Managing Risk in Recurring Payment Plans

Managing Risk in Recurring Payment Plans


We have previously written in detail about how recurring payment plans work, so this post will not deal with the specifics of how to set one up or how to process each payment. Rather, it will offer suggestions on how to identify and manage the risks associated with recurring payments.


Once you have set up a recurring payment plan, consider implementing the following procedures:

  • When processing a recurring payment:
    • Always notify your customers before charging his or her card. Send the notice at least 10 days in advance. In the notification include the amount to be charged to the account and, if applicable, alert the cardholder if the transaction amount exceeds the pre-authorized range.
    • Save the card’s expiration date on file and include in all authorization requests.
    • Always use the Address Verification Service (AVS).
    • Identify all recurring transactions as such by using the Recurring Payment Indicator. Recurring Payment Indicator is used to identify recurring transactions within authorization and settlement messages in card-not-present environment. The Recurring Payment Indicator is required in all authorization and clearing records. Recurring transactions are typically lower risk than single transactions and should be approved, provided the account is in good standing.
    • Never store card security codes. Card security codes are the three-digit numbers found in the signature panels on the back of Visa, MasterCard and Discover cards and the four-digit numbers found slightly above and to the right of the account numbers of American Express cards. The Credit Card Companies and Associations strictly prohibit the storage of card security codes and may impose substantial fines on offenders.
  • Store all cardholder information in a secure manner. Your organization must be compliant with the requirements of the Payment Card Security Data Security Standard (PCI DSS).
  • Only use your customers’ account information for the payment for products and services. The account information should not be used for age verification or for any purpose other than payment.
  • Keep customer logs and quickly follow-up on customer complaints. A special emphasis should be given to complaints relating to transaction amounts or to failure to notify customers in advance of a recurring transaction that exceeds the pre-authorized amount range. Address each complaint immediately.
  • Immediately honor a cancellation request. Once you receive a cancellation request, you should immediately cancel the recurring plan and issue a credit, if applicable. Notify your customer that his or her request has been fulfilled and the payment plan has been stopped. Be advised that, in the event of a chargeback resulting from an unfulfilled cancellation request, the cardholder does not have to prove that such a request has been made. By industry regulations, the customer only needs to verbally cancel a recurring plan.
  • Use the Associations’ account updating tools. As recurring plans can last a long time, the card you have on file for your customer may expire or the account may be closed or the card number replaced. MasterCard Automatic Billing Updater and Visa Account Updater are services designed for merchants processing recurring and installment transactions. These services verify that on-file information, including account number and expiration date, is correct, ensuring uninterrupted payments.


As with other credit card processing procedures, using common sense in managing risks associated with recurring payments is your most powerful tool. Keep your customers updated by email on the status of their payment plan. Ask customers for an alternative payment method if a transaction using the card on file does not go through.


Image credit: Financeguidetips.com.

Add Comment

Read more:
Processing Procedures for Online Gambling Transactions
Processing Procedures for Online Gambling Transactions

Close