In 2026, subscription merchants sit at the centre of one of the most significant risk recalibrations in the payments industry. What was once considered a stable, high-margin business model has become one of the most heavily scrutinised categories for PSPs and acquirers.

The reason is simple: subscription billing creates future transaction exposure that extends far beyond the initial sign-up. A single checkout event can represent six, twelve, or even twenty-four months of recurring billings, each carrying fraud, refund, and chargeback risk that PSPs must ultimately absorb.

This long-tail exposure has driven regulators and card schemes to tighten their oversight. The US Federal Trade Commission’s 2024 Negative Option Rule introduced strict requirements around consent, disclosure, renewal transparency, and cancellation design. At the same time, Mastercard’s updated rules for subscription and free-trial merchants now require explicit trial reminders, clear renewal dates, and revocation-friendly cancellation paths. In the UK, the FCA has reinforced consumer protections around Continuous Payment Authorities (CPAs), and under PSD3, European regulators are preparing stronger rules for recurring payments, mandating transparency and post-contract cancellation rights. Subscription billing is no longer a commercial convenience; it is a regulated category with compliance obligations embedded into every renewal cycle.

For PSPs, these shifts transform underwriting. Traditional risk models were designed for one-off transactions, where fraud signals and refund ratios were tied to discrete events. But recurring merchants demand a different lens. The risk sits not only in today’s transaction, but in the probability and quality of all future billings. PSPs must model churn curves, first-rebill failure rates, subscription funnel transparency, and the likelihood of disputes triggered by unclear trial terms or poor cancellation flows. In high-risk verticals, coaching programmes, supplements, digital subscriptions, and adult entertainment, this forward liability becomes even more pronounced.

At the same time, consumer behaviour has shifted. Friendly fraud has risen sharply in digital commerce, with “I didn’t know this would renew” becoming a common dispute reason. Issuers are increasingly sceptical of subscription charges, especially after a free trial. Meanwhile, regulatory bodies across the US, UK, EU, and APAC have publicly criticised “hard-to-cancel” subscription flows, making UX design a direct risk factor for underwriting decisions.

Against this backdrop, PSPs in 2026 require a Recurring Revenue Risk Model, a unified framework that evaluates subscription merchants not only on fraud or financial stability, but on lifecycle governance, compliance maturity, and technology architecture. Merchants who understand this model can unlock smoother approvals, lower reserve requirements, faster settlements, and long-term processing continuity.

In 2026, subscription merchants sit at the centre of one of the most significant risk recalibrations in the payments industry. What was once considered a stable, high-margin business model has become one of the most heavily scrutinised categories for PSPs and acquirers. The reason is simple: subscription billing creates future transaction exposure that extends far beyond the initial sign-up. A single checkout event can represent six, twelve, or even twenty-four months of recurring billings, each carrying fraud, refund, and chargeback risk that PSPs must ultimately absorb.

This long-tail exposure has driven regulators and card schemes to tighten their oversight. The US Federal Trade Commission’s 2024 Negative Option Rule introduced strict requirements around consent, disclosure, renewal transparency, and cancellation design. At the same time, Mastercard’s updated rules for subscription and free-trial merchants now require explicit trial reminders, clear renewal dates, and revocation-friendly cancellation paths. In the UK, the FCA has reinforced consumer protections around Continuous Payment Authorities (CPAs), and under PSD3, European regulators are preparing stronger rules for recurring payments, mandating transparency and post-contract cancellation rights. Subscription billing is no longer a commercial convenience; it is a regulated category with compliance obligations embedded into every renewal cycle.

For PSPs, these shifts transform underwriting. Traditional risk models were designed for one-off transactions, where fraud signals and refund ratios were tied to discrete events. But recurring merchants demand a different lens. The risk sits not only in today’s transaction, but in the probability and quality of all future billings. PSPs must model churn curves, first-rebill failure rates, subscription funnel transparency, and the likelihood of disputes triggered by unclear trial terms or poor cancellation flows. In high-risk verticals, coaching programmes, supplements, digital subscriptions, and adult entertainment, this forward liability becomes even more pronounced.

