Quick answer. A free trial that quietly turns into a paid subscription is a “subscription trap” listed at item 5 of the Central Consumer Protection Authority (CCPA) Guidelines for Prevention and Regulation of Dark Patterns 2023. To stop the bleed in one evening: open the app store or service that owns the subscription and cancel from the source (Apple, Google Play, the OTT website, the cloud provider). Then kill the payment rail itself in your bank or UPI app by cancelling the e-mandate or UPI Autopay. Ask the merchant for a refund in writing. If they refuse, file on the National Consumer Helpline at 1915 or on e-Daakhil, and ask your card network for a chargeback. RBI rules require a 24 hour pre-debit notification and your explicit Additional Factor of Authentication for the first debit, so undisclosed renewals are a violation you can document and complain about.
It took me three months of staring at “Misc UPI” lines on my statement before I understood what was happening. A cloud storage trial I had clicked through during a phone setup was pulling 75 rupees a month. A music app trial my cousin had started on my UPI ID added another 119. An OTT pack I thought I had cancelled had simply moved to a different plan and kept charging. None of these felt like fraud in the dramatic sense. The money left my account because at some point I had tapped “Continue” on a screen designed to make cancellation harder than enrolment, and the rails kept running on their own.
This guide is the playbook I wish I had that evening. It is built for the regular salaried citizen in India in 2026, the kind of person who pays for one OTT but accidentally owns four, and has no idea which app holds the UPI Autopay handle.
Short on time? Jump to the thirty minute action plan and come back later for the regulator details.
A “subscription trap” in regulator language is a design pattern, not a single shady app. The CCPA Guidelines for Prevention and Regulation of Dark Patterns 2023, notified on 30 November 2023, list it as a recognised dark pattern. The Guidelines define it as a practice that makes cancelling a paid service “impossible or a complex and lengthy process,” hides recurring charges, fails to provide adequate notice before charging, or uses ambiguous language to trick a user into a paid plan.
The same Guidelines also cover related tricks the subscription industry leans on. “Drip pricing” hides the real price till the last step. “Basket sneaking” adds a service the user did not pick. “Forced action” makes a free download conditional on accepting a paid trial. The whole bundle is why an honest cancellation flow is rare and a free trial is almost never as free as the headline suggests.
Two payment rails make the trap possible at scale in India. The first is the RBI Framework for Recurring Online Transactions on cards, first notified in August 2019, then extended through circulars in 2020 and 2021. Under this framework a recurring debit on a debit or credit card needs an e-mandate registered with Additional Factor of Authentication (AFA) on the first debit, and the bank or card issuer must send a pre-debit notification at least 24 hours before each subsequent debit. The cardholder must be allowed to modify or cancel the mandate at any time through the issuer.
The second rail is UPI Autopay, launched by NPCI in 2020. It uses the same UPI app the citizen already trusts and registers a recurring mandate visible in the “Mandates” section of the app. UPI Autopay supports daily, weekly, monthly, quarterly, half yearly, yearly and “as presented” frequencies. NPCI's rules say the mandate must be visible and revocable inside the UPI app at any time. In practice many users never open that screen.
When you combine a one click free trial with a payment rail the user has forgotten about, the renewal is a near silent event. The 24 hour pre-debit SMS arrives, gets buried with OTPs and promotional alerts, and the next morning the bank balance is a little lighter.
Before you can cancel, you have to find every active subscription. Indian users typically have five hiding places.
Apple App Store (iPhone or iPad). Open Settings, tap your name at the top, tap Subscriptions. This shows every paid app on your Apple ID, including ones billed yearly. Apple is the merchant of record for most iPhone in app subscriptions, so cancelling here actually stops the billing.
Google Play (Android). Open the Play Store app, tap the profile circle, choose Payments and subscriptions, then Subscriptions. This lists every recurring purchase tied to your Google account. Cancelling here stops the next renewal but the current paid period continues.
The service's own website or app. OTT platforms, cloud storage, news apps, music streamers and learning apps often let you subscribe directly through their site or in app, with your card or UPI ID rather than through Apple or Google. These never show up in the App Store list. You have to log in to each service and find Account, Membership or Plan.
Your bank's e-mandate page. Every Indian bank now has a recurring mandate management screen, sometimes called “Manage e-mandate” or “Standing instructions on card.” This shows debit and credit card mandates registered under the RBI framework, regardless of which app set them up.
Your UPI app's mandates section. Open PhonePe, Google Pay, Paytm, BHIM, Cred or whichever app holds your default UPI handle. Each app has a “Mandates” or “Autopay” screen that lists every recurring UPI authorisation. Some users have three UPI apps on the same UPI ID, so check all of them.
A subscription you forgot about will be in at least one of these five places. A subscription you can't find probably lives in the one you didn't check.
This is the order I now use whenever a strange debit shows up on a statement, or every six months as a routine sweep.
