e-Paying the bills

Different models exist in the EU today with regard to the mandates used to authorise a direct debit collection. With a mandate, the payer (or debtor, see the EPC SEPA Direct Debit Scheme Rulebooks, available on the EPC website) authorises a biller (or creditor) to collect payment by direct debit. At the same time the mandate authorises the payer's bank (debtor bank) to debit the payer's account when a direct debit collection is presented.

The pre-SEPA direct debit models that exist on a national level today fall into two broad categories as regards the process of issuing a mandate:

1. The 'creditor-driven' mandate flow. The payer completes and signs a paper-based mandate and sends it directly to the biller. The biller is responsible for storing the original mandate, together with any information regarding amendments relating to the mandate or its cancellation. In this scenario, the payer's bank does not receive any mandate-related information from its customer, nor is it responsible for checking the right of a biller to collect payment from a payer's account. This model is used in a large number of EU member states today.
2. The 'debtor-driven' mandate flow. The biller informs the payer's bank that the payer has indicated a wish to make payments by direct debit. The payer's bank then issues the actual mandate and informs the payer accordingly (ie the mandate stays with the payer's bank). When a biller presents a direct debit collection to the payer's bank, the latter might choose to check the authorisation of the biller to collect payment based on the mandate.

The SEPA Direct Debit Schemes (SDD) are based on the first model, building on the same business assumptions and basic trust between the parties involved as the established pre-SEPA, national direct debit model used for decades in a large number of EU member states. To protect the payer from unwanted debits to his account, the SEPA Core Direct Debit Scheme - exceeding the requirements of the EU Payment Services Directive (PSD) - grants payers a 'no-questions-asked' refund right during the eight weeks following the debiting of a payer's account. During this time, any funds collected by SDD will be credited back to the payer's account upon request. In the event of unauthorised direct debit collections, the payer's right to a refund extends to 13 months as stipulated in the PSD.

The timelines underlying a direct debit collection as defined in the current version of the SEPA Core Direct Debit Scheme Rulebook allow the payer's bank to offer services presently offered in some EU countries, such as verification of mandates by the payer's bank. To give even more comfort to those bank customers who are used to the debtor-driven mandate flow, the EPC will also deliver an optional "Advance Mandate Information" functionality to be included in the next release of the SEPA Direct Debit Scheme Rulebooks published in November 2010. This functionality provides an extended timeline for the optional verification of mandate information by the payer's bank, thus increasing its ability to widen its mandate management in relation to its customers.

Last but not least, payment service providers servicing billers (creditors) must ensure that only trustworthy billers are able to collect payments via SDD. This is also in the interest of banks as they would have to cover any losses resulting from fraudulent or erroneous direct debits.

The e-Mandate option

To help in meeting the preferences of payers living in those EU member states applying the debtor-driven mandate flow, the option to create mandates through the use of electronic channels - called e-Mandates - was included in the SDD. This option in the SDD provides an additional means of authorising direct debit collections. It is based on secure, widely used online services offered by banks today, and is an optional service supported and offered by banks to their customers.

When issuing an e-Mandate, payers can re-use their online banking credentials or other bank-provided electronic access channels to complete the mandate online with the biller. No additional ID is necessary. When issuing an e-Mandate, the payer wishing to pay by SDD avoids the inconvenience of printing, signing and mailing a paper form to the biller by using a fully electronic process instead.

When a payer issues an e-Mandate, the mandate information stays directly with the payer's bank, which has the option to verify the authorisation of a direct debit collection presented by a biller, as is the case today in those EU member states using pre-SEPA direct debit models based on the debtor-driven mandate flow.

The inclusion of the e-Mandate offers a variety of benefits for billers too: the solution allows fully automated end-to-end processing
of e-Mandates, including issuing, amendment and cancellation of such mandates, while the collection process stays the same as defined in the SDD. The e-Mandate is agreed on in a secure way as well, with confirmation of the payer's right to access the account indicated by the payer to the biller confirmed by the payer's bank. In addition, the process allows automatic storage and retrieval of e-Mandate data.

The e-Mandate option increases the attractiveness of SDD services offered by payers' banks servicing payers making payments by SDD and by billers' banks servicing billers collecting payment by SDD. Payers' banks can offer additional mandate management services to their customers based on the e-Mandate option.

How e-Mandate works

Banks offering SDD services may choose to act as a payer's or biller's bank, or both, when offering e-Mandate-related services. Billers are free to use this process when offered by the biller's bank. Payers making payment by SDD are free to use this process provided the e-Mandate option is supported both by their bank and by the biller and biller's bank involved.