At the same time, consumer behaviour has shifted. Friendly fraud has risen sharply in digital commerce, with “I didn’t know this would renew” becoming a common dispute reason. Issuers are increasingly sceptical of subscription charges, especially after a free trial. Meanwhile, regulatory bodies across the US, UK, EU, and APAC have publicly criticised “hard-to-cancel” subscription flows, making UX design a direct risk factor for underwriting decisions.

Against this backdrop, PSPs in 2026 require a Recurring Revenue Risk Model, a unified framework that evaluates subscription merchants not only on fraud or financial stability, but on lifecycle governance, compliance maturity, and technology architecture. Merchants who understand this model can unlock smoother approvals, lower reserve requirements, faster settlements, and long-term processing continuity.

The Evolution of PSP Underwriting for Subscription Businesses

In 2026, the underwriting paradigm for subscription merchants has shifted significantly. Traditional payment underwriting focused on individual transactions, evaluating fraud risk, card security, and merchant stability at a single point in time. Subscription billing, however, introduces a much wider risk window. With every sign-up representing months (or years) of future exposure, PSPs must assess lifetime billing risk, not just initial authorisation risk.

From Transaction-Level to Lifetime Exposure

Underwriting once revolved around historical chargeback ratios and simple volume forecasts. Today, subscription risk is cumulative. One approval can lead to 12–24 subsequent billings, each carrying fraud, misrecognition, cancellation, and regulatory exposure. The merchant’s subscription lifecycle quality, not just its checkout design, now determines PSP approval terms.

This evolution has been accelerated by stricter global standards. In October 2022, Mastercard expanded its rules for subscription, recurring, and negative-option billing, mandating transparent trial terms, pre-renewal reminders, electronic receipts, and simple cancellation mechanisms (Mastercard Subscription & Negative-Option Standards, 2022). These requirements have continued evolving through 2024-2025 enforcement cycles.

Why PSPs Classify Subscription Merchants as Higher Risk

Subscription models exhibit distinct risk markers that PSPs closely evaluate:

• Trial-to-paid conversion risk: Free trials, $0 trials, or hidden introductory offers tend to generate disputes during the first rebill. Mastercard requires reminder notifications 3–7 days before trial conversion to reduce these disputes (Braintree/Mastercard Requirements Summary, 2024).
• Friendly fraud & misrecognition: Many disputes occur because consumers fail to understand or recall the recurring nature of the charge.
• Regulatory non-compliance: The U.S. Federal Trade Commission’s 2024 Negative Option Rule requires clear consent, pre-renewal notices, and frictionless cancellation; non-compliance increases refund and chargeback risk (FTC Negative Option Rule, 2024).
• High refund/churn ratios: PSPs analyse churn cohorts rather than just monthly totals; volatile cohorts indicate weak product/market fit or misleading offers.

Regulatory & Scheme Pressures Driving New Underwriting Standards

PSPs must align underwriting with global consumer-protection rules:

• Mastercard: strict standards for subscription transparency, cancellation paths, and free-trial reminders (Mastercard Negative Option Model Summary).
• FTC (US): prohibits misleading trial conversions and mandates “simple cancellation” under the 2024 Negative Option Rule.
• FCA (UK): emphasises customer rights to stop recurring payments through banks and requires transparent subscription terms.
• RBI (India): mandates explicit e-mandate consent and 24-hour pre-debit notifications for recurring transactions.

This multi-jurisdictional pressure means PSPs must treat subscription flows as regulatory-risk surfaces, not simply commercial billing models.

What This Means for PSP Underwriting in 2026

PSPs now evaluate subscription merchants based on:

• Billing structure (trial length, billing frequency, introductory offers)
• First-rebill success rate (a key predictor of future disputes)
• Subscription churn curves (cohort-level stability)
• Refund and cancellation transparency
• Tokenisation + credential lifecycle handling (network tokens, account updater)
• Compliance with scheme rules and negative-option regulations
• Customer support responsiveness (SLA benchmarks)

Merchants with mature subscription lifecycle controls receive lower reserve requirements, faster settlement, and better approval odds.