Minutes 0 to 5. Pull the last 60 days of statements. Open net banking and download statements for every account and every credit card. Also open your default UPI app and pull the transaction history. Look for repeating amounts, especially rupee values that don't match how you normally spend (such as 79, 119, 149, 199, 299, 499, 999). Flag every recurring debit with the merchant name as it appears on the statement.
Minutes 5 to 10. Inventory the five hiding places. Open App Store Subscriptions, Play Subscriptions, the website Account page of each suspect service, your bank e-mandate screen, and the Mandates screen of every UPI app on your phone. Write the list in a notepad, one line per active subscription, with the merchant name, the amount, the next renewal date and the rail (Apple, Google Play, card e-mandate, UPI Autopay).
Minutes 10 to 20. Cancel at the source. For every line you don't want, cancel from the same place that created it. Apple subscriptions in App Store. Google Play subscriptions in Play. Direct site subscriptions on the website. The “you have cancelled successfully” screen is your first piece of evidence, so screenshot it with the date and time visible, and email it to yourself for a server side timestamp.
Minutes 20 to 25. Kill the rail. Even after a source side cancellation, go to the bank e-mandate screen and the UPI Mandates screen and revoke any mandate that should no longer exist. RBI rules and NPCI rules both say revocation must be possible from the issuer or the UPI app, not only from the merchant. This protects you if the merchant tries to “reinstate” the subscription using a stored token.
Minutes 25 to 30. Write the refund request. For any debit that happened after a cancellation, after a trial you never knowingly enrolled in, or without the pre-debit notification, email the merchant's support address and grievance officer. Keep the message under 200 words, attach the cancellation screenshot and the debit screenshot, and ask for a refund within 7 working days, citing the CCPA Dark Patterns Guidelines 2023 item 5 (subscription trap) and the RBI e-mandate pre-debit notification requirement. Save the sent copy.
You have now done in 30 minutes what most users put off for years. The rest of this guide is what to do when the merchant says no.
When you fight for a refund or file a complaint, the case is built on documents, not on outrage. Keep these for every disputed subscription.
If the matter goes to a consumer commission or to the bank's internal ombudsman, this folder is your case file. Build it as you go, do not try to reconstruct it after six months.
There is a clear escalation ladder. Use it in order, not all at once.
Step 1. The merchant's grievance officer. Section 5 of the Consumer Protection (E Commerce) Rules 2020 require every e-commerce entity to appoint a grievance officer, publish the name, contact details and designation on the platform, and acknowledge a complaint within 48 hours and resolve it within one month. For Apple and Google subscriptions, “Report a Problem” on reportaproblem.apple.com and the Play Store refund flow inside the Play app are the official first steps. For OTT and cloud services, the grievance officer's email is usually in the Help Centre or in the footer of the website.
Step 2. National Consumer Helpline 1915. The NCH is run by the Department of Consumer Affairs. Dial 1915 or register on consumerhelpline.gov.in. The portal accepts complaints in English, Hindi and a dozen regional languages, lets you upload up to 5 MB of evidence, and routes the case to a “convergence partner” company where one is signed up. Most large OTT, app and cloud services are convergence partners, which means NCH has a direct escalation channel into their support team. A typical NCH response window is 30 to 60 days.
Step 3. e-Daakhil for consumer commissions. If NCH does not resolve it and the amount is real money, file at edaakhil.nic.in. e-Daakhil is the online filing portal for the District, State and National Consumer Disputes Redressal Commissions under the Consumer Protection Act 2019. District commissions hear claims up to 50 lakh rupees, state up to 2 crore, and the national above that. Court fee for claims under 5 lakh is nil. You can file from home, the hearing is often by video conference, and a deficiency in service complaint for an unauthorised auto-debit, hidden renewal or refusal to refund usually qualifies.
Step 4. RBI integrated ombudsman. For card e-mandate violations (pre-debit notification missing, AFA bypassed, revocation refused), the responsible regulated entity is the card issuing bank, not the merchant. File a written complaint to the bank's nodal officer first, wait 30 days, then escalate on cms.rbi.org.in under the Integrated Ombudsman Scheme 2021. For UPI Autopay disputes the bank that owns your UPI handle is also the regulated entity for ombudsman purposes.
Step 5. Card network chargeback. Parallel to the bank ombudsman, you can ask your card issuer to raise a chargeback on the Visa, Mastercard or RuPay network. The relevant reason codes are “Cancelled Recurring Transaction” and “Services Not Provided / Not as Described.” Chargeback windows are short, typically 120 days from the debit on Visa and Mastercard, 180 days on RuPay, so do not wait. The bank will ask for the same evidence folder you already built.
