How businesses can combat Direct Debit fraud

04 / 12 / 2024

In 2024, data theft significantly impacted the average French citizen, highlighting vulnerabilities in handling sensitive information, particularly for businesses that utilize SEPA Direct Debit (SDD) payments. While SDD offers an efficient method for managing recurring transactions, it also exposes businesses to risks if not managed correctly. Direct debit fraud arises mainly from the misuse of IBANs during the SEPA Mandate creation, leading to unauthorized payments and potential financial losses for merchants. To counter these threats, implementing robust security practices, such as Worldline's Account Validation solution that leverages Open Banking technology, can ensure secure transactions by confirming IBAN ownership and enhancing the overall customer experience.

2 min.

man and woman checking the screen of a cellphone together

In 2024, the average French citizen experienced data theft on at least 1.84 occasions. In the latest cyber-attack on a French internet service provider, over 19 million customers were affected and more than 5 million IBANs were exposed. As the Darknet has become a major marketplace for compromised data, there is a clear risk of data being sold. However, the biggest impact could still lie ahead for businesses that offer SEPA Direct Debit payments (SDD) if they fail to manage them properly. 

Direct Debit: A smart and strategic payment option
SEPA Direct Debit (SDD) provides consumers with an efficient payment method, particularly for recurring transactions such as subscriptions. Covering 36 countries and territories, SDD facilitated  over 21 billion transactions in 2023, amounting to a staggering €10 trillion in value. This system ensures timely payments, facilitates reconciliation, and optimises cash flow for businesses. For companies aiming to expand across Europe, SDD remains a cornerstone of their payment strategies.

The other side of the coinDirect debit fraud occurs when incorrect or stolen IBANs are maliciously used during the SEPA Mandate creation. This can lead to unauthorised payments and significant financial losses for merchants, as they are required to refund defrauded customers up to 13 months after the payments. Although customers get their money back, it leaves them with a bitter taste in their mouths, knowing they were scammed and that it might happen again. As a precaution, they are advised to regularly check their account for suspicious transactions. Worse still for the business is that not only does it suffer financial losses, but also a loss of reputation, compounded by the uncertainty of future sales. Having to wait 13 months to get your money refunded is a very long time. Alarmingly, over 60% of fraudulent direct debits result from IBAN misuse, according to Banque de France.

Don´t worry, there´s a remedyThe risks emphasise the critical need for robust security practices. Consequently, Worldline's Account Validation solution uses Open Banking technology to confirm IBAN ownership during the SEPA Mandate creation process, thereby guaranteeing secure transactions.


How it works

When a new customer chooses to pay for a service with SDD on a company’s website, an intuitive user interface guides them to select their country and bank. They are then redirected to their bank’s website or application, where they log in using standard Strong Customer Authentication (SCA) procedures. Worldline’s Account Information Service (AIS) then retrieves the customer’s bank details and automatically enters the customer’s IBAN into the mandate, which the customer electronically signs. This new process significantly reduces the risk of human error and mitigates IBAN fraud while improving the customer experience.

The service is available as a white-label solution, enabling companies to integrate it into their platforms seamlessly.

Learn more about our Account Insights and Recurring Payments solutions