Core Risk Vectors in Recurring Revenue for PSPs

For PSPs underwriting subscription merchants in 2026, the focus has shifted from single-transaction risk to lifecycle risk. Subscription models embed a series of charge events over time rather than one-off payments, meaning each billing cycle carries its own potential for disputes, churn, fraud, and regulatory breach. PSPs therefore assess risk vectors that are unique to recurring-revenue merchants, and which demand different mitigation strategies.

1. Trial-to-Paid Conversion Risk

One of the strongest predictors of future billing success is the conversion rate from trial (free or discounted) to paid subscription. When this conversion is low, the merchant may lack product-market fit, or worse, have misleading trial terms. This is particularly risky for PSPs because a failed first rebill often triggers a cascade of refund requests, chargebacks and increased scrutiny.

A study by Chargeback.io found that 36.6 % of chargebacks originated from subscription billing models, highlighting that the trial/first-rebill stage is a high-risk zone. For PSPs, underwriting must therefore evaluate the length of trial, transparency of the offer, first-rebill approval rate, and the plan for addressing failed renewals.

2. Friendly Fraud & Mis-recognition

Routine charges that the cardholder either forgets about or doesn’t recognise are a leading cause of disputes in subscription models. Merchants often report that descriptor confusion, automatic renewals without reminder and opaque free trials are primary drivers. According to PayShield’s analysis, unclear renewal notifications and “mystery” descriptors significantly increase chargeback volume.

PSPs therefore rate the risk of friendly fraud by reviewing the clarity of merchant descriptors, the renewal reminder cadence and the ease of cancellation.

3. Regulatory & Contractual Non-Compliance Risk

Subscription billing is now a regulatory priority in many jurisdictions. The US FTC’s 2024 Negative Option Rule, the UK’s FCA guidance on continuous payment authorities and the EU’s planned upgrades under PSD3 signal that recurring payments must meet higher standards of consent, disclosure, renewal notice and cancellation ease.

A merchant failing to comply may trigger regulatory fines, scheme investigations, or increased reserve requirements. PSPs must verify the merchant’s subscription terms, proof of consumer consent at onboarding, renewal-reminder workflows and cancellation functionality.

4. Technical Risk of Rebilling Failure

Subscriptions frequently fail, not due to fraud but due to expired cards, declined renewals, missing credential updates or insufficient retry logic. Each failed renewal is a lost opportunity and a potential reputational issue. For PSPs, this raises risk: the merchant’s volume may drop, but fixed contractual commitments remain, pushing them into higher operational risk territory.

Thus, PSP underwriters examine the merchant’s card-on-file (CoF) stack, use of network tokens, automated account updater programmes and retry/dunning workflows.

5. Churn, Refunds and Reputation Risk

Churn and refund rates reveal underlying product/market weakness or compliance gaps (inability to cancel easily). A high churn or refund rate driven by complicated cancellation processes can signal elevated risk of dispute escalation and reserve pressure. As Chargeback.io and others show, average merchants win only 20-30% of disputes, and the operational burden of chargebacks erodes profitability.

PSPs therefore assess a merchant’s historical churn, forecasted churn of similar cohorts, refund policy clarity and visibility of dispute handling to quantify this risk vector.

Merchant Takeaway: Subscription models may look like stable recurring cash flow, but for PSPs, they represent a complex risk ecosystem. To secure favorable underwriting terms, merchants must address four key vectors: trial-to-paid conversion, friendly-fraud mitigation, regulatory compliance of billing flows, and technical renewal reliability. Master these early, and you reduce the risk premium PSPs place on your account.

Underwriting Data Requirements: What PSPs Expect From Subscription Merchants

By 2026, underwriting subscription merchants will have become a data-driven discipline. PSPs no longer rely on static business descriptions or merchant declarations; they expect full lifecycle visibility, cohort-level performance indicators, and verifiable compliance evidence. This is because recurring revenue merchants carry future exposure, and PSPs must ensure each renewal event, months after onboarding, is low risk, properly consented, and technically robust.

1. Bank Statements and Historical Processing Data

PSPs typically request between three and six months of bank statements and prior PSP processing history. These documents allow underwriters to validate cash-flow stability, refund ratios, settlement frequency, and seasonality. Consistent deposit patterns and low refund volatility significantly improve approval odds.