Step 6. CCPA direct complaint. For systemic violations, especially a service that keeps showing the dark pattern even after individual cancellations, you can write to the Central Consumer Protection Authority at the National Consumer Helpline portal or by post to the address listed at consumeraffairs.nic.in. CCPA has the power under section 18 of the Consumer Protection Act 2019 to issue class wide directions and penalties, including fines up to 10 lakh rupees for a first violation and 50 lakh for repeats.
A normal subscription trap is a consumer dispute, not a crime, and the consumer route above is the right one. The police route opens up only when the facts cross a line.
If a subscription was registered on your card or your UPI ID without you ever creating an account, that is unauthorised use of a payment instrument and falls under section 66C and 66D of the Information Technology Act 2000, and section 318 (cheating) of the Bharatiya Nyaya Sanhita 2023. The right channel is the National Cyber Crime Reporting Portal at cybercrime.gov.in or the 1930 helpline. File within the “golden hour” of 24 hours to maximise the chance of the money being frozen in the receiving account.
If a recurring debit continues after a written cancellation and the merchant refuses to refund despite RBI and CCPA rules, it can also be argued as cheating under BNS 318 because the money is being taken under a representation (the subscription is active) that the merchant knows is false (the user has cancelled). In practice police will usually ask you to pursue the consumer route first, but the FIR option exists and is sometimes the only way to get a large merchant's attention.
If the subscription was set up using a phishing link, a fake KYC video call or a “remote support” app that took over your phone, treat it as a cyber fraud from the start. Call 1930 immediately, file on cybercrime.gov.in, and ask the bank for an account freeze on the destination account.
Use this as the email body for the merchant's grievance officer. Keep it factual, short and dated.
Subject: Refund of unauthorised auto-debit - Subscription [Service Name], dated [DD-MM-2026] To, The Grievance Officer [Service Name / Company Name] [Email address from website] Dear Sir or Madam, 1. I am a paid user of [Service Name] with the registered email [your email] and the registered mobile [last 4 digits]. 2. On [date], an amount of Rs [amount] was debited from my [bank / card / UPI handle] under the merchant string "[exact text from statement]". A copy of the statement entry is attached. 3. I had cancelled this subscription on [date and time], a screenshot of which is also attached. I did not authorise any further debit after this cancellation. 4. The said debit was made: (a) without a valid 24 hour pre-debit notification as required under the RBI Framework for Recurring Online Transactions; and (b) after a clear cancellation, which qualifies as a "subscription trap" dark pattern under item 5 of the CCPA Guidelines for Prevention and Regulation of Dark Patterns 2023. 5. I request a full refund of Rs [amount] to the original payment source within 7 working days from the date of this email. Please also confirm in writing that the recurring mandate has been deleted from your end. 6. If the refund is not credited within 7 working days, I will file a complaint with the National Consumer Helpline (NCH), the District Consumer Disputes Redressal Commission via e-Daakhil, and a chargeback request with my card issuer, citing this email as the date of first written demand. Thank you. Yours sincerely, [Name] [City, State] [Email and phone] Attachments: cancellation screenshot, debit screenshot, statement extract.
If the merchant ignores you for 7 days, send the same letter to NCH 1915 as a new complaint, and to the bank as a chargeback request. The “first written demand” date in point 6 becomes important if it later goes to a consumer commission.
The exact cancellation flow shifts every few months, but the destinations stay the same. This is where to go for the most common categories.
Apple App Store subscriptions (iCloud+, Apple Music, Apple TV+, in app trials of OTT and cloud apps bought through the App Store). On iPhone or iPad, Settings → your name at the top → Subscriptions. On Mac, App Store → your account → View Information → Manage under Subscriptions. Cancellation is immediate for the next billing cycle. Refund requests go through reportaproblem.apple.com within 90 days of the charge, and Apple decides case by case under its own refund policy.
Google Play subscriptions (most Android in app subscriptions, including many OTT and cloud apps when purchased on Android). Play Store app → profile circle → Payments and subscriptions → Subscriptions → tap the item → Cancel subscription. Refunds within 48 hours of purchase are usually automatic. After that, use the Play Help “Request a refund” form and explain that the renewal was unintended.
Google One and Google Workspace storage. one.google.com → Settings → Manage membership → Cancel membership. If billed through Play, cancel there instead. Storage above your free quota stays accessible till the end of the billing period.
iCloud+ storage (separate from Apple Music or TV+). Settings → your name → iCloud → Manage Account Storage → Change Storage Plan → Downgrade Options. Apple will keep your data above 5 GB free quota for 30 days before forcing deletion.
Microsoft OneDrive and Microsoft 365. account.microsoft.com → Services and subscriptions → Manage → Cancel. Microsoft offers a pro-rated refund if you cancel within the first 30 days of an annual plan.
Dropbox. dropbox.com → Settings → Plan → Cancel plan. Annual Dropbox subscribers can usually get a partial refund inside 30 days through support.
