Merchant Initiated Transactions (MITs): Steps, Types & Compliance
Understanding the ins and outs of merchant-initiated transactions (MITs) is crucial for businesses of all sizes in today’s digital economy. These transactions, which include installment payments, recurring payments, and subscription services, are foundational to sustaining cash flows and fostering long-term customer relationships.
However, navigating the categorization and management of MITs, while ensuring compliance and security, poses a significant challenge for many businesses. Properly handling MITs not only enhances the payment experience for customers but also fortifies a business’s payment history and reauthorization strategies, making it essential knowledge in the arsenal of any commerce operation.
⚡ Key Takeaways
Merchant Initiated Transactions (MITs) Overview
A merchant-initiated transaction (MIT) is defined as a card payment executed by a merchant without active involvement from the customer, following a prior agreement known as a customer-initiated transaction (CIT) [1] .
This type of transaction is crucial for businesses as it supports various payment models, including subscriptions and installment payments, which are vital for maintaining consistent revenue streams.
One of the primary characteristics of MITs is their exemption from Strong Customer Authentication (SCA) under the Revised Payment Services Directive (PSD2) in Europe and the UK, provided certain conditions are met. For an MIT to be considered out of scope for SCA, the initial CIT must have undergone 3D Secure 2 payment authentication, marked by a Challenge Mandated flag, and all subsequent transactions must include correct credential on file (COF) data [2] .
This setup reduces friction during the payment process by eliminating the need for further customer authentication.
MITs can be categorized into different types based on their transaction structure:
- Recurring: Transactions occur at a fixed amount but without a fixed duration, continuing until the customer opts to cancel.
- Installments: Payments are made in fixed amounts over a specified period, after which no further charges are processed.
- One-off: These are unscheduled transactions made when certain agreed conditions are met, such as a “top-up” [2] .
For merchants, the advantage of MITs lies in their lower risk profile compared to CITs. Since these transactions are pre-agreed and often recurring, they tend to have a reduced risk of chargebacks and fraud [3] .
Moreover, merchants are required to ensure that all MITs are agreed upon in advance with the customer, specifying the type and frequency of payments, which builds a foundation of trust and reliability essential for successful recurring business models [2] .
Steps to Properly Categorize MITs
Step 1: Assess Customer Agreement
To ensure the proper categorization of Merchant Initiated Transactions (MITs), the first step involves confirming that a clear agreement exists between the merchant and the customer.
This agreement must outline the nature of the transaction, whether it is a subscription or an installment plan, and must be secured during the initial customer-initiated transaction (CIT). This foundational agreement is crucial as it sets the parameters for subsequent MITs, ensuring they are executed with the customer’s prior consent and understanding [4] .
Step 2: Identify Payment Patterns
Next, merchants need to identify and document the payment patterns associated with each MIT. This includes recognizing whether the transactions are recurring, such as monthly subscription fees, or one-off payments triggered by specific conditions.
Proper identification helps in applying the correct categorization tags, which are essential for maintaining accurate payment records and facilitating smooth transaction processing [5] .
Step 3: Use Correct Payment Tagging
Finally, applying the correct payment tagging is vital. For instance, transactions that occur regularly should be tagged as ‘recurring,’ whereas those that happen once based on pre-agreed conditions should be labeled as ‘one-off.’ This step is critical in ensuring that the payment gateway processes each transaction correctly and that they are reflected accurately in the merchant’s and customer’s records.
Payment tagging not only helps in organizing transaction data but also aids in resolving disputes and handling chargebacks efficiently [6] .
Different Types of MITs
Merchant Initiated Transactions (MITs) encompass a range of payment structures that cater to various business models, enhancing flexibility for both merchants and customers. Here, we explore the common types of MITs, each designed to suit specific transactional needs.
1. Recurring Transactions
Recurring transactions are used primarily for subscription services where the payment amount and frequency are predetermined. This arrangement is typical in scenarios such as digital service subscriptions, where the initial transaction requires two-factor authentication, followed by subsequent payments that occur at agreed intervals without further customer interaction [7] .
2. Installment Payments
Installment payments facilitate the purchase of higher-priced items by spreading the cost over a period. This type of MIT is evident in services like “buy now, pay later” where customers agree to make payments over a set timeframe, thereby making large purchases more manageable [7] .
3. Prepayments
Prepayments involve customers authorizing transactions in advance to cover expected charges, such as rent or subscription fees. This proactive payment approach ensures services are paid for before the due date, securing revenue for merchants and convenience for customers [8] .