Conversely, wide fluctuations, especially around trial periods or marketing pushes, signal lifecycle instability that underwriters flag as a risk.

2. Website Compliance & Checkout Transparency Review

PSPs scrutinise subscription merchants’ websites more thoroughly than standard e-commerce businesses. Underwriters assess:

• Visibility of price and billing frequency
• Clarity of free-trial terms and auto-renewal disclosures
• Cancellation instructions (must be as simple as signup)
• Availability of customer support details
• Evidence of informed consent at checkout

The US Federal Trade Commission’s 2024 Negative Option Rule codifies many of these requirements, particularly around pre-renewal disclosure and frictionless cancellation, which PSPs now incorporate directly into underwriting criteria. More broadly, UK and EU consumer-protection frameworks also emphasise transparency, easy termination and contract clarity.

3. Refund, Complaint and Chargeback Policies

PSPs evaluate how merchants manage complaints, refunds and disputes. A transparent refund policy that aligns with regional consumer-rights legislation is essential. Underwriters additionally require evidence that:

• Refunds are processed on time
• Customers receive written confirmation
• Dispute ratios are stable across cohorts
• Complaint volumes are not spiking after trial conversion

Poor or non-existent refund policies are one of the strongest indicators of elevated chargeback risk.

4. Subscription Lifecycle Reporting (Trial → Renewal → Churn)

The single most important underwriting requirement in 2026 is lifecycle performance data. Modern PSPs now request:

• Trial-to-paid conversion rate
• First-rebill success rate
• Monthly cohort churn curves
• Refund ratio by billing cycle
• Lifetime value (LTV) forecasts
• Cancellation-request timestamps
• Billing frequency distribution

These data points help PSPs model future exposure, rather than just historical revenue. A merchant able to demonstrate stable cohorts and predictable renewal cycles significantly reduces its perceived risk.

5. Consent Evidence & Authentication Trails

PSPs also require documented proof that the customer knowingly agreed to the recurring charge. This may include:

• Checkout screenshots
• Timestamped logs
• IP address records
• Acceptance of terms
• Pre-renewal reminder logs

This evidentiary trail is crucial for disputing friendly fraud and meeting scheme requirements introduced by Mastercard and Visa.

6. Technology Stack & Tokenisation Compliance

As part of the underwriting package, PSPs expect merchants to outline their payment architecture:

• Tokenisation provider (gateway-vault or network tokens)
• Use of Account Updater or Mastercard Credential Continuity
• Retry logic/dunning workflow
• Subscription management system (Chargebee, Recurly, Zuora)
• 3DS2 implementation for initial transaction
• Recurring indicator flags are accurately passed in authorisation

Merchants using modern subscription-orchestration platforms often receive preferential terms due to lower rebill failure rates and improved consent documentation.

Chargeback Forecasting Models: How AI Is Changing Subscription Risk Scoring

As subscription billing becomes more tightly regulated and more vulnerable to friendly fraud, PSPs in 2026 increasingly rely on AI-driven chargeback forecasting to assess whether a merchant presents stable long-term risk. Unlike traditional models that reacted to historical disputes, AI underwriting frameworks proactively identify future dispute probability, cohort instability, and traffic-source quality, enabling PSPs to calibrate reserve levels, approval decisions and settlement terms.

AI forecasting begins with the trial-to-paid transition, the highest-risk period for subscription merchants. Machine-learning models analyse the merchant’s historical performance to identify patterns preceding disputes, such as unusually short trial durations, aggressive introductory discounts, poor reminder compliance, or high failure rates on the first rebill. This predictive lens aligns with scheme expectations: Mastercard’s updated Negative Option Billing standards emphasise transparency and clear pre-billing notices, as unclear trial flows are a top driver of disputes and chargebacks. (Mastercard Negative Option Standards)

PSPs now evaluate behavioural signals to forecast whether a cohort is likely to dispute future charges. These include device-risk patterns, login behaviour, customer interaction frequency, and even refund inquiry velocity. If these metrics deteriorate in a specific segment (e.g., customers acquired through a particular affiliate or ad campaign), AI models flag the cohort as high-risk, months before disputes materialise. This aligns with findings from Chargeback.io, which note that a significant proportion of subscription disputes stem from unclear expectations during sign-up and early billing cycles. (Chargeback.io Statistics)

Another major innovation in 2026 is traffic-source risk modelling. PSPs recognise that many disputes originate from customers acquired through low-quality acquisition channels, aggressive affiliates, misleading ads, or non-compliant influencers. AI underwriting platforms now segment chargeback risk by marketing source, allowing PSPs to penalise or restrict merchants who rely heavily on high-risk traffic. This direction is consistent with new consumer-protection enforcement from the US Federal Trade Commission, which has linked misleading ads to higher subscription cancellation and dispute volumes. (FTC Negative Option Rule, 2024)

AI models also improve the prediction of re-bill failure cycles, especially in markets with high issuer decline rates. By analysing card-lifecycle data, expiry timing, credential updates, and network token usage, AI systems identify whether a merchant’s rebill model is structurally flawed. PSPs use this information to determine whether reserves or delayed settlements are necessary.

In 2026, acquirers increasingly operate continuous monitoring systems rather than one-off onboarding reviews. Merchants are re-scored monthly or even weekly, with algorithms identifying abnormal spikes in refunds, complaints, or cancellation requests. This continuous scoring aligns with global trends in subscription oversight and ensures PSPs react quickly when consumer risk increases.

Merchant Takeaway: AI-based underwriting is now central to subscription merchant approvals. To reduce your risk score, optimise trial flows, maintain transparent reminders, stabilise traffic sources, and adopt strong lifecycle management tools, PSPs reward data clarity and predictable cohort behaviour.

Regional Lens: Europe’s PSD3 Updates vs US and APAC Approaches

Subscription underwriting in 2026 is no longer shaped by card-scheme rules alone. Regional regulatory frameworks, PSD3 in the EU, the FTC Negative Option Rule in the US, and RBI e-mandate rules in India, are now central to how PSPs evaluate recurring-revenue merchants. Each region introduces different obligations for consent, disclosure, cancellation, and data transparency, meaning PSPs must tailor underwriting criteria to the regulatory profile of the markets a merchant serves.

Europe (EU & UK): PSD3, Consumer Rights, and Strong Consent Requirements

Europe remains the strictest market for subscription oversight. The PSD3 and PSR (Payment Services Regulation) proposals published by the European Commission in 2023-2024 aim to tighten consumer protection around recurring payments, mandate stronger transparency in contract terms, and introduce updated requirements for payment authentication and liability distribution. These measures complement existing consumer-rights directives that enforce cooling-off periods, transparent auto-renewal terms, and easy contract cancellation.

For PSPs underwriting EU merchants, this means verifying:

• Clear subscription and auto-renewal explanations
• Consent evidence with strong audit trails
• Compliance with EU withdrawal rights
• Use of SCA exemptions correctly (initial 3DS, subsequent MITs)
• Transparent cancellation flows

In the UK, the FCA continues to emphasise customer rights for Continuous Payment Authorities (CPAs), reinforcing that customers should be able to stop recurring payments directly through their bank, making clear cancellation UX a key underwriting factor.

These standards make EU/UK merchants less risky if compliant, but significantly riskier if their flows obscure renewal terms or fail to meet SCA expectations.

United States: FTC Negative Option Rule & High Friendly Fraud Exposure

The US regulatory model is driven by the Federal Trade Commission’s 2024 Negative Option Rule, which applies across subscription, membership, automatic renewal, and free-trial models. The rule requires:

• Prominent upfront disclosure of terms
• Unambiguous affirmative consent
• Renewal reminders
• Cancellation that is “as easy as sign-up”

U.S. issuers also report higher friendly-fraud ratios in subscription commerce, raising the risk profile for PSPs. Underwriting, therefore, focuses heavily on:

• Trial transparency
• Cancellation friction
• Descriptor clarity
• Complaint and refund volume
• Traffic-source scrutiny (due to aggressive marketing practices)

The US offers merchants wide commercial flexibility but also high dispute exposure, making AI-driven forecasting especially important for PSPs underwriting American subscription businesses.

APAC: Mandate Compliance and High Technical Decline Exposure

APAC markets, especially India, Indonesia, and the Philippines, take a regulatory-first approach to recurring payments.

India’s RBI e-mandate framework imposes strict recurring-payment rules:

• Explicit customer e-mandate
• 24-hour pre-debit notifications
• Step-up authentication for transactions above INR thresholds
• Issuer-side decline of non-compliant mandates

For PSPs underwriting Indian merchants, lifecycle compliance, reminder flows, and authentication procedures are mandatory requirements.

In Southeast Asia, recurring payments often rely on wallets (GrabPay, GCash, Paytm) rather than cards. Wallet-based recurring rails reduce some scheme compliance burdens but introduce challenges around failed debits, liquidity, and consumer KYC completeness. PSPs therefore assess wallet integration quality, KYC risk, and customer churn rather than purely card metrics.

APAC underwriting also accounts for elevated decline rates across bank-issued cards, requiring robust retry and dunning frameworks.

Mitigation Strategies: Data Transparency and Subscription Lifecycle Reporting

By 2026, PSPs and acquirers expect subscription merchants to be more than compliant; they must be predictable. Predictability comes from two pillars: data transparency and real-time lifecycle reporting. Merchants that can demonstrate both receive preferable underwriting terms, faster settlements, and lower reserves. Those who cannot are treated as structurally high-risk, regardless of volume or tenure.

1. Full Lifecycle Data Sharing: The New PSP Requirement

Subscription underwriting used to rely on static onboarding documents; today, PSPs demand continuous visibility. Underwriters increasingly request:

• Trial-to-paid conversion rates
• First-rebill success ratios
• Monthly churn curves (classic, rolling and cohort-based)
• Refund ratios by billing cycle
• Dispute forecasts for upcoming renewal periods
• Customer cancellation timestamps and reason codes

This level of detail allows PSP risk teams to model forward exposure, not just historical behaviour. The shift aligns with global regulatory expectations that subscription merchants maintain clear, auditable renewal and cancellation trails, a principle reinforced by the FTC’s 2024 Negative Option Rule and Mastercard’s negative-option standards.

2. Transparent Subscription Funnels & Clear Consent Evidence

Merchants must be able to prove how, when, and under what terms a customer agreed to the recurring charge. Evidence includes:

• Checkout screenshots
• Timestamped IP logs
• Pre-renewal reminder delivery proof
• Terms-of-service acceptance records
• Cancel-at-any-time policies visible at checkout

This documentation is essential not only for dispute representation but also for meeting consent obligations under PSD3 (EU), FCA CPA rules (UK), and FTC regulations (US).

3. Reporting Technical Signals: Tokens, Updaters & Failures

PSPs increasingly review the merchant’s technical performance across the subscription lifecycle. Key metrics include:

• Network-token adoption
• Account-updater match rates
• Expired-card failure percentages
• Payment retries & dunning performance
• Percentage of “billing descriptor confusion” disputes
• Proportion of customers opting out after receiving renewal reminders

For merchants operating in the US or India, where friendly fraud and issuer-side mandates are prevalent, these metrics strongly influence underwriting terms.

4. Traffic-Source Transparency

Poor-quality traffic is a dominant dispute driver in subscription commerce. PSPs now require:

• Affiliate-level reporting
• Ad-campaign-level performance data
• Refund/dispute ratios by acquisition source
• Any known compliance risks in marketing language

This aligns with FTC enforcement actions linking deceptive advertising to high subscription dispute volumes.

5. Proactive Dispute & Churn Controls

Merchants can materially reduce risk scores by implementing:

• Automated renewal reminders
• Self-service cancellations
• Clear email receipts for each rebill
• Churn-prevention email flows
• Instant refunds for trial dissatisfaction
• Robust customer support SLAs

Platforms that automate these controls, such as Chargebee, Recurly, Stripe Billing or Zuora, often receive preferential PSP terms due to more stable lifecycle performance.

Case Study: How PSPs Score a Subscription Merchant in 2026

To illustrate how the 2026 underwriting framework operates in practice, consider a composite subscription merchant: “NutraWell+”, a continuity nutraceutical business offering a 7-day £1 trial followed by a £49 monthly renewal. This type of merchant has historically been high-risk due to aggressive free trials, high early churn, and elevated friendly fraud. The following breakdown shows how a modern PSP evaluates the merchant before approving a MID.

