Receiving and managing recurring online payments

Recurring payments (also called subscription payments) are an integral part of managing subscriptions of services and, in some cases, also of companies’ supply process of goods shipped periodically to customers. Theoretically, businesses could handle the same collection needs with a single charge for each payment, however from a practical point of view, the risk of not finalising the collection would be very high and the process burdensome for the buyer as well.

A recurring payment means a payment repeated periodically, after an agreement between merchant and buyer, like for example, in the case of subscription-based services (e.g. pay TV, streaming platforms, telephone operators, publishing, etc.). The process of this collection formula involves a number of steps:

• Agreement between the parties
  In this pre-collection phase, the buyer or user authorises the merchant to make recurring debits by means of a mandate, agreeing on the amount of the individual payments, the frequency, the end date (if applicable) and the payment method (card, direct debit or other method).
• Setting up debits
  Via the platform of the PSP (Payment Service Provider), the debit series is set up according to the chosen payment method.
• Recurring debits
  Charges, which may cover a predefined period of time or an indefinite period, are sent automatically according to what was agreed between the parties.

As mentioned above, there are several recurring debit methods, the most common being credit card or SDD (SEPA Direct Debit), also called direct debit.

In both cases, there are more than one advantage for merchant and buyer. In fact, they:

• allow businesses to schedule payments with a predetermined recurrence;
• do not require the presence of the payer and consent for each debit;
• allow for an automatic execution, with therefore no risk of incorrect entry of buyer data after the set-up (e.g. card number or beneficiary's bank details).

However, there are also some weaknesses to this form of collection:

• the payment is deferred, i.e. without the presence of the payer at the time of the debit, therefore not guaranteeing sufficient funds on the payment method (card or current account) at that time;
• the buyer may not remember having given the merchant a mandate, resulting in the debit being cancelled;
• in the event that the payment method is no longer valid (e.g. in the case of a blocked card or a closed current account), the payer needs to remember to communicate in due time the details of an alternative payment method on which to debit.

Also, we need to take into account the different procedures for revoking payments and rejecting charges depending on the method used. In the case of SDDs, for example, the regulations grant re-credit requests of buyer’s debits even after longer periods of time, whereas in the case of cards, the procedures are similar to those for single payment disputes.

Type of recurring payments: by card or SDD

Recurring payments by card and SDD are very similar, however there are some substantial differences that may make one or the other solution more appropriate to someone's needs. Let’s look at the main features of the two recurring debit systems, with a focus on information of interest to businesses.

Recurring card payments

Recurring card payments are to all intents and purposes card payments made without the presence of the cardholder at the time of the debit. Therefore, the merchant must request the card data in the authorisation phase to proceed with automatic debits and set up recurring payments.

Businesses may save the card data on their own servers, complying with the requirements of particularly onerous PCI DSS certifications for the protection of card security data, or they have the opportunity to request the activation of tokenization services from their PSP. You can refer to our article on the topic if you would like to find out more about the advantages of introducing network tokens in your payment infrastructure.

However, the integration of a tokenization service, whether developed by the PSP or by the major circuits such as Visa and MasterCard, is essential in order to easily and cost-effectively manage recurring payments of an Ecommerce. Moreover, recurring payments fall under the Strong Customer Authentication (SCA) exemptions, so they do not require the two-factor authentication introduced by PSD2 for online payments.

SDD Direct Debit payments

The SEPA Direct Debit is established by means of a mandate, whereby the paying customer (in the scheme known as the debtor), gives authorisation (via signature of the mandate) to the company from which the good or service has been requested (in the scheme known as the creditor) to be able to withdraw the agreed sum directly from their current account.

The authorisation will thus highlight the economic terms of the relation, which may be either established as a one-off payment or as a series of recurring payments in which the amount may be either fixed or variable.

The mandate – which began as a simple paper document – has now been available in digital form through Advanced Electronic Signature systems and can also be stipulated in a precise electronic format.

These types of digital (or electronic) contracts are increasingly popular due to their convenience for both the debtor (who does not have to print, sign and send a document to the invoice issuer) and the creditor (who can thus more easily automate, benefit from the convenience and effectiveness of so-called electronic storage). A popularity intensified by the more widespread deployment of online banking (with standard practices now recognised in the industry in general, and specifically applied in the SEPA area).