Bank on File is the open banking alternative to Direct Debit and card on file.
For PSPs, it means offering merchants a saved bank payment method that behaves like card on file at checkout and handles the recurring collections that would otherwise sit on Direct Debit, running on bank rails with mandate-based permissions. This gives PSPs the potential for lower variable transaction costs in supported markets, faster settlement for improved cash flow, clearer consumer-approved collection rules, and lower risk of subscription churn.
This guide breaks down how Bank on File works, where it fits in a modern PSP stack, and why it's becoming a practical lever for providers building scalable repeat-payment products that prioritise cost, control, and settlement speed.
Exploring Bank on File for your payment gateway or online checkout? Book a call with Yapily to talk through readiness, coverage, and what it takes to launch an alternative recurring payment method for your merchants.
What is Bank on File, and how does it work?
Bank on File, also known as commercial VRP (cVRP) or recurring Pay by Bank, is the open banking standard that allows a consumer to approve repeated payments from their bank account to a merchant or third party under a pre-defined mandate. The consumer approves a long-lived authorisation with clear rules such as maximum amount, frequency, and expiry, after which payments can be initiated within those limits without re-authenticating each time.
For a PSP, this becomes a reusable payment method. The PSP maintains an authorised Bank on File record that links the consumer, the merchant, the verified bank account reference, and the live mandate, including its limits and status, so a payment can be taken again within the agreed rules without needing authentication each time.
For the consumer, this behaves like a card on file at checkout, and for the merchant, it works as a recurring collection method that’s an upgrade on Direct Debit, with both running on account-to-account rails and permissions enforced at the bank rather than held by the merchant.
What Bank on File looks like in practice
A consumer selects Bank on File at checkout or during account setup.
They authenticate with their bank and approve a cVRP mandate, defining how future payments can be made.
The authentication and mandate details are stored as a secure Bank on File record.
When a future payment is due, the merchant sends a request to the PSP, which initiates the payment using their open banking provider within the agreed limits and it typically settles in near real time without requiring the consumer to repeat the full authentication flow.
Three use cases for Bank on File
1. Recurring and variable billing
Bank on File is particularly effective where the payable amount is variable, the timing can shift, or charges are triggered by usage.
For example:
SaaS and digital subscriptions with tiered pricing, add-ons, prorations, pauses, or upgrades
Utilities, broadband, and telecoms where bills vary with consumption or contract changes
Metered platforms (cloud, API, usage-based tools) where payments trigger when thresholds are reached
Account top-ups and scheduled funding, such as adding funds to a wallet when balances drop below a set level.
For your merchants, this can be a stronger recurring option than traditional Direct Debit. Rather than relying on a fixed instruction and slower change and cancellation cycles, cVRP mandates support consumer-defined parameters from day one, including clearer controls over limits and frequency.
That gives your merchants more room to handle real-world billing changes, while giving end users a simpler way to manage, adjust, or cancel what they have authorised.
Read more about how VRP compares to Direct Debit: Variable Recurring Payments vs Direct Debit: The next wave in payment innovation
2. E-commerce and repeat purchases
For your merchants, Bank on File can be used in checkout journeys in a similar way to card on file.
Good-fit examples for Bank on File include:
Marketplaces where consumers buy repeatedly, including repeat purchases across different sellers under the same platform relationship
Digital goods and stored value, such as gaming credits, in-app purchases, wallets, or account top-ups
High-frequency retail where reordering is common (groceries, health and beauty, pet supplies, household essentials)
3. Regulated and high-trust sectors
Bank on File is a strong fit for regulated, public-interest, and essential payment relationships where consumers want clear mandate controls, and merchants need defined rules around what can be collected and when.
Typical examples include:
Financial services such as mortgage and loan repayments, bill payments, savings deposits, investment top-ups, and regulated account funding
Government and public sector payments like council tax, licence fees, fines, and other official payments
Registered charities running recurring donations with clear, consumer-controlled permissions
Essential services such as broadband and mobile plans, where predictable permissions and visibility matter alongside settlement speed
Bank on File is being rolled out in “waves” with wave one including regulated financial services, charities, utilities, and government payments. Find out more in our blog post: Ahead of the wave.
Why should PSPs use Bank on File over card on file and Direct Debit?
For PSPs weighing up Bank on File, it helps to understand how it differs from the two models it tends to sit alongside: card on file for saved checkout payments, and Direct Debit for recurring collections.
Here's how they compare in key areas:
VRP vs. Direct Debit vs. Card-on-file
Feature | Bank on File | Direct Debit | Card on File |
|---|---|---|---|
Setup authentication |
|
|
|
User-defined limits |
|
|
|
Instant cancellation |
|
|
|
Settlement speed |
|
|
|
Fraud protection |
|
|
|
Failure rate |
|
|
|
Chargeback risk |
|
|
|
*Settlement timelines for Direct Debit based on the Bacs three-day payment cycle as documented by Stripe. Card settlement timelines from Stripe. Direct Debit failure rates from the ONS / Pay.UK / Vocalink monthly data series. Card fraud and chargeback exposure based on UK Finance (Annual Fraud Report 2025) and the FICO European Fraud Map 2024. VRP authentication model per the Open Banking VRP API specification. Reflects UK market conditions as of 2025.
One difference matters in particular for long-term subscriptions. Card on file depends on stored card details, and those cards expire, get reissued, or are flagged over time, which quietly ends subscriptions that consumers never chose to cancel. Industry analysis from Paddle attributes 20 to 40% of subscription churn to these involuntary payment failures rather than active cancellations, with expired and out-of-date cards among the largest causes. Because Bank on File stores no card details and the mandate sits at the bank rather than on a card that expires, a long-running subscription keeps collecting without the expiry-driven failures and dunning cycles that erode card-on-file retention. For merchants, this translates to increased consumer lifetime value, reduced churn, and reduced operational overhead for consumer support.
