Skip to main content

Subscriptions and Recurring Billing

Prerequisites

Before optimizing recurring billing, understand:

Subscription payments fail differently than one-time payments. The difference between 90% and 95% billing success is 5% of your recurring revenue. On $100k MRR, that's $5k/mo walking out the door.

Most subscription businesses accept their decline rate as fixed. It isn't.

What Matters

  1. Card-on-file consent is non-negotiable. No consent documentation = lost disputes.
  2. Account updater (CAU) is free money. If you're not using it, you're losing 2-4% of billings to expired cards. See increase auth rates playbook.
  3. Dunning sequence design separates amateurs from pros. When you retry, how you communicate, and when you stop all affect recovery.
  4. Hard vs. soft decline logic. Retry the wrong decline code and you burn issuer goodwill.
  5. Cancellation proof wins disputes. If a customer says they cancelled and you can't prove they didn't, you lose. See compelling evidence.

Card-on-File Requirements

Storing cards for future billing requires explicit consent. This isn't optional.

  • Clear disclosure that you're storing the card
  • Explanation of what you'll charge and when
  • Cancellation terms
  • Customer acknowledgment (checkbox, signature, click-through)

What to Save

Data PointWhy
Consent timestampProves when they agreed
IP addressLinks consent to a device
Consent language versionShows what they agreed to
Transaction ID of first chargeTies consent to billing relationship

Issuer View

When we see a dispute on a recurring charge, the first thing we check is whether the merchant can prove consent. A timestamped signup flow with clear billing terms usually wins. A vague "I think they signed up" loses.

Card Account Updater (CAU)

CAU automatically updates stored cards when issuers reissue them. Visa calls theirs VAU (Visa Account Updater). Mastercard calls theirs ABU (Automatic Billing Updater).

What CAU Fixes

  • Expired cards
  • Reissued cards (new number, same account)
  • Changed expiration dates

What CAU Does Not Fix

  • Closed accounts
  • Fraud blocks
  • Customer-initiated cancellations
  • Cards the customer doesn't want you to charge

When to Enable

Nearly always. If you bill recurring, enable CAU. The ROI is immediate.

How to Check If You Have It

Ask Your Dev

"Is Card Account Updater enabled on our merchant account? Are we receiving and applying updates before billing?"

Most processors support CAU, but it may not be enabled by default. Some charge per update (typically $0.25-$0.50 per hit). Others include it.

Measuring CAU Lift

Compare involuntary churn before and after enabling:

  • Pull 3 months of data before CAU
  • Enable CAU
  • Pull 3 months after
  • Calculate the delta in expired-card failures

Typical lift: 2-4% reduction in failed recurring billings.

Dunning Sequences

Dunning is what happens after a payment fails. Your sequence determines how much revenue you recover.

Anatomy of a Dunning Sequence

StepTimingAction
1ImmediatelyRetry payment
2Day 1Email: "Payment failed, update card"
3Day 3Retry payment
4Day 3Email: "Still having trouble"
5Day 7Retry payment
6Day 7Email: "Service at risk"
7Day 14Final retry
8Day 14Email: "Last chance before cancellation"
9Day 21Cancel or pause

Retry Timing That Works

Don't retry immediately after failure. Wait.

  • Soft decline (insufficient funds): Retry in 3-5 days. Paydays matter.
  • Issuer unavailable: Retry in 4-24 hours.
  • Card expired without CAU update: Don't retry. Email for new card.

Email Timing That Works

  • Day 1: Factual. "Your payment failed. Here's how to update."
  • Day 3-7: Helpful. "Want to keep access? Update here."
  • Day 14+: Urgent but not aggressive. "We'll pause your account in 3 days."

What Kills Recovery

  • Too many emails (3-4 total is enough)
  • Aggressive tone ("PAY NOW OR ELSE")
  • No clear update link
  • Retrying hard declines repeatedly

Hard vs. Soft Decline Logic

Not all declines are equal. Retry logic should match decline type.

Soft Declines: Retry-Eligible

CodeMeaningRetry Strategy
Insufficient fundsAccount lowRetry in 3-5 days (around payday)
Issuer unavailableTechnical issueRetry in 4-24 hours
Card not activatedNew cardRetry in 1-2 days
Exceeds limitOver spending limitRetry in a few days

Hard Declines: Do Not Retry

CodeMeaningAction
Card stolen/lostFraud flagStop. Request new card.
Invalid card numberCard doesn't existStop. Request new card.
Card expiredCAU should have caught thisStop. Request new card.
Do not honorIssuer says noTry once more, then stop.
Restricted cardBlocked categoryStop. Different card needed.