Typically, issuing an e-Mandate takes place in the following way: a payer such as a consumer, for example, chooses to purchase goods or services from a service provider, such as a utility company. The service provider, for example the biller, offers the payer the option to pay by SDD and to authorise the SDD collection(s) based on an electronic mandate. In a first step, the payer must enter all the required data including the Business Identifier Code (BIC) of his own bank on the biller's website. The biller then submits the e-Mandate proposal to the payer's bank.

At the same time, the payer is routed from the biller's website to the website of his own bank. The payer's bank validates the BIC and the payer chooses the International Bank Account Number of the account that is to be debited. In addition, the payer's bank verifies the payer's account access rights: the payer must identify and authenticate themselves with their online banking credentials as agreed with their bank. After successful authentication, the payer confirms the e-Mandate to his own bank. This last step of confirming is essentially equivalent to the signing of a paper-based mandate. The payer is then routed back to the biller's website.
In addition, the payer's bank delivers the 'signed' e-Mandate to the biller. The biller's website acknowledges the receipt of the e-Mandate and confirms this to the payer. Moving on, biller and payer exchange goods or services and payments as agreed.

Business to business

This example illustrated how a consumer issues an e-Mandate. The e-Mandate option is also available to businesses purchasing goods and services from other businesses and who wish to make related payments by SDD. In the business environment, however, authorisation of a payment usually requires sign-off by several persons.

The SEPA Business to Business Direct Debit Scheme Rulebook version 2.0, which also came into effect in November 2010, includes the option to provide authorisation by several persons with a SEPA mandate issued electronically while increasing the timeline for the payers' bank to verify the authenticity of an electronic SEPA mandate featuring multiple signatures.

The bottom line is: the e-Mandate option included in the SDD enables payers' banks to replicate the services that payers who live in EU countries where pre-SEPA direct debit models are based on the debtor-driven mandate flow are accustomed to.

The e-Mandate option will also be included in the new optional SDD Fixed Amount Scheme currently being developed by the EPC.

Security architecture

The payer's bank validates the e-Mandates issued by a payer wishing to make payments by SDD either itself or through a validation service provider acting on behalf of the payer's bank. The routing service necessary to facilitate the communication between all parties involved in the process is supplied to the biller by the biller's bank or by one or more routing service providers acting on behalf of the biller's bank. The biller and his bank should have an agreement on the conditions for use of routing services.

The messages sent from the biller, via the routing service, to the validation service of the payer's bank are routed via open networks by making use of the internet. In order to make this message exchange reliable and secure, the EPC has defined a standard for this messaging called the EPC e-Mandates e-Operating Model. This is a high-level definition describing message flows, a data model and general requirements as regards the solution itself and the parties executing it. In addition, its detailed specifications facilitate consistent implementation of the e-Mandate feature by the parties involved in the process. Last but not least, it establishes a secure environment based on defined security requirements.

The EPC e-Mandates e-Operating Model also spells out the requirements to be met by EPC-approved Certification Authorities (CAs). It is the role of these CAs to securely qualify legitimate validation service providers and routing service providers. The CAs will issue certificates to both validation and routing service providers that meet the requirements of the EPC e-Mandates e-Operating Model, and provide a common trust (and hence liability) model enabling secure message flows between the validation and routing service providers facilitating the e-Mandate service. Thanks to the CAs, there is no need for the parties involved in the e-Mandate process flow to establish bilateral agreements.

Secure and convenient SDD

The process of defining SDD to suit the needs of corporate enterprises, small- and medium-sized businesses, public administrations and consumers across 32 countries can be compared to designing a car: the basic model must meet key market requirements. At the same time the SDD must be flexible enough to include options to make suitable additions. This concept guarantees maximum choice for customers without forcing the majority to buy special features they do not need. The SDD evolves in accordance with this concept.

The inclusion of the e-Mandate option in the SDD effectively illustrates this principle. The e-Mandate option caters, in particular, to bank customers used to pre-SEPA direct debit models that are based on the debtor-driven mandate flow. At the same time, the e-Mandate option is compatible with a direct debit process based on a creditor-driven mandate flow as established in the majority of EU countries today.

Bridging different payment cultures is not an easy thing to accomplish. The SEPA Direct Debit does it.

Debtors and creditors

The EPC SEPA Direct Debit Scheme Rulebooks refer to the payer as the debtor and to the payer's bank as debtor bank. The biller is referred to as the creditor and the biller's bank is referred to as the creditor bank.

New rulebooks

The EPC, the coordination and decision-making body of the European banking industry in relation to payments, has released updated and enhanced versions of the SEPA Credit Transfer Scheme Rulebook and the SEPA Direct Debit Scheme Rulebooks. Meanwhile, 1 November 2010 marked another important date on the route to SEPA; it was from that day all banks in the Euro area are reachable for cross-border SEPA direct debits as mandated by European Union law.

This article was first published in the EPC Newsletter, Issue 6. The EPC Newsletter is available at www.europeanpaymentscouncil.eu. Subscription is free.