4. Deferred Transaction Charges
Deferred transaction charges apply to scenarios where payment is delayed until after the service is provided. This might include hotel services like minibar charges, which are billed after the customer’s stay. Deferred charges allow for post-use billing, aligning payment with service consumption [8] .
5. Post Payments
Post payments, or penalty charges, are another form of MIT where charges are incurred as penalties for actions like no-shows at reservations. These are predetermined in the service agreement and executed based on specific conditions being met, such as failing to cancel a booking within the agreed timeframe [8] .
Each type of MIT offers distinct advantages and caters to different aspects of customer and merchant needs, ensuring flexibility and security in transactional relationships.
Ensuring Compliance and Security
To ensure compliance and security in merchant-initiated transactions (MITs), businesses must adhere to stringent protocols, including Strong Customer Authentication (SCA), management of Credential on File Data, and robust Fraud Management Practices.
These measures are essential to safeguard transactions and minimize the risk of fraud.
1. Strong Customer Authentication (SCA)
SCA is a regulatory requirement aimed at increasing the security of electronic payments. For MITs, it’s crucial to identify transactions correctly as Credential on File Transactions and ensure they carry the correct exemption flagging. This allows the card issuer to recognize that the customer isn’t physically present, thus not requiring the cardholder to authenticate themselves [9] .
SCA involves using at least two authentication elements, which could be something the customer knows, possesses, or is inherent to them, such as a fingerprint 9. Ensuring these measures are in place helps in reducing fraud and securing online and contactless payments.
2. Credential on File Data
Handling stored credentials appropriately is vital for compliance and security. Merchants must obtain explicit consent from cardholders to store their credentials and must perform SCA during the initial storage [10] .
It’s also important to use appropriate data values to identify the storage and subsequent usage of these credentials. Informing the account issuer that payment credentials are stored on file is a mandatory step, which includes processing an initial payment or a $0 account verification to confirm the storage.
3. Fraud Management Practices
Implementing advanced fraud detection systems is crucial. These systems should include features like CAPTCHA controls to prevent automated transaction initiation by bots, web application firewalls (WAF) for comprehensive botnet protection, and fraud detection systems capable of device fingerprinting and proxy piercing.
Additionally, employing 3-D Secure authentication provides an extra layer of security by requiring a verification step before completing the transaction [11]. Monitoring and blocking excessive failed authentication attempts and setting up alerts for suspicious activities are also effective strategies to enhance security.
By integrating these practices, businesses can significantly enhance the security framework around MITs, ensuring that transactions are not only compliant but also secure from various cyber threats.
References
[1] – Globalpay – Merchant-Initiated Transactions. https://developer.globalpay.com/docs/MIT[2] – Globalpay – Start testing payments so you can go live with your integration. https://developer.globalpay.com/ecommerce/getting-started
[3] – NCPI – Merchant initiated transactions for merchant payments https://www.npci.org.in/PDF/npci/imps/circular/2013/IMPS-I-OC-16-I-FY-13-14-I-Immediate-Payment-System-(IMPS)-Merchant-Payments-Alternative-FlowI-Annexure.pdf
[4] – MIT – Failed transaction Codes. https://vpf.mit.edu/failed-transaction-codes
[5] – Axerve – MasterCard requests changes to the payment pages, receipts and emails of merchants that offer recurring payments – https://docs.axerve.com/en/payments/recurring-payments/recurring-payments-mastercard-nom/
[6] – CCIANT – Joint Statement on the treatment of Merchant Initiated Transactions under the Payment Services Regulation – https://ccianet.org/wp-content/uploads/2024/02/Joint-Statement-on-MITs-under-the-PSR.pdf
[7] – CPAG – Research & Analysis Publication Acquiring Models – https://www.cgap.org/research/publication/acquiring-models
[8] – MasterCard – Transaction Processing Rules – https://www.mastercard.us/content/dam/public/mastercardcom/na/global-site/documents/transaction-processing-rules.pdf
[9] – Elvaon – Card brand changes: March 2022. https://www.elavon.co.uk/resource-center/news-and-insights/card-brand-changes-march-2022.html
[10] – Visa – Visa Merchant-Initiated Transaction (MIT) Service – https://usa.visa.com/content/dam/VCOM/regional/na/us/support-legal/documents/visa-network-mit-service-flier-accessible.pdf
[11] – Visa – Anti-Enumeration and Account Testing Best Practices for Merchants V1.2 – https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/anti-enumeration-and-account-testing-best-practices-merchant.pdf