OUTLINE
If your business collects recurring payments from Canadian customers — whether that's rent, loan repayments, subscription fees, or membership dues — you are almost certainly dealing with Pre-Authorized Debit, or PAD. And if you have ever tried to set up a compliant PAD program from scratch, you already know it comes with a long list of requirements, paperwork, and potential for costly errors.
The good news: you no longer need a legal team and a developer to get it right. Modern payment technology has made compliant PAD collection accessible to any business, regardless of technical resources. This guide explains what PAD compliance actually requires, where most businesses get it wrong, and how to launch a fully compliant pre-authorized debit workflow without writing a single line of code.
A Pre-Authorized Debit (also known as EFT or Direct Deposit) is a payment arrangement where a Canadian customer authorizes a business to withdraw funds directly from their bank account on an agreed schedule. Common examples include:
PAD payments move through Canada's EFT (Electronic Funds Transfer) network and are governed by Payments Canada Rule H1, which sets out the legal requirements for how businesses must obtain, store, and honour customer authorization before pulling funds.
This is where many businesses stumble. PAD is not just about getting a customer's banking information — it's about obtaining documented, informed consent in a specific format, and being able to prove that consent exists if a transaction is ever disputed.
Payments Canada's Rule H1 requires that a valid PAD agreement include:
The authorization itself: The customer must explicitly agree to allow the business to debit their account. Verbal consent alone is not sufficient for most PAD categories.
Clear payment terms: The agreement must specify the amount (or how the amount will be determined), the frequency of debits, and the first debit date.
Customer rights disclosure: The agreement must inform the customer of their right to cancel the PAD arrangement, their right to receive a refund for any debit not in accordance with the agreement, and how to contact the business if they have questions.
Business identification: The agreement must identify the business (the "Payor") by name clearly enough that the customer recognizes who will be debiting their account.
Bank account information: The routing number, institution number, and account number of the account being debited must be captured accurately.
There are also three categories of PAD under the Payments Canada rules — Personal PAD (for individual consumers), Business PAD (between businesses), and funds transfer PADs — each with slightly different requirements. Most businesses collecting from individual customers are dealing with Personal PADs.
Failing to meet these requirements doesn't just create compliance risk. Under Rule H1, a customer can dispute any PAD transaction and demand a refund from their bank for up to 90 days after the debit if they claim the authorization was not properly obtained. For businesses with high transaction volumes, improperly structured PAD programs can result in significant return rates and financial exposure.
1. Collecting bank details without a formal agreement
Many businesses capture a customer's void cheque or banking information during onboarding and begin debiting their account without ever presenting a formal PAD agreement. This is a common and serious compliance gap. Collecting banking information and obtaining PAD authorization are two separate steps — both are required.
2. Using static paper or PDF forms
Paper PAD agreements create operational headaches: they must be physically or digitally signed, stored securely, version-controlled, and retrievable on demand if a debit is disputed. Many smaller businesses rely on scanned PDF forms emailed back and forth — a workflow that is both slow and difficult to audit.
3. Not storing authorization records correctly
Even when a PAD agreement is obtained, businesses frequently fail to store the right data. A complete PAD record should include the version of the agreement the customer accepted, the timestamp of acceptance, the bank account details associated with the authorization, and who authorized it. Without this, defending against a dispute is nearly impossible.
4. Forgetting location-specific nuances
While Payments Canada rules apply nationally, some provinces have consumer protection regulations that layer additional requirements on top of federal PAD rules — particularly around cancellation rights and notice periods. Businesses operating across multiple provinces need to account for this.
5. Treating PAD as a one-time setup
PAD agreements need to reflect the actual payment terms in effect. If your payment amounts or frequency change significantly, customers may need to authorize a new or amended agreement. Businesses that use a single agreement to cover perpetually changing terms are exposed to disputes.
Traditionally, setting up a compliant PAD program meant engaging a payment processor, working with a lawyer to draft a compliant agreement template, building or buying a form to capture banking information, and setting up a system to store and retrieve authorization records. For businesses that also needed to accept multiple payment methods — credit cards, Interac e-Transfer, debit cards, and bank accounts — this often meant managing separate vendors and workflows.
For SaaS platforms and growing businesses, this approach doesn't scale. Every new customer requires manual handling. Every payment method adds integration complexity. And every dispute requires staff time to locate and produce authorization records.
Modern embedded payment technology now handles the entire PAD workflow automatically — from presenting a compliant agreement to the customer, through capturing and tokenizing their bank account details, to storing the authorization record in a way that satisfies Payments Canada requirements.
VoPay's eLinx® eCollect is built specifically for this use case. Here is how the workflow operates end-to-end without any developer involvement:
Step 1 — The business sends a secure payment link
From the VoPay Portal, a business can configure a collection request in minutes — specifying the amount, frequency, and start date. A branded payment link is generated and sent to the customer via email, SMS, or WhatsApp. No code is required.
