How to Build Confidence for a Successful SDD Appropriation
Among the three new pan-European payment instruments ushered in by the single euro payments area (SEPA), the SEPA Direct Debit (SDD) is the most challenging one. Designed anew by the main European banks within the European Payments Council (EPC), it will be offered as of 1 November 2009. It will progressively replace existing nationwide direct debits in the course of the following years. The EPC’s Core SDD Scheme Rulebook describes its features and rules:
Nine months ahead of market introduction, corporates should – if not done so yet – analyse SDD impact on their organisation and explore its added value for intern payment handling – particularly on the debtor’s side. More specifically, what are the possible shortcomings of its implementation?
It has already been widely advertised that creditors will face a heavy adaptation effort, only to be followed by a heavier daily management burden. The purpose of this article is to present a few practical examples from Germany. Local practices already allow German payers to easily dispute direct debits. Their behaviour, that of creditors and banks alike, therefore, gives an insight into how high SDD-related workload will be. It allows anticipating workarounds to face potential security issues as well.
Compared to current Italian, Portuguese and French direct debits, SDD completely shifts mandate management onto creditors, while increasing disputes for debtors. These indeed will be able to repudiate settled SDD collections within eight weeks towards their bank ‘on a ‘no-questions-asked’ basis’.3
According to a series of interviews with corporate treasurers in mid-2008, corporates in Europe are preoccupied with the workload required to adapt their processes to SDD and to manage the collections.4 They lack vision on dispute timelines and thus on the time limit when SDD-received funds may eventually be considered as certain. They are also worried about a possible surge in fraud on a payment instrument whose design still bears security breaches and lacks control and supervision by competent authorities.
To take the French example, a licence to issue direct debits is granted by the central bank to creditors in the form of unique national issuer identifier (NNE). Although no thorough security procedure is involved, this requirement makes it a de facto filter. Not everyone may issue French direct debits.
There is no such preoccupation in the Core SDD Rulebook. A creditor identifier will be attributed by the relevant national authority (central bank or competition authority), without an inquiry or a reliability check, however. The German central Bundesbank will deliver them on a quasi-automated basis
SDD has an optional feature of electronic mandate validation, to avoid malevolent mandate disputes. However, use of this additional optional service (AOS) of the SDD scheme is dependent on the debtor’s banks willingness to offer this service. If so, they will request their customers through their online banking website to acknowledge and confirm they have signed the e-mandate received through the creditor’s bank. If the service is not offered, the bank will debit the debtor without notification.
If the mandate is on paper, however, no validation procedure is foreseen. Each debtor bank will have the responsibility to propose a proprietary ad hoc service. In short, if creditors issue e-mandates, they will be none the wiser with regards to potential 13-month disputes.
Moreover, the SDD Rulebook does not require banks to verify the existence of a mandate, nor the correctness or consistence of mandate data which is sent with the collection messages. On top of that, an e-mandate unused for more than three years will be deemed invalid, but only creditors are in charge of enforcing that rule.
It appears that issuing a direct debit collection on existing accounts in the SEPA zone will be quite simple. All a creditor needs is to send authentic account references and debtors’ postal addresses to its bank and to comply with SEPA formats. Debtor banks will presume the existence of a mandate and debit their customers, only to re-credit them if disputes arise. If so, they will send ‘Return’ messages to the creditor bank to get funds back.
It is expected that fraud could affect cross-border SDD in the same way as card payments for remote sales (card not-present transactions), with a cross-border extent. In the current state, a fraudulent company may open an account in countries with lesser oversight standards. It can get real BIC and IBAN references, in the same way as payment card details may be obtained today by criminals (through intrusion or compromising tricks). This company will then be able to issue cross-border SDDs before transferring received funds elsewhere and closing the business. Inattention from debtors could allow criminals to siphon cash out before the creditor bank faces incoming disputes.
Today, this scenario is a purely theoretical one, but these threats have not been disclosed yet either by banks or the EPC itself. There is no doubt financial institutions will set up safety mechanisms, but would-be SDD creditors have already voiced their concern.5
The SDD Rulebook offers the debtor the option to oppose any incoming SDD. The debtor bank will then reject automatically any SDD collection from designated account(s). It is, however, an all-or-nothing option.
At the end of October 2008, banks questioned on this issue acknowledged these security loopholes. They answered that none of them would miss proposing solutions in the form of individual commercial offers (a bank-specific AOS).
Close to the Core SDD Scheme, the current German direct debit (Lastschrift6) allows an insight into the operation of SDD. We will now draw on the expertise of payment professionals in Germany – a country where 40% of non-cash payments occur through direct debit (compared to the European average of 29%7).
In Germany, the direct debit mandate is not communicated to banks. Creditors do not undergo any registration process before being allowed to issue direct debit orders. They only need to sign a framework agreement with their bank.