Why This Matters

Issuers track retry behavior. Merchants who hammer declined cards get worse auth rates across all transactions. One bad retry pattern can tank your entire approval rate.

Ask Your Dev

"What's our retry logic for soft declines vs. hard declines? Are we distinguishing between them?"

The Dunning End Game

When do you stop trying?

When to Stop Retrying

ModelStop After
SaaS / digital service14-21 days of failure
Physical subscription (box)7-14 days (you have fulfillment costs)
High-ticket service30 days (worth the chase)

Cancel vs. Pause

ActionWhen to Use
CancelLow LTV customers, free trial churners, abuse patterns
Pause (unpaid hold)High LTV customers, long tenure, seasonal businesses

Pausing preserves the relationship. Cancelling ends it. Choose based on customer value.

Grace Period Strategy

  • Free trials: No grace. Card fails = trial ends.
  • Paid subscriptions: 7-14 day grace is standard.
  • Enterprise/annual: 30+ days. These are worth saving.

After the Last Retry Fails

Ask Your Dev

"What happens after our last retry fails? Does the subscription cancel, pause, or just sit there?"

"Sits there" is the wrong answer. Define the end state.

Stop Using $0/$1 Auth to Save Cards

Legacy Pattern Alert

If you're still using $0 or $1 authorizations to validate cards before saving them, stop.

The Old Pattern

  1. Customer enters card
  2. Authorize $0 or $1 to "validate"
  3. Void the auth
  4. Save the card for future billing

Why This Fails

  • Higher decline rates. Issuers are suspicious of $0/$1 auth patterns.
  • Customer confusion. "Why is there a $1 charge?"
  • Worse issuer acceptance. You look like a card tester.

The Modern Approach

Use SetupIntent-style flows (Stripe calls it SetupIntent, others have equivalents).

  • Validates the card without a charge
  • Designed for card-on-file use cases
  • Better issuer acceptance
  • No customer-facing charge
Ask Your Dev

"Are we still using $0/$1 auth to save cards? Can we switch to SetupIntent or equivalent?"

Subscription Fraud Typologies

Recurring billing attracts specific fraud patterns.

Trial Abuse

Pattern: Sign up for free trial, cancel before charge, repeat with new email/card.

Signals:

  • Device fingerprint matches previous trial user
  • Disposable email domain
  • Card BIN cycling (same first 6 digits, different cards)
  • VPN or proxy use

Response:

  • Limit trials to one per device fingerprint
  • Block disposable email domains
  • Require payment method at trial start (not $0 auth, use SetupIntent)

Promo Stacking

Pattern: Abuse referral codes, coupons, or first-month discounts.

Signals:

  • Same billing address, different names
  • Referrer and referee from same IP
  • Multiple accounts created rapidly

Response:

  • Limit referral rewards per payment method
  • Velocity checks on promo code use
  • Link detection across accounts

Credential Sharing/Reselling

Pattern: One paid account shared among many users, or resold access.

Signals:

  • Logins from many IPs/locations simultaneously
  • Usage patterns that don't match single-user behavior
  • Account credentials appearing on resale sites

Response:

  • Concurrent session limits
  • Device registration caps
  • Usage-based lockouts

Related: Fraud Prevention

Subscription Dispute Patterns

Recurring billing has unique dispute characteristics.

Common Dispute Reasons

ReasonCausePrevention
"I cancelled"They didn't, or you didn't process itClear cancellation flow, confirmation emails
"I didn't authorize this"They forgot, or genuine fraudPre-renewal reminders, clear descriptors
"I didn't recognize the charge"Bad descriptorInclude brand name in descriptor
"I was charged after cancelling"Billing/cancellation timing mismatchStop billing immediately on cancel

Cancellation Proof Basics

When a customer disputes saying they cancelled, you need:

  1. Cancellation policy they agreed to at signup
  2. Usage logs showing activity after alleged cancellation
  3. Communication history (did they contact support?)
  4. Account status timeline (when did they actually cancel?)

If you can't prove they didn't cancel, you lose.

Pre-Renewal Reminders

For annual subscriptions, send a reminder 7-14 days before renewal:

"Your subscription renews on [date] for [amount]. If you want to cancel, [click here]."

This feels scary but reduces disputes. A customer who cancels is better than a customer who disputes.

Involuntary vs. Voluntary Churn

Churn has two causes. Fix the right one.

Involuntary Churn (Payment Failure)

  • Card expired
  • Insufficient funds
  • Card replaced
  • Issuer decline

Fix with: CAU, dunning optimization, retry logic, payment method diversity.

