Getting Started with Card-On-File Data Inquiry

About Card-On-File Data Inquiry.

Consumers are storing their card credentials at more online retailers and service providers, but often lack visibility into which merchants have their card information and where the card information needs to be updated, when the card is reissued.

Things to Know

A suite of technologies that bundles both new and existing Visa capabilities that allow a consumer to add, view and manage their Visa card through their Issuer’s online and mobile channels.

Transactions are either initiated by a consumer, or by a merchant based on the instructions given to them by the consumer. Based on those instructions, it is possible for a merchant to initiate a transaction without consumer action.

There are two classes of transactions:

  1. Consumer-Initiated Transactions (CIT):  A consumer-initiated transaction is a transaction where the consumer is present and provides their payment credentials. This can be through a terminal in-store, or online through a checkout experience. A consumer-initiated transaction contains proof that the cardholder was involved in the transaction. The proof may be through a number of different methods such as track data, chip data with cryptograms, cardholder verification methods, and online through the presence of Card Verification Value 2 (CVV2) or Verified by Visa (VBV) authentication data. The consumer-initiated transaction is the proof that the consumer and merchant entered into a relationship and that the payment credential presented was in fact a validly presented payment instrument.
  2. Merchant-Initiated Transactions (MIT): A merchant-initiated transaction is a transaction that relates to a previous consumer-initiated transaction, but it is conducted without the consumer present and without any additional cardholder validation performed. In all cases, a merchant-initiated transaction must refer to a consumer’s original interaction where a consumer and merchant have entered into an agreement for a recurring product or service or an automated billing or unscheduled transactions etc.
    There are many different kinds of merchant-initiated transactions. Examples include:

    Industry Specific Business Practices:
    • Reauthorization Transaction
    • Resubmission Transaction
    • Delayed Charges Transaction
    • Incremental Authorization Transaction
    • No Show Transaction

    Standing Instructions for the Initial Consumer Initiated Transaction

    • Installment Payment Transaction
    • Recurring Payment Transaction
    • Account Top Up Transaction
    • Unscheduled Stored Credential Transaction
    • Other Credential on File Transactions


The following table lists the regional availability for Card-On-File Data Inquiry. To view availability of all products, refer to the Availability Matrix.

North America Asia-Pacific Europe CEMEA LAC Notes
  • Available in entire region
  • Not available
  • See notes for available countries

Roles and Responsibilities

The following section outlines the roles and responsibilities for Visa and participating issuers regarding the API usage.


While Visa maintains sole discretion to offer and maintain the Visa Developer Platform, COF data API and all other products and services described herein, Visa presently intends to use reasonable efforts to—

  • Maintain the merchant information in its global merchant repository
  • Host Visa Developer Platform and maintain the sample code needed for the usage of COF data API on VDP
  • Review and maintain the services to comply with Visa global information security requirements and guidelines
  • Provide Level 2 and Level 3 operational support for the service


All participating issuers must—

  • Comply with applicable Terms of Use and participation agreements with Visa to participate in the service
  • Develop or enhance their mobile application and/or online banking portal and use the information provided by Visa to provide that data to their cardholders
  • Provide account-change (account number change, expiration date change, closed accounts etc.) information to VAU
  • Provide Level 1 Help desk support for clients (consumers / cardholders) that are using their mobile application and/or online banking portal
  • Ensure availability of the services within issuer host systems for the  interactions that requires issuers to send the request and receive the response from Visa

API Description

Data elements shared:

  • Input to Card-On-File Data API (From Issuers) : PAN
  • Output from Card-On-File Data API (To Issuers) : PAN, merchant name, # of transactions (on Visa) in last 13 months, VAU update flag, token requestor ID, last transaction date, last 4 digits of old PAN