If you run a UK business that bills customers on a recurring basis — subscriptions, utilities, gym memberships, buy-now-pay-later plans, ongoing services — you've probably spent more time than you'd like dealing with failed direct debits, expired cards, and the paperwork around changing a collection amount. Variable Recurring Payments (VRP) are the Open Banking answer to all of that. They're a new type of regulated payment instruction that lets your business pull money from a customer's bank account on an ongoing basis, within limits the customer approves up front, without the customer having to authorise each individual payment.
We've been building UK payment solutions since 2016, and VRPs are one of the more genuinely interesting changes we've seen in that time. They sit somewhere between a direct debit and a card-on-file, with better security than either. In 2026 they're finally moving out of pilot and into mainstream adoption, and any UK business that runs recurring billing should understand what they are and how they'll change things.
What are variable recurring payments?
A variable recurring payment is a standing consent you give to a business, through your bank's Open Banking API, that lets the business pull money from your account on an ongoing basis. You approve the consent once — inside your banking app, with the usual biometric authentication — and you set the parameters: the maximum amount per payment, the maximum amount per period (day, week, month), the start and end dates, and what the payments are for. After that, the business can collect each payment directly from your account without needing to bother you again, as long as it stays inside the limits you set.
The "variable" part is what makes VRPs different from the older Open Banking payment types. A standing order pays a fixed amount on a fixed schedule. A direct debit pays whatever the billing company asks, but the authorisation model is clunky and changes require paperwork. A VRP is in between: the business can vary the amount and the timing, but only within the consent you gave, and you can cancel the consent at any time directly from your banking app. It's closer to how people expect recurring billing to work in 2026 than anything else the UK market currently offers.
Where the term "VRP" came from
VRPs are a UK-specific initiative, driven by the Competition and Markets Authority (CMA) and implemented by the nine largest UK banks (the "CMA9"). The first version, sweeping VRPs, launched in 2022 and was limited to "me-to-me" payments — moving money between accounts you own, for example from your current account to your savings account. The second wave, commercial VRPs, has been rolling out through 2024 and 2026 and is what most businesses actually care about: it allows VRPs to be used for commercial transactions, paying real businesses for real services.
The Financial Conduct Authority (FCA) and the Payment Systems Regulator (PSR) have been pushing adoption hard, because VRPs are seen as a key piece of the UK's Open Banking future. The ambition is that VRPs eventually replace direct debits for most recurring-payment use cases, giving consumers better visibility and control while giving businesses lower costs and higher success rates.
How a VRP works, end to end
Here's the flow, step by step. Your customer signs up for a subscription on your website, or starts a contract over the phone with one of your agents. At the payment step, they pick "pay with bank" or "set up VRP" — the labelling varies by provider. They're redirected into their banking app, where they see the consent details: your business name, the maximum amount per payment, the maximum amount per month, the start and end dates, and what the VRP is for. They review, they approve with Face ID or fingerprint, and they're sent back to your site with a confirmation.
From that point forward, your billing system can trigger a payment against that VRP consent whenever it needs to. You call the Open Banking API, pass the consent ID and the amount you want to collect, and the customer's bank checks that the payment is inside the consent limits. If it is, the bank moves the money via Faster Payments — usually in under 30 seconds, seven days a week, at any time of day. If the payment would exceed the consent, the bank rejects it and notifies both sides.
What the customer sees
Inside their banking app, the customer sees the VRP consent as a dedicated entry, separate from their card-on-file list and their direct debits. They can see every payment pulled against it, exactly when each one was collected, and they can cancel the consent with a single tap. There's no paperwork, no phone call to you, no "please allow 10 working days" — the cancellation is immediate and the customer's bank handles it. For the customer, that visibility and control is the headline benefit.
What the business sees
On the business side, VRPs settle via Faster Payments, which means the money is in your account almost immediately. You don't wait two to five working days as you would with a direct debit. You don't pay the percentage-based fees you'd pay with a card on file. And because the customer has authenticated via their own bank, there's very little fraud risk — which is why VRPs are currently exempt from strong customer authentication re-prompts on subsequent payments.
