What will eIDAS change for the electronic signing of SEPA mandates?
Published: 25 October 2016
In order for a direct debit to be valid, the debtor, ie: consumer, must sign a mandate to authorise the creditor to debit their account. A mandate can be signed in a traditional manner using pen and paper or digitally. The digitalisation of a direct debit mandate has caused its share of confusion and resistance.
The European Payment Council (the decision-making and coordination body for the European banking industry in relation to payments) outlines two ways of digitalising a SEPA mandate:
- The E-Mandate: A four corner model that involves both the debtor, the creditor and their respective banks.
- The electronic signature: “The creditor may offer the Debtor an automated means of completing the mandate, including the use of an electronic signature.”
The latter method is of interest to SlimPay. Since 1st July 2016 the legal framework surrounding electronic signature is governed by regulation N° 910/2014, best known as eIDAS regulation. The new regulation repeals the previous directive 1999/93/CE (also known as the eSignature Directive) and ensures a more harmonised approach with regards to the recognition and enforcement of e-signatures. Unlike the former directive, eIDAS regulation is directly applicable in all E.U countries. More specifically, this regulation aims to:
1) Ensure the mutual recognition of electronic identification (eID), which should in turn ensure that people and businesses can use their eIDs to access online services across the EU.
2) Regulate the activity of trust service providers established in the EU in order to reduce the friction on the supply of cross-border trust services (including but not limited to electronic signature).
Here again, it is the latter point that is of interest to SlimPay. According to Article 25 of eIDAS, “an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the ground that it is in electronic form or that it does not meet the requirements for qualified electronic signature”, this effectively reasserts the validity of the electronic signature process in all E.U. Member states.
SlimPay provides an advanced electronic signature. These types of signatures are uniquely linked to the debtor, are capable of identifying the debtor, and are linked to data within the signature that can detect any changes made.
Article 26 of eIDAS’ regulation states that an advanced electronic signature must meet the following requirements in order to have the same legal value as a hand signed mandate:
An advanced electronic signature shall meet the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory
(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control; and
(d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable”
The electronic signature process used by SlimPay meets all the requirements outlined by Article 26 for advanced electronic signature. This means that direct debit mandates signed through SlimPay are legally valid, like mandates signed in handwriting. SlimPay archives all direct debit mandates signed though its electronic signature technology, thus can be used as legal proof in case of a dispute, protecting merchants against indemnity claims that a mandate has not been signed.
In today’s digitally driven era security surrounding exchanges regarding payment information and personal data is in a constant process of keeping up with the times, and it is often difficult to get the balance between security and user experience. SlimPay’s process for electronically signing mandates requires 2-factor authentication, making mandates signed like this securer and harder to forge than paper mandates. In addition to protecting the merchant against indemnity claims, SlimPay’s process is highly user friendly and enables consumers to sign mandates in less than a minute!
This post is also available in: Français