• Home
  • Product
  • Retry
  • Connections
  • Pricing
  • Company

      Company

      Paymid Limited

      Paymid Limited

      229, Arch. Makarios III Avenue Meliza Court – CY-3105 Limassol-Cyprus

      selection

      Company

      Learn our story and what drives us to accelerate in the space of payments

      Blog

      Check out our latest blog posts that cover industry insights, updates and case studies

      Contact Us

      Get in touch with us to learn more about the technology, open positions or anything else

Get Started
Merchant Initiated Transactions (MITs): Steps, Types & ComplianceBlogMerchant Initiated Transactions (MITs): Steps, Types & Compliance

Merchant Initiated Transactions (MITs): Steps, Types & Compliance

July 22, 2024
Blog
7 min read
Featured Image

Understanding the ins and outs of merchant-initiated transactions (MITs) is crucial for businesses of all sizes in today’s digital economy. These transactions, which include installment payments, recurring payments, and subscription services, are foundational to sustaining cash flows and fostering long-term customer relationships.

However, navigating the categorization and management of MITs, while ensuring compliance and security, poses a significant challenge for many businesses. Properly handling MITs not only enhances the payment experience for customers but also fortifies a business’s payment history and reauthorization strategies, making it essential knowledge in the arsenal of any commerce operation.

⚡ Key Takeaways

  • Merchant-initiated transactions (MITs) are essential for maintaining steady cash flows and fostering long-term customer relationships, supporting various payment models like subscriptions and installment payments.
  • Proper categorization and management of MITs, ensuring compliance with regulations like Strong Customer Authentication (SCA), are crucial for enhancing the payment experience, securing transactions, and building trust.
  • MITs include recurring transactions, installment payments, prepayments, deferred transaction charges, and post payments, each catering to different business needs and offering distinct advantages.
  • Businesses must continuously learn and adapt to the evolving digital transaction landscape, keeping up with the latest developments in payment processing and cybersecurity to safeguard their interests and those of their customers.

Merchant Initiated Transactions (MITs) Overview

A merchant-initiated transaction (MIT) is defined as a card payment executed by a merchant without active involvement from the customer, following a prior agreement known as a customer-initiated transaction (CIT) [1] .

This type of transaction is crucial for businesses as it supports various payment models, including subscriptions and installment payments, which are vital for maintaining consistent revenue streams.

One of the primary characteristics of MITs is their exemption from Strong Customer Authentication (SCA) under the Revised Payment Services Directive (PSD2) in Europe and the UK, provided certain conditions are met. For an MIT to be considered out of scope for SCA, the initial CIT must have undergone 3D Secure 2 payment authentication, marked by a Challenge Mandated flag, and all subsequent transactions must include correct credential on file (COF) data [2] .

This setup reduces friction during the payment process by eliminating the need for further customer authentication.

MITs can be categorized into different types based on their transaction structure:

  • Recurring: Transactions occur at a fixed amount but without a fixed duration, continuing until the customer opts to cancel.
  • Installments: Payments are made in fixed amounts over a specified period, after which no further charges are processed.
  • One-off: These are unscheduled transactions made when certain agreed conditions are met, such as a “top-up” [2] .

For merchants, the advantage of MITs lies in their lower risk profile compared to CITs. Since these transactions are pre-agreed and often recurring, they tend to have a reduced risk of chargebacks and fraud [3] .

Moreover, merchants are required to ensure that all MITs are agreed upon in advance with the customer, specifying the type and frequency of payments, which builds a foundation of trust and reliability essential for successful recurring business models [2] .

Steps to Properly Categorize MITs

Step 1: Assess Customer Agreement

To ensure the proper categorization of Merchant Initiated Transactions (MITs), the first step involves confirming that a clear agreement exists between the merchant and the customer.

This agreement must outline the nature of the transaction, whether it is a subscription or an installment plan, and must be secured during the initial customer-initiated transaction (CIT). This foundational agreement is crucial as it sets the parameters for subsequent MITs, ensuring they are executed with the customer’s prior consent and understanding [4] .

Step 2: Identify Payment Patterns

Next, merchants need to identify and document the payment patterns associated with each MIT. This includes recognizing whether the transactions are recurring, such as monthly subscription fees, or one-off payments triggered by specific conditions.

Proper identification helps in applying the correct categorization tags, which are essential for maintaining accurate payment records and facilitating smooth transaction processing [5] .

Step 3: Use Correct Payment Tagging

Finally, applying the correct payment tagging is vital. For instance, transactions that occur regularly should be tagged as ‘recurring,’ whereas those that happen once based on pre-agreed conditions should be labeled as ‘one-off.’ This step is critical in ensuring that the payment gateway processes each transaction correctly and that they are reflected accurately in the merchant’s and customer’s records.

Payment tagging not only helps in organizing transaction data but also aids in resolving disputes and handling chargebacks efficiently [6] .

Different Types of MITs

Merchant Initiated Transactions (MITs) encompass a range of payment structures that cater to various business models, enhancing flexibility for both merchants and customers. Here, we explore the common types of MITs, each designed to suit specific transactional needs.

1. Recurring Transactions

Recurring transactions are used primarily for subscription services where the payment amount and frequency are predetermined. This arrangement is typical in scenarios such as digital service subscriptions, where the initial transaction requires two-factor authentication, followed by subsequent payments that occur at agreed intervals without further customer interaction [7] .

2. Installment Payments

Installment payments facilitate the purchase of higher-priced items by spreading the cost over a period. This type of MIT is evident in services like “buy now, pay later” where customers agree to make payments over a set timeframe, thereby making large purchases more manageable [7] .