VRPs vs direct debits vs card-on-file
These are the three options for recurring billing in the UK right now. Here's how they compare on the things that actually matter to a UK business.
| Feature | VRP | Direct Debit | Card on file |
|---|---|---|---|
| Settlement speed | Seconds | 3 working days | 1–3 working days |
| Typical cost per payment | Low, often fixed pence | Low, fixed per direct debit | ~1.5–2.9% of transaction |
| Chargeback risk | Very low | Direct Debit Guarantee — customer can reclaim any payment | High — cards have chargeback rights for up to 120 days |
| Customer controls | In-app, instant cancel | Via bank, 1–2 working days | Poor — usually via merchant |
| Success rate | High — direct from current account | Moderate — fails if account short | Moderate — declines, expiry, fraud blocks |
| Card expiry problem | None | None | Breaks every ~3 years |
| Requires PCI DSS | No | No | Yes — stored cards are in scope |
Our honest take: VRPs win on settlement speed, cost, and chargeback risk. Direct debits still win on maturity — every UK bank has supported them for decades, and every consumer understands them. Card-on-file wins on flexibility because it works internationally and handles one-off variations cleanly, but it's the most expensive option and the one that pulls you into PCI DSS scope.
Who should care about VRPs?
Not every business needs to rush to VRPs in 2026. The case is strongest for:
Subscription businesses. Software-as-a-Service, streaming, membership clubs, newsletters, gyms, online education — anywhere you bill a customer on a recurring basis and currently rely on cards on file or direct debits. VRPs cut your payment costs, remove the card-expiry problem, and give your customers better controls, which paradoxically improves retention because customers are less likely to cancel the consent entirely if they feel in control of it.
Utilities and variable billers. Energy suppliers, water companies, council tax, mobile networks — any business where the monthly bill varies but the customer has agreed in advance to pay whatever is due. VRPs fit this model cleanly because the consent can allow variable amounts within a cap.
Buy-now-pay-later and instalment lenders. Businesses offering instalment plans or BNPL products can use VRPs to collect each instalment directly from the customer's bank account, avoiding the chargeback risk of cards and the delay of direct debits.
Contact centres handling ongoing collections. If your team currently takes a card over the phone and stores it for future billing, a VRP is a cleaner alternative. The customer sets up the consent once on their phone during the call, and you can bill against it without holding any card data. That collapses your PCI DSS obligations and gives the customer better visibility.
Who probably shouldn't bother yet
One-off payment businesses (ecommerce checkout, event tickets, single-service bookings) don't need VRPs because the recurring element doesn't apply. For those use cases, a standard pay by bank flow or a card payment is simpler. International businesses with non-UK customers can't rely solely on VRPs because VRPs are a UK-only scheme — you'd still need cards and other methods for overseas customers.
Costs and commercial terms
Pricing on commercial VRPs is still settling. Unlike sweeping VRPs (which are free because the CMA mandated it), commercial VRPs are priced by individual banks and Open Banking providers. The emerging pattern in 2026 is that VRPs cost less than card payments and more than sweeping VRPs. For most UK businesses that means somewhere in the range of a few pence to around 10p per transaction, often with a small monthly minimum.
Where VRPs really save money is on higher-value recurring transactions. A £200 monthly gym-equivalent membership billed on a card at 1.8% costs you £3.60 per month in fees. The same payment via VRP at a fixed 5p costs you 5p. Over a year of billing 10,000 customers, that's a £426,600 saving against the card route. We see the strongest business case for VRPs in services with average monthly bills above £30.
Getting started with VRPs
If you want to accept variable recurring payments, you need to go through an Open Banking provider that's authorised by the FCA as a PISP (Payment Initiation Service Provider). You don't integrate with each of the CMA9 banks individually — you integrate once with your PISP, and they handle the connections to every supporting bank.
At Paytia we work with several PISPs through our payment gateway integrations, so if you're already using us for DTMF-masked phone payments, adding VRPs is usually a configuration change rather than a new integration project. Book a product tour and we'll walk you through exactly what your flow would look like.
What to check before you commit
Three things worth verifying with any VRP provider before you sign up. First, which banks do they cover? Coverage should include all nine CMA banks (Barclays, HSBC, Lloyds, Nationwide, NatWest, Santander, Bank of Ireland, Danske, AIB) — if it doesn't, you'll be turning away real customers. Second, what's the consent cancellation experience? Some implementations do a better job of showing the customer where their VRP lives and how to cancel it. Third, what's the failover when Faster Payments is down? It doesn't happen often, but when it does your billing system needs to know how to handle it.
The short version
Variable recurring payments are a new UK-specific Open Banking capability that replaces direct debits and card-on-file for many recurring billing use cases. They settle in seconds, cost less than cards, don't carry chargeback risk, and give customers instant in-app controls. Commercial VRPs are rolling out through 2026 and the business case is strongest for subscription services, variable billers, instalment lenders, and contact centres handling ongoing collections. If you're already using Paytia for phone payments, adding VRPs is usually a configuration step rather than a new project.
If you'd like to see how VRPs would fit into your existing billing setup, book a product tour or get in touch. We'll walk through your flow and tell you honestly whether a VRP, a pay by bank flow, a card-on-file, or a direct debit is the right answer for your business.
