# Cards

Cards are the most widely used payment method in Zotlo. This page explains supported card networks, 3D Secure behavior, card storage, and how card payments work across the [Merchant of Record (MoR)](https://docs.zotlo.com/welcome/merchant-of-record) and [Connected PSP models.](https://docs.zotlo.com/welcome/connect-your-psp)

## **Supported Card Networks**

Zotlo supports all major global card schemes:

* Visa
* Mastercard
* American Express
* Discover
* Diners Club
* JCB
* UnionPay

Card availability and acceptance depend on the issuing bank, region, and the billing model used (MoR or PSP).

## **Security & Tokenization**

Zotlo **never stores raw card data** such as full card numbers or CVV. All sensitive card information is handled and stored exclusively by **PCI DSS–compliant payment partners**.

Zotlo stores only **non-sensitive tokens** or payment method references returned by these partners. These tokens are used safely for:

* Subscription renewals
* One-click checkout
* Retry and dunning flows
* Future charges without re-entering card details

## **3D Secure (3DS)**

Zotlo supports **3D Secure (3DS)** for card authentication and fraud prevention.

* 3DS is automatically triggered when required by the card issuer.
* Frictionless flows may occur when the issuer approves them.
* In regions where additional authentication requirements apply (e.g., Europe/UK under SCA rules), 3DS is used to meet these requirements via our payment partners or your PSP.

Zotlo displays the 3DS UI when needed and continues the payment flow seamlessly after authentication.

## **Card Payments in MoR**

The behavior of card payments depends on whether you use [Zotlo’s MoR](https://docs.zotlo.com/welcome/merchant-of-record) or [your own PSP](https://docs.zotlo.com/welcome/connect-your-psp).

#### **Merchant of Record (MoR)**

* Card processing is handled by Zotlo’s authorized payment partners
* Tokens are returned by partners, Zotlo stores only non-sensitive identifiers
* 3DS and authentication flows are managed automatically
* Chargebacks, risk checks, and compliance are handled under the MoR framework
* Funds are paid out by Zotlo to the merchant

#### **Connected PSP**

* Card processing follows your PSP’s rules and capabilities
* Tokens are stored inside your PSP’s vault; Zotlo stores only the reference token
* 3DS and authentication behavior depend on your PSP’s configuration
* Chargebacks and compliance are handled by your PSP
* Funds settle directly into your PSP merchant account

## **When to Use Cards**

Cards are ideal when you need:

* Global coverage with a single integration
* Subscription billing with renewals
* One-click checkout using saved payment methods
* Robust retry logic to reduce failed payments

Cards offer the highest acceptance across apps, SaaS products, digital content, and memberships.