Voluntary Churn (Customer Choice)

  • Didn't need the product
  • Found alternative
  • Price objection
  • Bad experience

Fix with: Product, pricing, onboarding, support. Not payments.

Measuring the Split

Track churn by cause:

  • What percentage of churned customers had a failed payment as their last event?
  • What percentage voluntarily cancelled with a working card?

If involuntary churn is >30% of total churn, your payments infrastructure is the problem.

Test to Run

4-week CAU and dunning audit:

Week 1: Baseline your current metrics.

  • Involuntary churn rate
  • Retry success rate by attempt number
  • CAU hit rate (if enabled)

Week 2-3: Implement changes.

  • Enable CAU if not active
  • Adjust retry timing based on decline codes
  • Update dunning emails

Week 4: Measure.

  • Compare involuntary churn to baseline
  • Track recovery rate by dunning step

Success criteria: 10-20% reduction in involuntary churn within 30 days.

Scale Callout

VolumeFocus
Under $100k MRREnable CAU, set up basic dunning (3-4 emails), don't overthink it.
$100k-$1M MRROptimize retry timing by decline code, A/B test dunning emails, track recovery by step.
Over $1M MRRDedicated retention ops, predictive churn models, custom dunning by customer segment and LTV.

Where This Breaks

  1. Prepaid cards. No CAU. Can't retry. Just fails. Consider requiring non-prepaid for subscriptions.

  2. Corporate cards with frequent reissuance. B2B subscriptions on company cards churn hard. Get backup payment methods or invoice them.

  3. Customers who want to cancel but dispute instead. Some customers find disputing easier than cancelling. Make cancellation brain-dead simple to reduce this.

Analyst Layer: Metrics to Track

MetricWhat It Tells YouTarget
Involuntary churn ratePayment-driven churn< 3% monthly
Retry success rateDunning effectiveness> 30% recovery
CAU hit rateUpdater coverage> 5% of active cards
Dunning email open rateMessage effectiveness> 40%
Recovery by attemptOptimal retry countMost recovery by attempt 2-3
Churn by decline codeWhere to focusHard declines should be < 20% of failures

Recurring Churn Analytics Framework

Track these dimensions to understand where you're losing subscribers:

DimensionMetrics to TrackWhy It Matters
Churn typeVoluntary vs involuntaryDifferent fixes for each
Churn timingDays since signup when churn occursIdentifies risk periods
Decline reasonDistribution of decline codesTells you what's fixable
Recovery rate% recovered by dunning stepShows where dunning works
LTV at churnRevenue lost per churned subPrioritizes retention effort

Monthly churn decomposition:

Total churn = Voluntary + Involuntary
Involuntary = Declined + Expired + Blocked + Other
Declined = Hard decline (unfixable) + Soft decline (retry-able)

Key ratios:

  • Involuntary / Total churn (target: < 30%)
  • Soft decline / Total declined (target: > 60%)
  • Recovered / Soft declined (target: > 40%)

CAU Lift Measurement

Quantify your Card Account Updater ROI:

MetricHow to CalculateBenchmark
CAU coverageSubscribers with updatable cards / Total subscribers70-85%
Update rateCAU updates received / Billing attempts2-5% monthly
Prevented churn(Updates that would have failed) × billing success rateTrack monthly
CAU ROI(Prevented churn × LTV) - (Updates × cost per update)Should be > 10x

Before/after analysis:

  1. Baseline 3 months of expired card failures before CAU
  2. Enable CAU for 3 months
  3. Compare expired card failure rate
  4. Calculate LTV of saved subscribers

Expected lift: 2-4% reduction in involuntary churn, or 10-20% of expired-card failures prevented.

Cohort Analysis

Track cohorts by:

  • Signup month
  • Payment method type
  • Pricing tier

Identify which cohorts have highest involuntary churn and fix those first.

Next Steps

Just starting with subscriptions?

  1. Audit your consent capture → Do you have documented proof of recurring authorization?
  2. Enable Card Account Updater (CAU) → Free lift to billing success
  3. Set up basic dunning → Email on first failure, retry in 3 days

Improving billing success?

  1. Segment declines by type → Soft vs. hard, expired vs. insufficient funds
  2. Optimize retry timing → Match to payday cycles for B2C
  3. Review auth optimization → Decline patterns affect recurring

Fighting subscription chargebacks?

  1. Check compliance requirements → Network rules for recurring
  2. Improve cancellation flow → Easy cancellation = fewer disputes
  3. Pre-billing notifications → Remind before charging, not after