On the initial cardholder-present transaction (CIT), include the stored credential usage indicator set to initial and the agreement type (recurring, installment, or unscheduled) in your payment request; capture the network transaction ID returned in the authorization response.
Store the network transaction ID alongside the customer's payment method token in your vault — this reference is mandatory for subsequent MIT authorizations.
For each subsequent MIT (off-session, no cardholder present), include the stored credential usage indicator set to subsequent, reference the original network transaction ID, and specify the same agreement type used at enrollment.
Set the off_session flag and confirm: true in Stripe's PaymentIntent or equivalent fields in your processor's API to signal that the cardholder is not present for this transaction.
Handle soft declines (e.g., authentication required): for MITs, issuers should not request 3DS; if you receive an authentication_required decline, review whether the initial CIT included proper SCA and stored credential framing.
Retain the network transaction ID chain for every renewed MIT — some processors require the most recent successful MIT network ID, not the original enrollment ID.
Known gotchas
Omitting the network transaction ID on subsequent MITs causes issuers to treat the transaction as a new CIT, triggering SCA challenges and higher decline rates.
The agreement type set during enrollment (recurring vs. unscheduled) must remain consistent on all subsequent MITs — switching types invalidates the stored credential chain.
MIT liability shift only applies when the stored credential framework is correctly implemented; incorrectly flagged MITs may result in fraud disputes where liability remains with the merchant.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp