One of my side projects is a membership/subscription model Primary Care medical practice, and uses a third-party payment processor and we were recently audited by one of the large payment card issuers.
There was a finding that the third-party processor - which we specifically choose because many of their clients were major gyms with similar monthly membership models - was improperly processing our members payments. If I recall correctly, there is one standard for one time payments and a different standard to be used for recurring payments. A subscription model like ours allows our subscribers to use either, but the third-party processor used the one-time payment standard to process both one-time payments and monthly recurring payments. Even though recurring payments was a major selling point of the processor, when it came down to it, they were not even aware of the distinction and aware of the separate standard. We were actually quiet fortunate in that we had original signature agreements for each and every instance of a member who agreed to the recurring automated payment, but as I recall without those agreements there may have been some kind of repercussion.
Anyway it is a cautionary tale that just because you use a third-party, even a reputable one that serves national franchises, does not necessarily mean they know what they are doing.
There was a finding that the third-party processor - which we specifically choose because many of their clients were major gyms with similar monthly membership models - was improperly processing our members payments. If I recall correctly, there is one standard for one time payments and a different standard to be used for recurring payments. A subscription model like ours allows our subscribers to use either, but the third-party processor used the one-time payment standard to process both one-time payments and monthly recurring payments. Even though recurring payments was a major selling point of the processor, when it came down to it, they were not even aware of the distinction and aware of the separate standard. We were actually quiet fortunate in that we had original signature agreements for each and every instance of a member who agreed to the recurring automated payment, but as I recall without those agreements there may have been some kind of repercussion.
Anyway it is a cautionary tale that just because you use a third-party, even a reputable one that serves national franchises, does not necessarily mean they know what they are doing.