Subscription billing is one of the fundamental cornerstones of our industry. Marketing practices and processing technologies have evolved, but the basic concept has remained unchanged. Subscription billing offers a multitude of benefits for business owners and their clients. This article will explore a less-frequently discussed aspect of subscription billing: card brand compliance.
Back in 2020, the first set of guidelines was put into effect, and there have been modifications and updates ever since. The key points are:
When customers enroll in a membership, they must give explicit consent and acknowledge that it’s an ongoing membership.
- Express consent
- Enhanced notification
- Explicit transaction receipts
- Statement descriptor
- Easier cancellation
- Expanded dispute rights
Of course, this applies to all recurring transaction business models: gyms, online video services, dating services, box-of-the-month clubs and even recurring charitable donations. Any business model where the cardholder does not have to explicitly opt in for subsequent transactions falls under the purview of these rules, regardless of how frequently the rebill takes place.
Let’s get into what these key points mean, and what needs to be done to maintain compliance.
Express Consent
When customers enroll in a membership, they must give explicit consent and acknowledge that it’s an ongoing membership. If it’s a trial that rolls into a membership, the customer must be made aware of the duration of the trial, how much a full subscription will cost and when it will be billed.
Enhanced Notification
At the time of enrollment, a copy of your terms and conditions for the subscription must be sent to the customer via email, SMS text or other delivery method, even if no amount is charged at the time of enrollment. This notification must include a confirmation that your customer has enrolled in a subscription unless they cancel, the start date of the subscription, details of what is being purchased, the amount of the subscription, frequency of billing and a link or contact information to cancel the subscription. A reminder notification must also be sent at least seven days prior to the renewal of the subscription if a trial period is about to expire or the billing amount or frequency of billing has changed.
Explicit Transaction Receipts
The length of the trial period — if applicable — along with the transaction amount, date of first billing, billing frequency and a link or contact information to cancel the subscription must all be disclosed to the cardholder.
Statement Descriptor
If your business offers a trial period, the word “trial” must be included for that initial transaction. “Trial,” “trial period” and “free trial” are all examples of compliant descriptors.
Easier Cancellation
Businesses must provide an easy way to cancel subscriptions online, regardless of whether the subscription was initiated online, in person, over the phone or by another method.
Expanded Dispute Rights
This one is my favorite because it actually helps merchants, so long as the aforementioned key points have been followed. Merchants can remedy disputes or fight chargebacks by proving that the appropriate actions have taken place. This can be done by showing that the cardholder explicitly enrolled in a subscription — express consent — and that the merchant electronically notified the cardholder before processing new transactions when the trial or promotional period ended.
Exceptions
The requirement for electronic notification seven days prior to a trial converting to a subscription only applies if the trial period is longer than seven days. In addition, advance notice does not apply to payments for utilities like gas, electric, water and sanitation; to telecommunication services like phone and internet; to existing debt such as car or mortgage payments; or to insurance policies.
Do These Rules Apply to Both Major Card Brands?
No. All of the above is actually for one particular card brand, whose logo features a big blue “V.” The other one, which has red and orange overlapping circles as its logo, has an entirely different set of rules, because we certainly wouldn't want things to be simple.
What About Missing or Incorrect Email Addresses?
What if you have subscriptions that are years old and you never collected an email address, physical address or phone number? The best practice is to put a URL in your descriptor so that the cardholder has a way to contact your business and manage their subscription.
What about new memberships moving forward? Let’s face it: not everyone signing up uses an accurate email address. Whatever their reasons, the cardholder’s decision to provide inaccurate information is outside our control. There are methods to ensure that the cardholder provides a valid email address, such as sending a link to confirm their subscription or sending a system-generated password.
Using either of these methods will add a layer of credibility should the need to fight a chargeback arise. If you send an electronic notification via email and it’s returned as undeliverable, as long as the merchant can demonstrate that a good faith effort was made to contact the cardholder, that would be sufficient to fulfill the requirement.
One last thing. The “electronic notification” doesn’t specifically have to be an email or SMS text message. So long as it can be demonstrated that a good faith effort was made to notify the cardholder of subscription rebilling, that should satisfy the electronic notification requirement.
The Takeaway
For businesses offering subscription services, the appeal of this framework is that by following these guidelines, you can make sure the subscription continues to rebill until the cardholder cancels or the card expires — and even when it does, there’s a fix for that! Automatic Card Updater works with participating banks to update payment credentials before they expire, so those subscriptions can continue to be billed without interruption. It’s super simple to set up, and it’s seamless on the merchant’s side.
Jonathan Corona has two decades of experience in the electronic payments processing industry. As chief operating officer of MobiusPay, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards mandated by the card associations, including, but not limited to, maintaining a working knowledge of BRAM guidelines and chargeback compliance rules defined in both Visa and Mastercard operating regulations.
