Subscriptions

Recurring billing for Software subscriptions.

Software subscriptions are the backbone of many modern businesses, demanding robust and reliable payment processing. Cardflo delivers a payment orchestration platform engineered to maximise recurring revenue, minimise churn, and provide the global payment capabilities necessary for scalable software-as-a-service (SaaS) operations.

Industry
Software subscriptions
Category
Subscriptions
Cardflo support
Yes
Apply now

The overview

Software subscriptions rely on the continuous validity of stored payment credentials to maintain service continuity and predictable revenue cycles.

In the payments stack, these transactions typically manifest as Merchant Initiated Transactions (MIT) following an initial Customer Initiated Transaction (CIT) where Strong Customer Authentication (SCA) was applied.

Sustaining high authorisation rates requires a specialised focus on lifecycle management, involving the coordination of acquirers, issuers, and card schemes to handle recurring billing events.

The complexity increases as software firms scale across borders, necessitating local acquiring to minimise cross-border fees and reduce the likelihood of declines triggered by geographic risk filters.

Effective management of this vertical involves orchestrating granular retry logic and leveraging scheme-level tools to update expired or replaced card details.

By decentralising the payment logic from the core application, firms can better manage the technical debt associated with maintaining diverse gateway integrations and regulatory compliance requirements.

How it works

  1. Initial Credential Store and Authentication

    The process commences when a customer submits card details during a checkout event. This transaction is typically subject to PSD2 requirements in relevant jurisdictions, necessitating a 3D Secure challenge.

    Once authorised, the card details are tokenised, and the resulting token is stored for subsequent recurring billing cycles as a Merchant Initiated Transaction.

  2. Scheduled Authorisation and Routing

    At the defined billing interval, the platform triggers an authorisation request using the stored token.

    Smart routing logic determines the optimal acquirer based on the Merchant Category Code, the cardholder's issuing bank location, and historical performance data to maximise the probability of a successful settlement while minimising interchange costs.

  3. Automated Decline Recovery Cycles

    If an authorisation fails due to a soft decline, such as insufficient funds or temporary technical issues, the system executes a pre-defined dunning and retry sequence.

    This utilizes specific response codes from the issuer to time subsequent attempts, avoiding unnecessary costs and protecting the merchant's reputation with card schemes.

  4. Lifecycle Management and Token Updates

    To prevent churn caused by card expiry or loss, the system interacts with card scheme account updater services.

    These services provide real-time updates for stored credentials, ensuring that the vaulted tokens remain valid and that the billing cycle continues without requiring manual intervention from the end subscriber.

Why it matters

Mitigating Involuntary Churn Events

Involuntary churn occurs when a legitimate subscriber loses access to software due to payment failure rather than an active cancellation. By implementing automated account updates and intelligent retry logic, software providers can preserve the customer relationship.

This is particularly critical for high-volume SaaS businesses where even a marginal reduction in failure rates leads to significant long-term gains in Life Time Value (LTV) and stable monthly recurring revenue.

Optimising Operational Cost Structures

Global software distribution often leads to high cross-border fees if transactions are routed through a single domestic acquirer. Establishing local acquiring relationships via a payment orchestration layer allows for the utilisation of local interchange rates and domestic scheme routing.

This reduces the spread between gross and net revenue, ensuring that international expansion does not disproportionately increase the cost of payment processing.

Regulatory notes

SCA and MIT Compliance

For recurring software subscriptions, merchants must comply with the Regulatory Technical Standards (RTS) under PSD2. This requires specific flagging of Merchant Initiated Transactions (MITs).

To qualify for the exemption from SCA after the first payment, the merchant must maintain a record of the mandate agreed upon by the customer. Failure to correctly signal this to the issuer can result in high decline rates as banks enforce strict authentication protocols.

Data Privacy and PCI Compliance

Software companies handling recurring payments are subject to PCI DSS requirements for the protection of cardholder data. Using vaulted tokens instead of raw card data helps in meeting these standards.

Furthermore, firms operating in the UK and EU must ensure that their payment processing activities comply with GDPR, particularly concerning the storage and cross-border transfer of sensitive financial personal data.

Use cases

Global B2B SaaS Enterprise

A company providing enterprise resource planning software to international clients uses multi-acquirer routing to ensure high authorisation rates across different regions, utilising local BIN recognition to reduce false fraud flags during high-value renewals.

Consumer Productivity Applications

A mobile application developer manages millions of low-value monthly subscriptions, employing automated dunning cycles and account updaters to maintain high volume throughput while minimising the manual overhead of managing failed payments.