Similarly, Bank on File offers an alternative to Direct Debit, which remains the default for recurring collections in many markets. A Direct Debit runs from a fixed instruction, settles on a multi-day cycle (usually 3 business days), and gives consumers little visibility or control once it is set up. With Bank on File, the consumer approves the limits and frequency upfront and can view or cancel the mandate directly in their banking app, which makes it a more transparent and trusted way to pay for an ongoing subscription. For PSPs serving subscriptions, usage-based billing, and other variable collections, that consumer control comes with near-real-time mandate controls, meaning they can cancel, amend, or set up a new Bank on File mandate in real-time. It offers a better experience that drives trust and lowers the bar to payment set-up, offering a practical case for Bank on File in place of Direct Debit.
Yapily and Bank on File: building the next phase of open banking payments
Yapily has been working with PSPs on open banking payment journeys since 2017. For teams building Pay by Bank for PSPs and platforms, that foundation now extends to Bank on File.
Bank on File is just one part of what Yapily offers, but underneath the surface, you also get the coverage, reliability, and delivery support to bring open banking payments and data services to your product.
A single integration for payments and data across personal and business accounts
Yapily is a regulated AISP and PISP, which means PSPs, platforms, and financial institutions can access both account data and payment initiation through a single integration.
On the payments side, teams can support a range of bank-based payment models, including:
Pay by Bank for one-off, user-initiated transactions
Scheduled payments using Bank on File for future collections and one-click checkout
Bulk payments for high-volume payments and operational payouts
On the data side, Yapily provides access to account and transaction information across personal and business accounts, with the option to enrich that data using Data Plus. This allows you to work with categorised, standardised, and more usable financial data to support reconciliation, risk checks, reporting, and operational workflows around payment activity.
Yapily prioritises business account connectivity, enabling open banking products for SMEs, platforms, and enterprise merchants, not just consumer use cases.
White-label infrastructure with hosted and direct integration options
Yapily is designed to let PSPs and platforms put their own brand and user experience first.
Hosted Pages provide a fast way to launch bank payments and consent flows without building and maintaining complex front-end journeys. They're designed to get teams into production quickly, while still meeting regulatory and security requirements, and they're highly customisable so you can keep your brand front and centre by tailoring key elements of the payment flow such as colours, fonts, and on-page copy.
For organisations that prefer to own the full user journey, Yapily also supports direct API integrations, allowing payment and consent flows to be embedded directly into your own platform and tailored to your merchants and consumers.
Coverage across 19 countries with over 2,000 bank connections
Yapily connects PSPs, platforms, and financial institutions to a broad network of banks and financial institutions through a single API, covering 19 countries and more than 2,000 connections across Europe.
While Bank on File and cVRP are being pioneered in the UK first, Yapily already supports a wide range of open banking payment and data use cases across European markets. This allows teams to build once and expand their open banking capabilities across regions without re-architecting their open banking stack market by market.
Yapily is trusted by companies including Google, Adyen, and Pleo to power their open banking solutions.
The performance data across live VRP deployments reflects the reliability of that infrastructure. Across sweeping VRP use cases with clients including Emma, Pleo, and Doovay, Yapily delivers a 97% payment success rate. For account top-up use cases specifically, mandate set-up completion rates reach up to 90%: Emma recorded 90.39% in December 2025, with an average of 85% across comparable deployments.
Yapily: Building the infrastructure layer for Bank on File
Bank on File is quickly becoming a practical alternative to traditional card on file and Direct Debit recurring payment models.
Yapily's role is to provide the regulated infrastructure, bank connectivity, and platform controls that allow PSPs, platforms, and regulated fintechs to design, test, and scale Bank on File experiences across merchants and markets.
If you are exploring Bank on File as part of a broader move toward account-to-account recurring payments, our team can help you build production-ready flows.
Book a call to find out more about Bank on File
FAQ: Bank on File
1. Are Bank on File and commercial VRP the same thing?
Yes. They describe the same capability under different names. Commercial VRP (cVRP) is the technical and regulatory term for the mandate framework that lets consumers approve long-lived bank payment authorisations under defined rules, such as limits, frequency, and expiry. Bank on File is the commercial name PSPs and merchants use for the saved payment method this enables, and the same thing is also referred to as recurring open banking payments or Recurring Pay by Bank.
2. Do consumers still need to authenticate with their bank for every payment?
No. Consumers only authenticate during the initial mandate setup. After that, future payments can be initiated within the limits of the approved mandate without requiring the consumer to go through full bank authentication again. Consumers can still view or cancel their mandate directly in their banking app.
3. Is Bank on File a replacement for card on file?
Not in every scenario. Card on file remains widely supported for global, cross-border, and multi-currency use cases. Bank on File is best suited to subscriptions, usage-based billing, and trusted repeat purchases, where lower costs, instant settlement, and bank-level controls offer clear advantages.
4. How do consumers manage or cancel a Bank on File mandate?
Where supported by their bank, consumers may manage or cancel mandates through their banking app. They can view the authorised limits and, where their bank supports it, amend or cancel the mandate without contacting the PSP or merchant. Because the mandate is held at the bank rather than stored as card credentials, the consumer retains direct visibility and control throughout.
5. Are commercial VRP payments and Bank on File available outside the UK?
Commercial VRP, which underpins Bank on File, is being developed and rolled out in the UK. Open banking payment rails exist across European markets, and Yapily supports account-to-account payment and data use cases across 19 countries. The mandate-based Bank on File model specifically depends on cVRP infrastructure, which is not in development yet outside the UK. Businesses planning multi-market rollouts should plan around UK availability now, with European expansion subject to market-by-market regulatory and bank readiness.