When we collect credit card data to be stored with the payment service provider (e.g. Braintree), as required by industry regulation, we need to display some "terms of agreement" stating clearly that the supplied payment method will be used afterwards to pay for services, upon offline payment transactions initiated by the system on behalf of the API provider (MIT - Merchant-Initiated Transactions). This agreement is also known as "mandate" between service provider (the 3scale tenant) and consumer (the cardholder).

At a minimum, the terms should cover the following:

• The cardholder’s permission to the system initiating a payment or a series of payments on their behalf
• The anticipated frequency of payments (i.e., recurring, monthly)
• How the payment amount will be determined

We should perhaps check with our legal department the exact wordings of the term to be displayed. As examples, the PSPs usually provide options, e.g.

• https://stripe.com/docs/strong-customer-authentication/faqs
• https://www.braintreepayments.com/es/resources/psd2-strong-customer-authentication-explained
   

Action: Update legal agreement