# Changes for transactions without customer presence

## What happened?

A directive, introduced by the major card schemes, requires merchants to submit a so called transaction identifier. This transaction identifier is used to track cards and transactions done with these cards, in order to battle fraud and other malicious transactions.

For most merchants, Saferpay does keep track of this Identifier for you, However for [initial transactions](https://docs.saferpay.com/home/news-and-important-changes/pages/-Me5Oh-kUKtbpqeuAJfM#1.-initial-transaction) and [card aliases](/home/master/common-saferpay-terms-glossary.md#card-alias) created before November 2019, this transaction identifier could either be invalid, or non-existent, which could lead to rejections, should Merchant Initiated Transactions (MITs), like [Recurring Payments](/home/integration-guide/licences-and-interfaces/transaction-interface/recurring-payments.md), be attempted.

This chapter aims to help merchants with this issue and guide them towards a compliant solution.

{% hint style="info" %}
This change does not impact normal customer initiated E-Commerce transactions, done with [3D Secure](/home/integration-guide/general-information/3d-secure.md).

It only applies to certain Merchant Initiated Transactions, [initial Customer Initiated Transactions](https://docs.saferpay.com/home/news-and-important-changes/pages/-Me5Oh-kUKtbpqeuAJfM#1.-initial-transaction) and [card aliases](/home/master/common-saferpay-terms-glossary.md#card-alias), created before November 2019.

If you do not do MITs/Recurring transactions, this change does not apply to you.
{% endhint %}

## What to do?

The following steps may be required, in order to stay compliant, depending on your integration.

### 1. For [fully PCI certified merchants](/home/integration-guide/general-information/data-security-and-pci-dss.md) using [JSON API AuthorizeDirect](https://saferpay.github.io/jsonapi/#Payment_v1_Transaction_AuthorizeDirect) with plain card data to perform “merchant initiated transactions” (MITs):

* Use `Authentication.IssuerReference` containing the transaction identifier from the Saferpay transaction response (See `Payment.IssuerReference)` message to make sub-sequent recurring or unscheduled transactions.

{% hint style="warning" %}
**Important:** Upgrade to the latest JSON API Spec. version (or at least to 1.16 \[1.21+ recommended]) is required.

Please [consider this chapter](/home/integration-guide/general-information/versioning.md) for critical changes within the Saferpay Payment API, if you need to do an upgrade.
{% endhint %}

### 2. For merchants using [AliasId](/home/master/common-saferpay-terms-glossary.md#card-alias) to perform [sub-sequent MITs via Authorize Direct](/home/integration-guide/licences-and-interfaces/transaction-interface/recurring-payments.md#recurring-payments-using-an-alias):

* **Existing Aliases:** continue until the [1st soft-decline (PAYER\_AUTHENTICATION\_REQUIRED)](/home/integration-guide/general-information/psd2.md#non-compliance) is received or card renewal is required. Then continue with the next step, "New Aliases".
* **New Aliases:** Always register new Aliases forcing [Strong Consumer Authentication](/home/integration-guide/general-information/psd2.md#when-and-how-to-force-sca).

{% hint style="warning" %}
**Important:** Upgrade to the latest JSON API Spec. version (or at least to 1.16 \[1.21+ recommended]) is required.

Please [consider this chapter](/home/integration-guide/general-information/versioning.md) for critical changes within the Saferpay Payment API, if you need to do an upgrade.
{% endhint %}

{% hint style="warning" %}
Strong Consumer Authentication (SCA) **is mandatory** for merchants inside [the PSD2 zone](/home/integration-guide/general-information/psd2.md) / European Economic Area (EEA), when performing MITs.

**For merchants outside of PSD2/the EEA, SCA is strongly recommended, as these transactions are more secure and also cheaper for the merchant!**

“No authentication”-fee and non-compliant MIT-penalties are also applicable for payments outside PSD2.
{% endhint %}

### 3. For merchants using [AuthorizeReferenced](https://saferpay.github.io/jsonapi/#Payment_v1_Transaction_AuthorizeReferenced) without initial SCA or if initial 3DS transaction was done before Nov. 2019

* Continue until the [1st soft-decline (PAYER\_AUTHENTICATION\_REQUIRED)](/home/integration-guide/general-information/psd2.md#non-compliance) is received or card renewal is required. Then submit a new initial transaction according to recommendation below:
* Submit a new initial transaction with [Strong Consumer Authentication](/home/integration-guide/general-information/psd2.md#when-and-how-to-force-sca) and re-start the recurring sequence. See [Recurring Payments with the Referenced Transactions Method](/home/integration-guide/licences-and-interfaces/transaction-interface/recurring-payments.md#recurring-payments-with-the-referenced-transactions-method).

{% hint style="warning" %}
**Important:** Upgrade to the latest JSON API Spec. version (or at least to 1.16 \[1.21+ recommended]) is required.

Please [consider this chapter](/home/integration-guide/general-information/versioning.md) for critical changes within the Saferpay Payment API, if you need to do an upgrade.
{% endhint %}

{% hint style="warning" %}
Strong Consumer Authentication (SCA) **is mandatory** for merchants inside [the PSD2 zone](/home/integration-guide/general-information/psd2.md) / European Economic Area (EEA), when performing MITs.

**For merchants outside of PSD2/the EEA, SCA is strongly recommended, as these transactions are more secure and also cheaper for the merchant!**

“No authentication”-fee and non-compliant MIT-penalties are also applicable for payments outside PSD2.
{% endhint %}

### 4. Inside the [Saferpay Backoffice](/home/interfaces/backoffice/transactions/journal-details.md#authorization)

Only use authorizations or Aliases created with Strong Consumer Authentication from which to initiate unscheduled MITs.

{% hint style="warning" %}
Strong Consumer Authentication (SCA) **is mandatory** for merchants inside [the PSD2 zone](/home/integration-guide/general-information/psd2.md) / European Economic Area (EEA), when performing MITs.

**For merchants outside of PSD2/the EEA, SCA is strongly recommended, as these transactions are more secure and also cheaper for the merchant!**

“No authentication”-fee and non-compliant MIT-penalties are also applicable for payments outside PSD2.
{% endhint %}

{% hint style="warning" %}
Moto transactions must always be performed via dedicated [Moto terminals](/home/master/common-saferpay-terms-glossary.md#mail-phone-order-moto-terminal). **Do not use** [**e-com terminals**](/home/master/common-saferpay-terms-glossary.md#e-commerce-terminal)**!**
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.saferpay.com/home/news-and-important-changes/changes-for-transactions-without-customer-presence.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.