be invalidated. Merchants should also implement inactivity expiry: credentials not used for 12-18 months should be purged or require cardholder re-confirmation, reducing both compliance risk and data exposure.
What happens if a cardholder disputes a charge made against a stored credential?
If a cardholder claims they did not authorise an MIT charge against a stored credential, the merchant must provide: the original CIT consent record showing the cardholder agreed to stored credential use; the disclosure of billing terms at the time of consent; the transaction history showing prior MIT charges; and any notifications sent to the cardholder before the disputed charge. Strong consent documentation at setup is the primary defence. Chargebacks for stored credential MITs are often upheld if the merchant cannot demonstrate clear consent at the initial CIT.
Can stored credentials be transferred between payment providers?
Transferring stored credentials when switching payment providers depends on the credential type. Raw PANs can be transferred via a PCI-compliant migration process between providers. Gateway tokens are provider-specific and cannot be transferred, migration requires re-tokenisation or cardholder re-authorisation. Network tokens can be migrated between acquirers that support the same scheme tokenisation framework without requiring cardholder re-entry. Merchants planning a payment provider migration should assess their stored credential type and migration complexity before committing to a new provider.
Revolutionize your business with PXP
Take complete control of your commerce and payments with one platform.
Get Started