1. Business Model Assessment

The PSP begins by reviewing NutraWell+’s commercial model:

• Trial configuration: £1 for 7 days, then auto-renewal
• Billing frequency: monthly
• Average ticket: £49
• Traffic channels: affiliate-heavy (60%), DTC paid social (40%)

Short trials, sub-£5 introductory offers, and high affiliate volumes immediately elevate risk. PSP underwriting models flag these characteristics as they correlate strongly with future chargeback and complaint volume.

2. Lifecycle & Cohort Analysis

The PSP requires cohort-based reporting for at least three months:

• Trial-to-paid conversion rate: 24% (below the 30-40% industry benchmark)
• First-rebill success rate: 78%
• Churn by month 2: 43%
• Refund frequency: 18% of all post-trial customers

Cohort deterioration at this level implies potential product dissatisfaction, non-compliant trial expectations, or a misaligned target audience.

3. Compliance & UX Evaluation

Underwriters review the website for compliance with Mastercard and FTC standards:

• Are trial terms disclosed above the fold?
• Is the renewal price clear?
• Is cancellation frictionless and accessible via a single interaction?
• Are renewal reminders sent 3-7 days before rebill (Mastercard requirement)?

NutraWell+ provides clear pricing, but the cancellation page requires multiple steps. This represents a regulatory risk under the FTC Negative Option Rule, which mandates that cancellation must be “as easy as sign-up”.

4. Technical Stack Review

The merchant uses a reputable billing platform with:

• Network tokens
• Account updater
• 3DS2 for initial sign-up
• Automated dunning for failed renewals

This significantly reduces PSP risk, as expired cards and failed renewals are major drivers of churn and disputes.

5. Traffic-Source Risk Profiling

The PSP analyses performance by acquisition channel:

• Affiliate traffic churn: 55% by month 2
• Paid social churn: 31% by month 2
• Affiliate refund rate: 24%

High-risk affiliates trigger additional underwriting scrutiny. PSPs increasingly decline merchants who cannot control traffic-source quality, especially after the FTC linked deceptive advertising to higher subscription dispute volumes.

6. Final Underwriting Decision

Based on the above, the PSP assigns the merchant a medium-high risk score and approves the MID with:

• Rolling reserve: 10% for 180 days
• Settlement delay: T+7
• Volume cap: £250,000/month
• Enhanced monitoring: monthly lifecycle reporting + traffic-source audits

Merchants with cleaner cancellation flows, stable cohorts, and lower affiliate exposure often qualify for lower reserves and faster settlements.

Merchant Takeaway: PSPs evaluate subscription merchants holistically, including business model, lifecycle stability, compliance, technical resilience, and traffic integrity. In 2026, transparent data and clean subscription UX drive better approval terms as much as financial performance does.

Future Forecast (2026-2028): The Next Evolution of Subscription Underwriting

The subscription economy continues to expand, yet regulatory tightening and consumer protection reforms mean PSPs must underwrite recurring-revenue merchants with a forward-looking lens. Between 2026 and 2028, underwriting will shift from static onboarding assessments to continuous, algorithm-driven supervision, integrating customer lifecycle analytics, regulatory compliance signals, and payment-rail evolution. Three major trends will shape the subscription underwriting landscape.

1. AI-Driven Continuous Risk Scoring Becomes Standard

By 2028, PSPs will move away from annual or quarterly merchant reviews and adopt real-time risk orchestration models. These systems continuously ingest data, from trial conversions, churn curves, customer complaints, refund ratios, and traffic-source quality, to produce a dynamic risk score that adjusts daily or weekly.

PSPs will use these scores to:

• Automatically adjust rolling reserves
• Modify settlement timelines
• Impose temporary volume caps
• Request additional compliance evidence
• Trigger enhanced monitoring during abnormal spikes

This mirrors regulatory expectations around transparency and lifecycle governance, as seen in the FTC and PSD3 proposals, which emphasise ongoing clarity, disclosure, and consent trails across the subscription lifespan.