As soon as they receive a direct debit authorisation signed from a debtor, creditors may start debiting them with Lastschrift. Banks deliver a direct debit issuing software to smaller creditors (for example sport clubs and associations).
Debtors are usually notified by creditors, but there is no obligation. Lastschrift may be disputed by consumers before reaching them as well as during six weeks after debit date without any justification.
| German Lastschrift | SDD |
|---|---|
| One single mandate, received and managed by the creditor | One single mandate, received and managed by the creditor |
| Optional notification of the mandate by debtor to her/his bank | Dematerialised mandate data by creditor, who sends them at each collection |
| Optional notification of collection to debtor by creditor, however done one to two week(s) prior to debit date | Collection notified to debtor until D-14, sent to creditor bank until D-2 (D-5 for a first collection) |
| Amount credited at interbank settlement date + value days | Amount credited at execution date (D) |
| Claims receivable during six weeks without justification | Claims receivable during eight weeks without justification |
| Claims for invalid mandate with no time limit | Claims for invalid mandate within 13 months |
| No creditor registration | Creditor identifier (no check procedure) |
To minimise disputes, most German banks notify their customers through their web-banking (e-channels) of incoming Lastschrifts. Banking websites list all received direct debit collections with their due dates. Each line includes a ‘Reject’ button to help customers refusing a direct debit before interbank clearing and settlement. An easy instrument to set up, Lastschrift makes fraud relatively easy. However, it goes with a high degree of debtor protection.
Between 1% and 3% of monthly Lastschrifts are rejected. Nine out of 10 rejects originate from the bank, while the remaining 10% are initiated by the debtor. This means that for a 2% average rejection rate per month:
These figures are somewhat higher for yearly Lastschrifts (because of debtors’ negligence). At the end of the day, effective fraud remains low, with the drawback of relatively high litigation and recovery procedures, as is shown now.
German creditors face a consequent workload to re-issue rejected collections. They contact defaulting debtors to reach an agreement on the re-presentment date. The aim is to avoid paying chargeback fees twice, since they may amount up to €5-10 each.
Based on German practices, here are a few ideas of possible AOS offers to increase public confidence in SDD:
Systematic notification of incoming SDD collections: debtor banks could commit to inform their customers of SDD collections in real time: online banking websites would be updated upon reception by the bank’s system. This could include the German feature of online ‘Reject’ option.
SDD filtration: banks could refine the all-or-nothing SDD blocking option; they could offer to restrict admitted creditors to certain activity types (e.g. energy, water, insurances and taxes).
Verification of mandate existence. Creditor banks could manage mandates on behalf of creditors to verify mandates validity before transmitting collections to debtor banks.
In all cases, users will have to be educated in new payment ways. Corporate teams will have to be trained, and even individuals will have to follow their SDD list, as we all (should) do for payment card transactions.
Today, to allow for a quick SDD take off, corporates should investigate and press upon banks to communicate their added value offers next to the Core SDD service.
Banks themselves will benefit from developing solutions to yet unanswered problems. With debtors confidence key in the early deployment phase, it will allow SDD to quickly reach a critical mass, then stop national instruments and thus avoid the costly running of two equivalent schemes.8
Alongside migration, the EU Payment Services Directive (PSD) provides the necessary legal base for SEPA payments in all EU countries, be they domestic or cross-border. It also creates a new status of payment provider alongside banks: the payment institution (PI). PSD has to be transposed in the 27 national laws before 1 November 2009.
Waiting for these 27 national adoptions entails the risk of delaying the SDD launch. In 4 September 2008, the European Commission and the European Central Bank called on the EPC banks to actually offer it as of the beginning of November 2009. Preparations and marketing should start without waiting for end of national transpositions. Unless some national communities still suspend SEPA involvement because of the SDD interchange issue the end of this year will see the first SDDs exchanged.
1 Today direct debits only take place within each country, according to the relevant local rules and standards.
2 27 EU Member States + Switzerland, Norway, Iceland and Liechtenstein.
3 As worded in the CoreSDD Scheme Rulebooklast version N° 3.1 of 24 June 2008.
4 ‘Does SEPA Address the Needs of Treasurers? The French Example’, ADN’co, Paris, September 2008: survey conducted in Spring-Summer 2008 with 23 large France-based corporate, and Experian Payments (UK) survey with European corporate treasurers, 5 August 2008.
5 cf. 2 above quoted inquiries.
6 Two types of direct debit co-exist in Germany. The one described in this paper is the most used one, i.e. Einzugsermächtigung (debit authorisation).
7 Source: ECB figure for euro area in 2006.
8 End November 2008, the ECB has announced consultations to define a decommissioning deadline for legacy credit transfers and direct debits.