4
ARE BANKS P FOR SEPA DIR WHAT ARE THE SAFETY RISKS? PLUS: TEN USEFUL TIPS FOR BANKS © INFORM GmbH 2014 ION 2014 22
ARE BANKS P REPARED FOR SEPA DIR EWHAT ARE THE SAFETY RISKS?
PLUS: TEN USEFUL TIPS FOR BANKS
© I
NF
OR
M G
mb
H 2
01
4
"�������ION 2014
22
KS P REPARED IR ECT DEBITS?
© IN
FO
RM
Gm
bH
20
14
�
TIPS FOR CREDITOR BANKS TO DETECT
SUSPICIOUS DIRECT DEBITS:
Setup a proper due diligence program for new PSPs and merchants that include such
ongoing monitoring requirements as a transaction profile on volumes and amounts.
Use an automated solution to monitor (cross border) incoming direct debit requests
from known and unknown PSPs and merchants.
Check whether PSP and merchant transactions are typical for their type of business.
Implement dynamic profiles for each PSP/Merchant on refund requests and direct
debit cancellations and watch for any sudden increase or unusual behavior.
1.
2.
3.
4.
Since August 2014, direct debits will no longer be restricted as a natio-
nal payment method for a large number of European countries but will
turn into a true Euro-denominated solution for making fund transfers
across the entire Euro-zone.
G� ��� ��� ��� ����������� ���������� �� �������������
who are selling their products and services across Europe. For consu-
mers, the new SEPA direct debit is an interesting, and cheaper alter-
native to using credit cards as an “upfront” payment authorization
solution. Consumers can easily authorize an electronic mandate for
single or recurring payment collection for an online purchase, while
merchants are guaranteed payment and can start delivering their
goods to the consumer. Over the years, local direct debit schemes
have become hugely popular in most countries. In the Netherlands
for example, about 45% of all electronic payment transactions are
processed as direct debits.
CROSS BORDER DIRECT DEBITS WILL GAIN GROUND QUICKLY
U���� ��� ��e easy and convenient for both consumers and mer-
chants. Consumers can easily authorize a request to make payment via
a SEPA direct debit and be automatically and legally protected with re-
fund guarantees of up to 13 months after a purchase is made (in case
of unauthorized purchases). Merchants also benefit in that they avoid
hefty credit card fees and simplify the “checkout” process by excluding
additional authorization steps such as PIN and 3D-secure. © I
NF
OR
M G
mb
H 2
01
4
������!#ION 2014
24
SO WHAT WILL CHANGE?
$urrently, if you as a customer want to purchase a pro-
duct online, the merchant would typically ask you to
enter your credit card details. However since it will be
cheaper for a merchant to o;er you a SEPA direct debit,
they will more likely favor promoting this payment me-
thod. All the consumer will need to do is provide their
merchant a “tick in a box” verification to set up a direct
debit.
Besides online merchants, energy companies and other
utility firms are heavily reliant on direct debits. With
the energy market quickly consolidating, it has been be-
come clear that they will consolidate their cash manage-
ment operations and outsource direct debit services to
payment service providers (PSPs) anywhere in Europe to
get their bills paid. From their point of view, this is un-
derstandable because it will be cheaper to hire people in
Eastern Europe compared to a more expensive location
such as a Paris subsidiary. Furthermore, in most cases the
consumer won’t experience any di;erence. So, the like-
lihood that SEPA Direct Debits will become successful is
therefore a very realistic possibility.
BUT ARE THERE RISKS INVOLVED?
M%&' year the banks in the Netherlands lost 25 million
euros in fraud cases due to Internet direct debit requests
from rogue payment service providers and corrupt mer-
chants. This is because there is very little security in the
process of initiating direct bills. Most of the fraud was re-
lated to service providers who submitted unauthorized
direct debits to the collector bank. Unlike banks, many of
these service providers in Europe are not supervised by a
regulator. Any company that wants to become a service
provider to process payments for merchants and utilities
firms can start up without significant security checks.
Only a small number of local requirements need to be
fulfilled to receive a direct debit contract or license.
This raises a serious concern when numerous new PSPs
are going to o;er direct debit requests across the Euro-
zone. How strong are the due diligence controls of the
payee’s bank, and how reliable are the operations of the-
se Foreign Service providers and merchants? It is impor-
tant for all parties involved to be aware of the changes
and risks related to the rollout of the European SEPA di-
rect debit initiative. While it will save money for consu-
mers and merchants on the one hand, it is important to
ensure that it will not lead to bigger losses for the banks.
The reality is that if nothing changes and there aren’t
any systems in place to check for irregularities, then the
success in making a direct debit will still be reliant on
consumers who will need to pro-actively respond to ro-
gue direct debits by reporting them to their own bank.
Banks are the guardians of the customer’s money and re-
sponsible for losses with fraudulent direct debits. With
the continuous threat of phishing attacks on customer
data such as bank account information, there is a strong
likelihood that criminals will capture this information
and fraudulently submit direct debit transactions to the
automated systems of the banks. The banks should deal
with the risks of SEPA Direct Debits and their associated
security challenges as soon as possible.
TIPS FOR BOTH CREDITOR AND
DEBTOR BANKS:
Look for malicious payment descriptions (e.g. dubious or misspelled company
names).
Use your historic transaction information to detect any unusual patterns of your
customers and their accounts.
Use your watch-list tools to filter-out blacklisted companies and beneficiary accounts.
Monitor the number of direct debit rejections by your customers and take action
before the payment is processed.
Watch for o;shore accounts within payment file details.
Avoid being fooled by small individual transactions. It’s the bulk that matters.
1.
2.
3.
4.
5.
6.
© IN
FO
RM
Gm
bH
20
14
O(
