Configuring CloudBlue Commerce to Request Cardholder Consent to Store Payment Methods

To comply with requirements of global payment systems, you may need to request cardholder consent to store payment methods and also to configure CloudBlue Commerce to automatically delete payment methods for which no such consent has been obtained within a set period of time.

For New Payment Methods

Note: You can configure the capability to request cardholder consent only for payment methods which are used for tokenized payments. The capability is configured per payment system.

To configure CloudBlue Commerce to request cardholder consent to store payment methods:

  1. Go to PCP > Billing > System > Settings > Payment Processing.
  2. Click a payment system which is used for tokenized payments. Click Edit. In the Cardholder Consent for Storing Payment Credentials section, complete the fields:

    • Consent Required: To enable CloudBlue Commerce to request cardholder consent to store payment methods, select the check box.

      Note: The fields below are displayed only when Consent Required is selected.

    • Days Before Payment Method is Deleted: Enter how many days from the payment method creation cardholders will have to give their consent to ensure that their payment method is stored continuously. All payment methods of the payment system for which cardholder consent has not been provided will be deleted automatically.

    • Hyperlink to User Agreement: Enter a hyperlink to the relevant user agreement.

      Note: We recommend that you use different hyperlinks for different user agreement versions because CloudBlue Commerce does not support user agreement versioning.

    • Notification Schedule: Use the preselected Default schedule or go to System > Settings > System > Notifications > Schedules > Reminder About Payment Method Expiration Due to No Consent and configure your own notification schedule.

  3. Save the changes.

    Note: After you save the changes, a new field, Activation Date, appears in the payment system profile showing when automatic requests for cardholder consent were activated.

Now, to be stored continuously, all new payment methods of the selected tokenized type will require cardholder consent within the period of time defined by Days Before Payment Method is Deleted. Those payment methods for which no such consent has been obtained within the set period of time, will be deleted automatically.

For Existing Payment Methods

For payment methods which require cardholder consent to be stored continuously but which were created before the automatic procedure to request cardholder consent was configured (that is, payment methods created before Activation Date), use the following process to request consent:

  1. Go to Operations > More Operations > Payment Processing > Payment Methods. Search for payment methods for which you need to request cardholder consent. Export the list to Excel.

    Note: To find the necessary payment methods, you can filter the list by Creation Date, Payment System, Type, and Consent Status (which is Not Required by default for all existing payment methods). You can also search for the necessary payment methods by using Excel capabilities.

  2. For each of the payment methods which you found in the previous step, configure CloudBlue Commerce to request cardholder consent using the APS API method PUT (the fields are described below):
    • Set Consent Status to Not Provided (the consentStatus parameter of the API method).
    • Set Deletion Date to your preferred date (the deletionDate parameter of the API method).
    • Set Hyperlink to User Agreement to your preferred value (the agreementURL parameter of the API method).

  3. (outside CloudBlue Commerce) Configure email notifications to be sent to customers whose payment methods are affected.

    Note: To find the necessary contact email addresses, you can use the Company/Person ID field at Operations > More Operations > Payment Processing > Payment Methods.

    The email notifications must include:

    • A written request for cardholder consent for a payment method to be stored continuously.
    • A warning message saying that those payment methods for which no such consent is provided before Deletion Date, will be deleted from the system automatically.
    • Instructions for the cardholder to provide their consent in UX1.

Note: Alternatively, you can obtain cardholder consent from your customers outside CloudBlue Commerce and then, using the APS API methods PUT and DELETE, set Consent Status to Provided for all payment methods for which cardholder consent has been provided and delete those payment methods for which such consent has not been obtained. Also, you can set the values of Consent provided by and Consent Date (the whoAgreedId and consentDate parameters of the API method) for all payment methods for which cardholder consent has been provided.

All payment methods for which cardholder consent has been obtained before Deletion Date will be stored continuously. The other affected payment methods from the list, for which no cardholder consent has been provided, will be deleted automatically on the deletion date.

Payment System Profile Fields Depending On 'Consent Required'

Note: The information below is applicable only for payment systems which are used for tokenized payments.

To open a payment system profile, go to PCP > Billing > System > Settings > Payment Processing > click a payment system for tokenized payments.

The Cardholder Consent for Storing Payment Credentials section of the Payment System profile has different sets of fields depending on the Consent Required value.

Consent Required = Yes

The section Cardholder Consent for Storing Payment Credentials has these fields:

  • Consent Required: Yes
  • Activation Date: <the date on which automatic requests for cardholder consent were activated>
  • Days Before Payment Method is Deleted: <how many days the cardholder has to give their consent to ensure that their payment method is stored continuously>
  • Hyperlink to User Agreement: <a hyperlink to the relevant user agreement>
  • Notification Schedule: <Default or a custom notification schedule>

Consent Required = No

The section Cardholder Consent for Storing Payment Credentials has these fields:

  • Consent Required: No

Payment Method Profile Fields Depending On 'Consent Status'

Note: The information below is applicable only for payment methods which are used for tokenized payments.

To open a payment method profile, go to PCP > Billing > Operations > More Operations > Payment Processing > Payment Methods > click a payment method for tokenized payments.

The Cardholder Consent for Storing Payment Credentials section of the Payment Method profile has different sets of fields depending on the Consent Status value.

Consent Status = Not Required

The section Cardholder Consent for Storing Payment Credentials is not displayed.

Note: It is the default value of Consent Status for all payment methods created before the automatic procedure to request cardholder consent was configured (that is, before Activation Date). For configuration instructions, please see above.

Consent Status = Not Provided

The section Cardholder Consent for Storing Payment Credentials has these fields:

  • Consent Status: Not Provided
  • Deletion Date: <a deletion date>

Consent Status = Provided

The section Cardholder Consent for Storing Payment Credentials has these fields:

  • Consent Status: Provided
  • Consent Date: <the date on which cardholder consent was provided>
  • Hyperlink to User Agreement: <a hyperlink to User Agreement>
  • Consent provided by: <User ID and User Name of the person who provided cardholder consent>

Related Topics

© 2025 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.
I accept