3. Prepayments

Prepayments involve customers authorizing transactions in advance to cover expected charges, such as rent or subscription fees. This proactive payment approach ensures services are paid for before the due date, securing revenue for merchants and convenience for customers [8] .

4. Deferred Transaction Charges

Deferred transaction charges apply to scenarios where payment is delayed until after the service is provided. This might include hotel services like minibar charges, which are billed after the customer’s stay. Deferred charges allow for post-use billing, aligning payment with service consumption [8] .

5. Post Payments

Post payments, or penalty charges, are another form of MIT where charges are incurred as penalties for actions like no-shows at reservations. These are predetermined in the service agreement and executed based on specific conditions being met, such as failing to cancel a booking within the agreed timeframe [8] .

Each type of MIT offers distinct advantages and caters to different aspects of customer and merchant needs, ensuring flexibility and security in transactional relationships.

Ensuring Compliance and Security

To ensure compliance and security in merchant-initiated transactions (MITs), businesses must adhere to stringent protocols, including Strong Customer Authentication (SCA), management of Credential on File Data, and robust Fraud Management Practices.

These measures are essential to safeguard transactions and minimize the risk of fraud.

1. Strong Customer Authentication (SCA)

SCA is a regulatory requirement aimed at increasing the security of electronic payments. For MITs, it’s crucial to identify transactions correctly as Credential on File Transactions and ensure they carry the correct exemption flagging. This allows the card issuer to recognize that the customer isn’t physically present, thus not requiring the cardholder to authenticate themselves [9] .

SCA involves using at least two authentication elements, which could be something the customer knows, possesses, or is inherent to them, such as a fingerprint 9. Ensuring these measures are in place helps in reducing fraud and securing online and contactless payments.

2. Credential on File Data

Handling stored credentials appropriately is vital for compliance and security. Merchants must obtain explicit consent from cardholders to store their credentials and must perform SCA during the initial storage [10] .

It’s also important to use appropriate data values to identify the storage and subsequent usage of these credentials. Informing the account issuer that payment credentials are stored on file is a mandatory step, which includes processing an initial payment or a $0 account verification to confirm the storage.

3. Fraud Management Practices

Implementing advanced fraud detection systems is crucial. These systems should include features like CAPTCHA controls to prevent automated transaction initiation by bots, web application firewalls (WAF) for comprehensive botnet protection, and fraud detection systems capable of device fingerprinting and proxy piercing.

Additionally, employing 3-D Secure authentication provides an extra layer of security by requiring a verification step before completing the transaction [11]. Monitoring and blocking excessive failed authentication attempts and setting up alerts for suspicious activities are also effective strategies to enhance security.

By integrating these practices, businesses can significantly enhance the security framework around MITs, ensuring that transactions are not only compliant but also secure from various cyber threats.

References

[1] – Globalpay – Merchant-Initiated Transactions. https://developer.globalpay.com/docs/MIT
[2] – Globalpay – Start testing payments so you can go live with your integration. https://developer.globalpay.com/ecommerce/getting-started
[3] – NCPI – Merchant initiated transactions for merchant payments https://www.npci.org.in/PDF/npci/imps/circular/2013/IMPS-I-OC-16-I-FY-13-14-I-Immediate-Payment-System-(IMPS)-Merchant-Payments-Alternative-FlowI-Annexure.pdf
[4] – MIT – Failed transaction Codes. https://vpf.mit.edu/failed-transaction-codes
[5] – Axerve – MasterCard requests changes to the payment pages, receipts and emails of merchants that offer recurring payments – https://docs.axerve.com/en/payments/recurring-payments/recurring-payments-mastercard-nom/
[6] – CCIANT – Joint Statement on the treatment of Merchant Initiated Transactions under the Payment Services Regulation – https://ccianet.org/wp-content/uploads/2024/02/Joint-Statement-on-MITs-under-the-PSR.pdf
[7] – CPAG – Research & Analysis Publication Acquiring Models – https://www.cgap.org/research/publication/acquiring-models
[8] – MasterCard – Transaction Processing Rules – https://www.mastercard.us/content/dam/public/mastercardcom/na/global-site/documents/transaction-processing-rules.pdf
[9] – Elvaon – Card brand changes: March 2022. https://www.elavon.co.uk/resource-center/news-and-insights/card-brand-changes-march-2022.html
[10] – Visa – Visa Merchant-Initiated Transaction (MIT) Service – https://usa.visa.com/content/dam/VCOM/regional/na/us/support-legal/documents/visa-network-mit-service-flier-accessible.pdf
[11] – Visa – Anti-Enumeration and Account Testing Best Practices for Merchants V1.2 – https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/anti-enumeration-and-account-testing-best-practices-merchant.pdf

Spread the love

Matthew Starkey is a Financial Markets professional with over 25 years experience across Institutional markets, Margin Forex, CFDs and Crypto. Located in Sydney, Matt is a well experienced and valued partner in Paymid Limited.

You may also like

How To Integrate Embedded Payments Into Your Platform?

How to Make Your Initial Payment: A Step-by-Step Guide

How To Implement Multi-Channel Payments For Your Business?

Easy Ways to Accept Payments Online Without a Merchant Account

Leave a Reply

Your email address will not be published. Required fields are marked *

Borderless growth with Paymid

Get started

Connecting payments globally through our orchestration platform

Features

Company

Address

229, Arch. Makarios III Avenue Meliza Court – CY-3105 Limassol-Cyprus

Social

Linkedin X-twitter

Newsletter

Fuel Your Global Growth with Paymid

Unlock new markets and streamline payments with Paymid. One connection, limitless growth.

Copyright © 2024 Paymid Limited

Log in to your account