How Businesses Can Combat SEPA Direct Debit Fraud

In 2024, the average French citizen experienced data theft on at least 1.84 occasions. In the latest cyber-attack on a French internet service provider, over 19 million customers were affected and more than 5 million IBANs were exposed. As the Darknet has become a major marketplace for compromised data, there is a clear risk of data being sold. However, the biggest impact could still lie ahead for businesses that offer SEPA Direct Debit payments (SDD) if they fail to manage them properly and ensure that all customer information is correct.

In the event of a failed direct debit collection, businesses may face complications such as fees and the need to contact customers promptly to resolve payment issues. Customers can make a claim in case of unauthorized transactions, and it is crucial for businesses to provide the correct account number to prevent fraud. Insufficient funds in a customer's account can lead to payment rejections, and complications can arise when customers cancel SEPA Direct Debit transactions. Businesses should seek further information from their credit institution regarding rejected SEPA Direct Debits to understand the specific reason codes and implications.

Direct Debit: A smart and strategic payment option

SEPA Direct Debit (SDD) provides consumers with an efficient payment method, particularly for recurring transactions such as subscriptions.A SEPA direct debit payment is not instantaneous and can involve delays, particularly regarding cancellations and returns. Covering 36 countries and territories, SDD facilitated  over 21 billion transactions in 2023, amounting to a staggering €10 trillion in value. This system ensures timely payments, facilitates reconciliation, and optimises cash flow for businesses. For companies aiming to expand across Europe, SDD remains a cornerstone of their payment strategies.

The other side of the coin

Direct debit fraud occurs when incorrect or stolen IBANs are maliciously used during the SEPA Mandate creation, highlighting the need to prevent fraud in these transactions. This can lead to unauthorized payments and significant financial losses for merchants, as they are required to refund defrauded customers up to 13 months after the payments. Merchants must implement diligent fraud prevention measures to protect their interests and those of their customers. Although customers get their money back, it leaves them with a bitter taste in their mouths, knowing they were scammed and that it might happen again. As a precaution, they are advised to regularly check their account for suspicious transactions. Worse still for the business is that not only does it suffer financial losses, but also a loss of reputation, compounded by the uncertainty of future sales. Ensuring transactions are authorized is crucial for security. Having to wait 13 months to get your money refunded is a very long time. Alarmingly, over 60% of fraudulent direct debits result from IBAN misuse, according to Banque de France. The concept of chargeback is also critical, as it relates to handling disputes and the implications for merchants when customers initiate chargeback claims. Customers have rights to refunds for both authorized and unauthorized transactions, and banks have responsibilities in processing these refunds. The payer's rights to refunds and the responsibilities of banks are essential in the SEPA Direct Debit scheme. Verifying account ownership and the accuracy of the account number is vital to prevent fraud. Verification of banking information is a key measure to mitigate risks associated with unauthorized transactions and scams.

Don´t worry, there´s a remedy

The risks emphasize the critical need for robust security practices. Consequently, Worldline has implemented new security solutions using Open Banking technology to confirm IBAN ownership during the SEPA Mandate creation process, thereby guaranteeing secure transactions. Verification of banking information is crucial to ensure the accuracy and legitimacy of transactions. Having access to various payment methods enhances customer experiences and facilitates market expansion. Companies play a critical role in preventing IBAN fraud by verifying bank account information and implementing safeguards. For example, the new solution enhances security by providing real-time validation of IBANs, reducing the risk of fraud. The international bank account number is essential in direct debits, and banks enforce protections, manage refund processes, and validate mandates to ensure compliance with regulations. Cross border payments are vital for European expansion, and recognized financial institutions like BNP Paribas provide solutions to manage these payments efficiently.

How it works

When a new customer chooses to pay for a service with SDD on a company’s website, an intuitive user interface guides them through the customer journey to select their country and bank, validating their information for SEPA Direct Debit transactions. They are then redirected to their bank’s website or application, where they log in using standard Strong Customer Authentication (SCA) procedures. Worldline’s Account Information Service (AIS) then retrieves the customer’s banking details and automatically enters the customer’s IBAN into the mandate, which the customer electronically signs. This new process significantly reduces the risk of human error and mitigates IBAN fraud while improving the customer experience.

The service is available as a white-label solution, enabling companies to integrate it into their platforms seamlessly.

Learn more about our Account Insights and Recurring Payments solutions