OTT platforms. Each platform's own Account page is the source of truth. Netflix: Account → Cancel Membership. Disney+ Hotstar (now JioHotstar): Account → Subscription → Cancel. Amazon Prime Video as part of Prime: amazon.in → Your Account → Memberships and Subscriptions → End membership. Sony LIV: Account → Manage subscription. ZEE5: My Account → My Subscription → Cancel Plan. If the OTT was bought as a bundle with a telecom recharge, cancel inside the telecom app and let the bundle expire naturally.
Telecom bundled OTT. The OTT cannot cancel the bundle, only the telecom can. Jio, Airtel and Vi all surface bundle changes inside their main app under Plans or Subscriptions.
For each of these, after the source side cancellation, also revoke the matching mandate in the bank or UPI app. The two step process is what stops a “we kept billing you anyway” situation.
A relative in Pune, a retired bank manager in his sixties, called me in December last year because his savings account was running 1,400 rupees short every month and he couldn't find the leak. We sat with the last 12 months of statements over chai. There were nine separate auto-debits per month, all small, all between 49 and 299 rupees. Three were OTT apps his grandchildren had installed during summer holidays. Two were cloud storage trials triggered when his new phone setup ran out of free space. One was a children's learning app the kids had tapped through in the school van. Three were genuine, including a newspaper and a music app he uses every day.
We spent one Saturday afternoon doing exactly what this guide describes. Eight subscriptions cancelled, one kept. We wrote refund requests for the two trials that had auto-converted without his consent. One was refunded inside three days, one refused and we filed it on NCH where it was settled in six weeks. Net saving: 1,150 rupees a month. He keeps a printed list of his active subscriptions in the cupboard now, updated every January.
It is legal only if the conversion is disclosed clearly before the trial starts, the price and renewal frequency are visible in the sign up flow, the user is reminded before the first paid debit, and cancellation is as easy as enrolment. If any of these are missing, the practice falls under the CCPA Guidelines for Prevention and Regulation of Dark Patterns 2023 as a “subscription trap” and as misleading conduct under the Consumer Protection Act 2019.
No. Both the RBI Framework for Recurring Online Transactions and the NPCI UPI Autopay rules require that the user be able to modify or revoke a mandate at any time through the bank, the card issuer or the UPI app. If a bank refuses, escalate to the bank's nodal officer in writing, then to the RBI Integrated Ombudsman at cms.rbi.org.in after 30 days.
Yes. Under the RBI framework the pre-debit notification at least 24 hours before each recurring debit is mandatory for card e-mandates. Missing notification is a regulatory violation. Raise it first with the card issuing bank in writing, then with the RBI ombudsman after 30 days. The same notification expectation applies to UPI Autopay in practice, since NPCI requires user visibility of each scheduled debit.
Apple and Google both run refund flows under their own global policies, which are not bound by Indian consumer law alone. If they refuse, file on the National Consumer Helpline at 1915 (both companies are convergence partners) and, if needed, on e-Daakhil under the Consumer Protection Act 2019. You can also raise a chargeback with your card issuer.
Open all five hiding places: App Store Subscriptions, Play Store Subscriptions, the website Account page of any service you might have used, your bank's e-mandate screen and the Mandates section of every UPI app on your phone. Then download a 12 month statement and search for any recurring rupee value that matches none of your known bills. The merchant string on the statement usually reveals the service.
Yes, if the past debit was made without valid consent, without a pre-debit notification or after a clear cancellation. The merchant is supposed to refund unauthorised charges. If they refuse, NCH and the consumer commission can order a refund plus compensation for deficiency in service under the Consumer Protection Act 2019. Card chargeback windows are 120 days on Visa and Mastercard and 180 days on RuPay from the disputed debit.
Treat the account holder as the responsible party for billing, but you can still ask for a refund under the merchant's own goodwill policy, and you should immediately turn on parental controls and Ask to Buy on Apple, or Family Library and approval flow on Google Play. For repeated child in app purchases, refund probability is higher when you can show parental controls were not configured at the time of purchase.
Usually no, not immediately. Cloud storage providers typically keep your data for 30 days after a downgrade or cancellation before forcing deletion above the free quota. OTT services keep your watch history and profile for a defined retention period in case you re-subscribe. Always download the data you want to keep before the retention window closes.
If you transacted from India using an Indian card or UPI, Indian consumer law applies to your relationship with the merchant. RBI rules on cross border recurring charges have tightened since 2021, including the same e-mandate and AFA requirements for international card transactions. You can still file with NCH and the consumer commission, and your card issuer can still raise a chargeback under the network rules.
Blocking the card stops the immediate next debit, but it does not cancel the subscription with the merchant. Many merchants will retry the debit, accumulate “dues” and send your account to collections. Always cancel at the source first, kill the mandate second, and replace or block the card only if the merchant is still attempting unauthorised debits after that.