2. Open Banking & VRP Reduce Scheme Dependency

Variable Recurring Payments (VRP) in the UK are expected to scale significantly beyond sweeping by 2027, driven by the Joint Regulatory Oversight Committee (JROC) and the formation of a new central entity to accelerate open banking adoption. VRP promises:

• Lower fraud
• Fewer disputes
• Guaranteed consent revocation
• Lower scheme fees
• Stronger audit trails

For PSPs, VRP-based recurring billing reduces the long-tail exposure associated with card-on-file models, especially in high-churn categories. Merchants with VRP-compatible billing flows may be treated as fundamentally lower-risk.

3. Scheme Liability Rebalancing & Stricter Enforcement

Mastercard and Visa are expected to broaden their negative-option billing enforcement, requiring transparent renewal reminders, strict descriptor compliance, and frictionless cancellation mechanisms. Merchants who fail to satisfy these requirements will face elevated disputes, scheme monitoring, or termination under high-risk MCC classifications.

In parallel, PSD3 and the proposed Payment Services Regulation (PSR) in the EU strengthen consumer rights, giving regulators more authority over cancellation flows, consent evidence, and unfair contract terms. Subscription merchants must therefore anticipate deeper scrutiny from both card schemes and regulators, not only at onboarding but throughout their operating lifecycle.

4. Underwriting Moves “Upstream” Into Platforms

A significant emerging trend is underwriting being embedded directly within subscription platforms (e.g., Chargebee, Recurly, Zuora). These systems already collect lifecycle data essential for risk scoring. PSPs will increasingly integrate with these platforms to access direct data feeds, providing:

• Automated underwriting at merchant registration
• Continuous risk monitoring
• Risk-based routing (selecting optimal acquirers per cohort)

By 2028, subscription platforms may perform pre-underwriting checks before a merchant even submits to a PSP.

Merchant Takeaway: Future underwriting will not be a one-time compliance hurdle; it will be a continuous, data-integrated process. Merchants who invest early in lifecycle analytics, VRP readiness, transparent renewal frameworks, and platform-integrated billing tools will be positioned as low-risk operators and gain priority access to premium acquiring terms.

Conclusion

By 2026, subscription underwriting has evolved into a discipline defined by transparency, lifecycle data, and regulatory alignment. Unlike traditional e-commerce risk models, PSPs must now evaluate the entire subscription journey, from the moment a customer starts a free trial to the final month of their renewal cycle. This shift has been driven by global regulatory action, such as the US FTC’s 2024 Negative Option Rule, which mandates prominent disclosures, affirmative consent, and cancellation flows that are “as simple as sign-up”. Similarly, Mastercard’s strengthened subscription and negative-option billing standards require clear trial terms, pre-billing reminders, and compliant cancellation mechanisms.

For PSPs, these rules redefine how risk is measured. Underwriting is no longer a snapshot at onboarding; it is a continuous evaluation of trial-to-paid conversion stability, first-rebill performance, refund velocity, traffic-source quality, and customer churn. Cohort-based analysis now matters more than historical volume. AI systems enhance this further, allowing acquirers to forecast dispute probability weeks before chargebacks occur, especially in markets with high friendly-fraud exposure, such as the US, where subscription disputes remain disproportionately common.

Regionally, subscription compliance expectations differ sharply. The EU’s PSD3 and Payment Services Regulation introduce stronger authentication, contract clarity, and withdrawal rights. The UK’s FCA enforces strict transparency for Continuous Payment Authorities. India’s RBI, in contrast, imposes rigid e-mandate rules, including mandatory pre-debit notifications and step-up authentication for higher-value transactions. These regional differences mean PSPs favour merchants who adapt their billing flows to local regulatory frameworks rather than relying on a universal subscription model.

For merchants, the message is clear: success in recurring billing is no longer determined by aggressive acquisition strategies or short free trials; it is determined by transparency, lifecycle governance, and technical maturity. PSPs reward merchants who maintain clear renewal notices, frictionless cancellations, stable cohort performance, responsible traffic sources, and real-time reporting. Those who do not will face higher reserves, longer settlements, lower approvals, or outright declines.

---

FAQs