Usage-Based Cloud Services

A cloud infra provider utilises flexible billing logic to authorise variable amounts each month based on consumption, relying on stored credentials and pre-authorised tokens to facilitate friction-free billing without repeating SCA for every cycle.

By the numbers

10–25%
Involuntary Churn Reduction

Typical improvement observed when implementing automated account updates and intelligent dunning cycles, according to industry benchmarks for SaaS verticals.

2–5%
Authorisation Uplift

Expected increase in success rates when transitioning from a single cross-border acquirer to a localised multi-acquirer routing strategy.

15–30%
Average Retry Success

Industry standard recovery rate for soft declines when using logic-based retry sequences over a period of 7 to 14 days.

Payments built for Software subscriptions.

Book a scoping call to see how Cardflo would set you up.

Apply now

What's included.

  • Dynamic routing of recurring payments based on issuer response patterns and geographic performance data.
  • Automated account updater integration to synchronise expired or replaced card credentials with scheme databases.
  • Support for Merchant Initiated Transactions (MIT) with proper flagging for regulatory and scheme compliance.
  • Granular retry logic engineered to respond to specific soft decline codes from issuing banks.
  • Tokenisation of sensitive cardholder data to reduce PCI DSS scope and enhance security posture.
  • Multi-currency settlement capabilities to facilitate international growth without excessive foreign exchange overhead.
  • Centralised reporting for a unified view of subscription health across multiple payment gateways.
  • Implementation of 3D Secure 2.0 to meet SCA requirements during the initial customer sign-up.
  • Management of diverse payment methods including cards, direct debit, and local alternative payment methods.
  • Strategic use of Merchant Category Codes to optimise interchange rates and improve authorisation success.
Route Software subscriptions traffic with confidence.

Talk to an acquiring specialist about your MID setup.

Apply now

Common questions.

How does payment orchestration help reduce involuntary churn for software subscriptions?

Payment orchestration reduces involuntary churn by centralising the management of failed transactions.

When an issuer returns a soft decline, the orchestration layer can automatically route the transaction to a secondary acquirer or schedule a retry at a more optimal time, such as following a common payday.

Furthermore, integration with account updater services ensures that if a cardholder receives a new card, the stored token is updated automatically, preventing failures due to expired credentials that would otherwise require manual customer outreach.

What is the impact of SCA and PSD2 on recurring software billing?

Under PSD2, the initial transaction to set up a subscription (the CIT) must typically undergo Strong Customer Authentication. Subsequent recurring payments can then be treated as Merchant Initiated Transactions, which are out of scope for SCA provided the initial agreement was correctly authenticated and flagged.

However, issuers may still request a challenge for any transaction they deem high-risk. Proper technical flagging of these transactions is essential to prevent unnecessary declines and maintain a frictionless billing experience.

Why should a SaaS company use local acquiring for international customers?

Local acquiring involves routing transactions through an acquirer located in the same region or country as the cardholder's issuing bank. For software companies, this practice significantly improves authorisation rates as domestic transactions are generally viewed as lower risk by issuers.

Additionally, it allows the merchant to benefit from local interchange caps, such as those in the EEA, and avoids the additional cross-border fees typically levied by schemes and processors on international transactions.

What is the difference between a soft decline and a hard decline in subscription billing?

A soft decline occurs when the issuer rejects a transaction for a temporary reason, such as insufficient funds or a technical timeout. These transactions are eligible for retries.

A hard decline occurs due to permanent issues, such as a stolen card, a closed account, or a fraud block that will not change upon retry.

Distinguishing between these via response codes is vital for subscription businesses to avoid wasting resources on hard declines while maximising recovery on soft ones.

How does tokenisation enhance security for long-term subscription customers?

Tokenisation replaces sensitive Primary Account Numbers (PAN) with a unique identifier or token. For software subscriptions, this means the actual card data is never stored on the merchant's servers, significantly reducing PCI DSS compliance requirements.

In the event of a data breach at the merchant level, the tokens are useless to attackers because they are locked to a specific merchant or gateway. This protects the long-term integrity of the customer's billing relationship.

Can software merchants use direct debit alongside card payments?

Yes, many software merchants utilise direct debit, such as SEPA or Bacs, as a cost-effective alternative to cards for recurring billing. Direct debit often has lower per-transaction fees and lower churn rates because bank accounts do not expire like cards.

A robust payment platform can manage both card and direct debit recurring flows through a single interface, providing a unified customer experience and consolidated financial reporting.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now
Apply now