**Last updated**: 14 November 2025 | [**Change log**](/products/payments/changelog/)

# Use a stored card

Enterprise

SMB (Worldpay eCommerce)

Use a previously stored card to send a [`payments`](/products/payments/openapi/) request. This is for Customer Initiated Transactions (CIT) only.

Additionally, to collect the CVC value, use the Checkout SDK to create a `cvc session` and maintain a low PCI burden.

The request must contain:


```JSON
"customerAgreement": {
    "type": "cardOnFile",  // used to indicate the customer has agreed to storing their card (CIT)
    "storedCardUsage": "subsequent" // subsequent payment 
}
```

If [PSD2/SCA or other regional mandates apply](/products/3ds-sca-exemptions#when-sca-applies) you should follow the steps for [enabling 3DS](/products/payments/enable-features/3ds-authentication)

## 1. Integration type

Use a `Worldpay Token` or `Network Token` and optionally provide the `CVC` in the API or use our PCI-compliant Checkout SDK to create a `cvc session`.

br
API only
## 2. Basic request

Worldpay token
Network token
Network Token Creation
Please note its not yet possible to create a Network Token as part of the Payments API flow. You can create a network token using a separate request to the [ Tokens API](/products/tokens/create-a-network-token).

Automatic Cryptogram & Eci Provisioning
If the `cryptogram` and `eci` are not provided the Payments API will automatically attempt to provision them. This will only be successful for Network Tokens created via Worldpay. For Network Tokens created via other gateways you must provide these.

Checkout SDK
Use the previously stored card and also use our Checkout SDK to create a `cvc session` to collect the CVC value.

## 2.  Add the SDK & create a CVC session

Web SDK
Add JavaScript to your checkout


Android SDK
Set up your Android application

iOS SDK
Set up your iOS application

React Native SDK
Set up your React Native application

### Add the cvc session to the payment request

This includes the `Worldpay token` href and the `Checkout CVC session` href.

View the full API Request schema
## 3. Add additional features

In most cases you will need to add some additional features such as 3DS, auto settlement or a risk assessment

3DS Authentication
Perform 3DS authentication for liability shift and/or SCA compliance. An issuer based risk assessment with identity check.
Enterprise
Worldpay eCommerce

SCA Exemptions
Ask for an SCA Exemption to be applied automatically.
Enterprise

Risk Assessment
We assess the payment for fraud before proceeding with authorization.
Enterprise
Worldpay eCommerce

Auto Settlement
Automatically settle a payment following the authorization.
Enterprise
Worldpay eCommerce

Account Funding Transactions (AFT)
Transfer funds from a card account to another destination, rather than for the provision of goods or services.
Enterprise

Financial Service (MCC 6012/6051)
For domestic Financial Services providers (MCC 6012) based in the Visa Europe Region, you must supply this additional data.
Enterprise

Latin America Installments
Fulfill a one-time installment charge, to allow the customer's acquirer bank collecting the payments over time.
Enterprise

Payment Facilitator
Facilitate transactions on behalf of your sub-merchants.
Enterprise

MOTO transactions
Take Mail Order/ Telephone Orders on behalf of your customers.
Enterprise
Worldpay eCommerce

Account Updater
Automatically update card details to prevent declines due to expired or changed cards.
Enterprise

Pay via AI Agent (Delegate session)
OpenAI's instant checkout using Agentic Commerce Protocol (ACP)
Enterprise
Preview

## 4. Response

Features that change the API flow
Certain features add additional requests and responses:

- [3DS](/products/payments/enable-features/3ds-authentication) - you will receive a `201` - `3dsDeviceDataRequired` as well as the possibility of an issuer challenge
- [FraudSight](/products/payments/enable-features/fraud-assessment) - you may receive a `201` - `fraudHighRisk` outcome, stopping the payment
- [Auto Settlement](/products/payments/enable-features/auto-settlement) - automatic `202` - `sentForSettlement` following authorization.
  - If any of the AVS/CVC response riskFactors are marked as `notMatched` the payment will be `sentForCancellation` automatically by default but can be disabled.


View the full API Response schema
## Sequence diagram

Subsequent CIT
Using a previously stored card to make a payment


```mermaid

sequenceDiagram
    participant Browser
    participant Merchant_Frontend as Merchant Frontend
    participant Merchant_Backend as Merchant Backend
    participant Payments_API as Payments API
    participant Issuers
    Browser->>Merchant_Frontend: Click Pay
    Merchant_Frontend->>Merchant_Backend: Pay 
    Merchant_Backend->>Payments_API: Payment request
    Note over Merchant_Backend,Payments_API: Set customerAgreement <br> type: cardOnFile <br> storedCardUsage: subsequent
    Note over Merchant_Backend,Payments_API: Use Network Token <br> or Worldpay Token
    Payments_API->>Issuer: Authorization Request
    Note over Issuer: payment authorized
    Issuer->>Payments_API: Authorization Response
    Payments_API->>Merchant_Backend: Payment response
    Merchant_Backend->>Payments_API: Settlement request
    Payments_API->>Merchant_Backend: Settlement response
    Merchant_Backend->>Merchant_Frontend: Transaction complete
    Note left of Merchant_Frontend: Order receipt page
```