Step 2 — The customer connects their bank account
The customer opens the link and is presented with a fully branded, mobile-responsive experience. They select their bank, authenticate online (or enter details manually), and connect their account securely. The entire process takes under a minute for most customers.
Step 3 — The PAD agreement is presented and accepted
Before any debit can occur, the customer is shown a compliant PAD agreement that reflects the actual payment terms — amount, frequency, and business identification. The customer must explicitly accept the agreement before proceeding. VoPay's built-in PAD template meets Payments Canada's Rule H1 requirements by default.
Businesses that have their own legally approved PAD agreement can supply it in PDF format during onboarding, and it will be displayed to customers in place of the default template, maintaining full control over the agreement content while automating its presentation and storage.
Step 4 — Authorization is recorded and stored automatically
When the customer accepts the PAD agreement, VoPay records the version of the agreement accepted, the exact timestamp, and the bank account details associated with the authorization. This record is stored securely and is retrievable on demand — providing a complete audit trail for any future dispute.
Step 5 — Bank account details are tokenized
The customer's banking information is converted into a secure token immediately upon connection. The raw account details are never stored in the business's systems. This token is used for all future debits, eliminating re-entry and reducing the risk of data exposure.
Step 6 — Collections are automated
Once the customer has authorized the PAD and connected their bank account, recurring debits run automatically on the configured schedule. The business receives real-time notifications when payments are completed or if a transaction fails, with full visibility in the VoPay Portal.
One of the limitations of traditional PAD programs is their narrow scope; they only work for bank account debits. But customers increasingly expect payment flexibility. Some may prefer to pay by credit card, debit card, or Interac e-Transfer for a given month.
eLinx® eCollect supports multiple payment rails in a single workflow, including bank account (EFT), credit card, debit card, Interac e-Transfer Request Money, and Google Pay (coming soon). The PAD agreement is presented specifically when a customer selects a bank account as their payment method, so compliance is maintained regardless of which method the customer ultimately chooses.
For customers who need even more flexibility, such as the ability to split a payment across methods, pay a partial amount now, or set up their own installment schedule, eLinx® eFlex extends the same compliant infrastructure into flexible payment territory, without adding operational complexity for the business.
Yes. Businesses that have already worked with legal counsel to develop a compliant PAD agreement template can use their own document within the eLinx® workflow. The agreement is submitted in PDF format during onboarding, stored by VoPay, and displayed to customers in the standard place within the payment experience. The authorization record, timestamp, bank details, and agreement version are still captured and stored automatically.
This means businesses do not have to choose between using their own legal language and benefiting from automated compliance infrastructure. Both are available.
For businesses without technical resources, the path to compliant PAD collection through VoPay’s eLinx® solution looks like this:
Step 1: Complete VoPay onboarding and configure branding (logo, colours) in the Portal. Set up your first eCollect experience — amount, frequency, payment methods accepted.
Step 2: Begin sending payment links to customers. Each customer completes bank connection and PAD authorization in under a minute.
Ongoing: Recurring collections run automatically. Notifications confirm each completed payment. The Portal provides full transaction history and reporting for reconciliation.
There is no integration project. No staging environment. No developer sprints. Businesses that have previously spent months building PAD collection infrastructure internally are often surprised by how quickly this can be operational.
If you are evaluating options for PAD collection in Canada, these are the questions that matter most from a compliance and operational standpoint:
Does the platform generate and present a compliant PAD agreement automatically? Simply collecting bank details is not sufficient under Payments Canada Rule H1. The agreement must be shown, accepted, and recorded.
Is the authorization record stored with a timestamp and agreement version? This is what protects you in a dispute. A stored bank account number alone is not a complete authorization record.
Can customers use my own PAD agreement template? If you have invested in a legally reviewed agreement, you should be able to use it, not be forced to rely solely on a third-party template.
Does the solution support multiple payment rails? PAD only applies to bank account debits. If your customers want to pay by card or Interac, you need a platform that handles the full range without stitching together separate tools.
Can I launch without a development team? If the answer is "it depends on your integration" or involves a multi-week implementation, the platform may not be the right fit for businesses without technical resources on hand.
Use eLinx® Collect PAD Automation with VoPay
Pre-Authorized Debit is one of the most effective and cost-efficient ways to collect recurring payments from Canadian customers — but getting it right requires more than capturing a banking number. It requires a documented, compliant authorization workflow, proper record storage, and the operational infrastructure to manage it at scale.
The era of manual PAD programs, paper forms, emailed PDFs, and custom-built bank connection flows is giving way to embedded payment technology that handles compliance automatically, across multiple payment methods, through a branded experience that customers can complete in under a minute.
For Canadian businesses and SaaS platforms looking to launch or modernize their PAD collection workflows without a development team, eLinx® eCollect provides a compliant, no-code path from customer onboarding to automated recurring collections, with the audit trail built in.
Ready to see how eLinx® eCollect handles PAD compliance for your business?
Book a demo with VoPay or explore the eLinx®product suite.
Related Articles:
