Card on File Payments for UK Businesses: A Complete Guide

If your business takes repeat payments from the same customers, there is a good chance you have dealt with the friction that comes with it. Chasing card details every time a retainer needs topping up. Asking a patient to pay again at the end of each session. Following up with a client who has not settled their latest invoice. These are time-consuming processes that do not need to be.

Card on file payments offer a cleaner alternative. The customer gives their consent once, their card is stored securely, and future payments go through without anyone having to do it all over again. This guide covers how card on file payments work in the UK, who they are best suited for, and what to look for in a provider

What is the Card on file feature?

Card on file is a feature where a customer’s card details are stored securely by a payment provider, with the customer’s explicit consent. So a business can charge them again in the future without re-entering details each time.

The FCA refers to these as “recurring card payments” or “continuous payment authorities.” Stripe and GoCardless use the term “stored credentials,” while TrueLayer calls their bank-based version “Bank on File.” Whatever the label, the principle is the same: the customer authorises the arrangement once, and future charges can be made against that stored card when needed.

This is different from a Direct Debit, which requires a mandate and runs on the three-day BACS cycle. Card on file is more flexible. The amount can vary, the timing does not need to follow a fixed schedule, and charges can be made instantly when required.

How will it help UK businesses?

Many businesses that would benefit from Card on file are still collecting remote payments the old-fashioned way: taking card details over the phone, writing them down, and entering them manually. MOTO (Mail Order/Telephone Order) payments carry more risk than most businesses realise.

Card details written on notepads or stored in spreadsheets are a compliance problem. MOTO transactions are card-not-present payments with no chip-and-PIN verification, making them more vulnerable to fraud and chargebacks. And because MOTO transactions are exempt from Strong Customer Authentication under PSD2, disputed transactions typically fall on the merchant to resolve.

According to the ICO’s guidance on handling personal data, businesses must process financial data lawfully, securely, and proportionately. Manually handling card details rarely meets that standard. Card on file, by contrast, keeps data within the payment platform and requires explicit customer consent from the start.

Who benefits most from Card on file payments in the UK

Card on file works well for any business with repeat or recurring payment needs. In practice that includes:

• Law firms and solicitors managing retainer billing, where regular top-ups are needed as a matter progresses
  
  
• Private clinics and healthcare practices running treatment packages, recurring appointments, or subscription-based care
  
  
• Accountants and consultants billing clients on a monthly retainer
  
  
• Membership and subscription businesses that need to charge on a recurring cycle without a new authorisation each time

How Atoa’s Card on file feature works

Atoa’s card on file feature is available to businesses that have card payments enabled on their Atoa account. Once active, here is how it works:

• The customer saves their card securely through Atoa, verified with a one-time passcode
  
  
• The business can charge the stored card for future payments instantly, without re-entering any details
  
  
• No card data is handled manually, everything is stored and processed within Atoa’s secure, FCA-authorised platform
  
  
• The customer consents explicitly to the arrangement upfront, satisfying both compliance and customer trust requirements
  
  
• Future charges can be for any amount and at any time, giving businesses the flexibility that Direct Debit does not

Want to see how Atoa’s card on file feature works for your business? Book a free demo with the UK-based team.

FAQs

Is Card on file the same as a Direct Debit?

No. Direct Debit requires a mandate and uses the BACS network, which takes three working days to settle. Card on file stores a customer’s card for future use and allows charges to be made instantly, for variable amounts, without a fixed schedule. It is more flexible and better suited to businesses where payment amounts or timing vary.

Can a customer cancel a Card on file arrangement?

Yes. The customer can withdraw consent at any time. Under FCA guidelines on recurring card payments, customers can also instruct their card issuer to stop future charges, even without contacting the business directly first.

What is the difference between Card on file and stored credentials?

They refer to the same thing. Different providers use different terminology. Stripe and GoCardless use stored credentials. The FCA calls it a continuous payment authority. Atoa calls it Card on file. The underlying mechanism is the same across all of them. It’s a customer-authorised arrangement allowing future charges without re-entering card details.

Does Card on file work for one-off payments or only recurring ones?

Both. Once a card is on file, it can be used for a scheduled recurring charge or a one-off payment when needed. It is particularly useful for businesses that need to charge irregularly. This includes topping up a legal retainer or billing for a session that ran over. All this without contacting the customer each time.

Do I need card payments enabled on Atoa to use Card on file?

Yes. Atoa’s card on file feature is available to businesses that have card payments enabled on their account. If you are unsure whether your account includes this, then the Atoa team can check and enable it as part of your setup.