In order to collect Direct Debits on a bank account, any Creditor needs to get the approval of the Debtor through the acquisition of a valid SEPA Direct Debit Mandate.
This Mandate is the authorisation given by a Debtor (customer) allowing a Creditor to collect future payments on his/her bank account at any time.
Before the migration to SEPA scheme, the mandate management was under the responsibility of banks. One of the biggest change initiated by SEPA regulation is a switch in the mandate management responsibility: it’s now up to the Creditor (merchant) to deal with everything related to mandate management: user mandate management, digitalisation, dynamic archiving, unique reference number.
There are 2 types of mandate:
– the Paper mandate,
– the Electronic mandate, or e-Mandate.
The paper mandate is the traditional form of mandate, displaying mandatory information and the customer’s signature. As Direct Debit transactions need to be documented and identified with mandate information, the Creditor will have to translate the printed information on the mandate paper into an electronic format to process bank transactions.
Also, as the mandate is evidence of Debtor consent, it has to be safely stored and may be needed in case of dispute or bank inquiry. This may require a strong infrastructure and can be costly processes to maintain.
The e-Mandate is an electronic form of the mandate. This paperless e-Mandate needs to be properly processed in order to be legally binding, and valid in case of dispute.
The best practice relies on a 3-steps approach:
1. Identification (e.g. based on the person ID): this is the responsibility of the Creditor (merchant), and is based on evidence directly related to the commercial contract (whatever form it may take)
2. Authentication (e.g. based on credentials issued in the identification process): strong customer authentication, as defined by European CentralBank, is based on two factors: a personal identification number and a SMS OTP (One Time Password) received by mobile phone.
3. Authorisation (e.g. signing or approving an e-mandate): an electronic signature delivered by an approved Certification Authority allows anyone receiving the proof to verify its integrity and identify its author unequivocally.
What make an SEPA Direct Debit e-Mandate valid?
> An advanced electronic signature (or above) makes a mandate valid, given it complies with the strong customer authentication requirement.
> Only a qualified electronic signature has a similar legal effect to a handwritten signature.
> A certain set of mandatory attributes:
Example: SEPA Direct Debit Mandate with mandatory attributes
Please note that there are not specific guidelines regarding the design (layout, colour) of the mandate itself.
Nothing in the EU regulation says that an electronic payment consent shall be given with something that equals legally to a handwritten signature. For instance, Internet card transactions are authenticated by 3DS, which is not a signature. The payer banks have the final say in judging payments claims. They will judge on the weakness or the strength of the payer authentication. The burden of proof is with the payee (creditor) in case an unauthorised Direct Debit collection is claimed by the payer (debtor) after the initial 8-week no-questions asked refund period has elapsed. Whatever its status (advanced or qualified), the EU Regulation 2014/910 Art25(1) states that an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form.