Preventing fraud in automatic payments (without compromising on customer experience)

For a recurring revenue company operating across Europe, letting customers pay with SEPA Direct Debit has several advantages. But, compared to traditional bank transfers, it comes with certain challenges – mainly linked to your end-customers having the option to recall payments. To learn more about this, don’t miss our tips on how to reduce the risk of recalls. 

In this article, we’ll take a closer look at specific fraud risks associated with SEPA Direct Debit payments, and how to manage them in an efficient way. 

3 common fraud patterns in SEPA Direct Debit payments

According to Michael Neuwirth, Senior Product Manager at Billogram, these are the main categories of SEPA DD fraud: 

1. IBAN misuse

“When you’re creating a SEPA Direct Debit mandate, how can you be certain that the account holder actually matches the recipient? A user manually entering an IBAN could be providing a number belonging to someone else. And when that person sees a transaction they don’t recognize, they’ll dispute the charge. Their bank will then recall the money on the basis that the mandate wasn’t created by the user.”

2. No intent to pay 

“In this case, the IBAN is correct, but the user intentionally provides an account with insufficient funds. The service is consumed, but the payment falls through.”

3. Strategic recalls 

“Here, the service is consumed and paid for, but the money is retroactively recalled by users under the terms of the SEPA Direct Debit scheme.”

Why the mobility sector is more vulnerable

In all of the above categories, it’s difficult to separate downright fraud from other failed payments with the same reason codes (recalls, insufficient funds, missing mandates, etc.). This makes it hard to assess exactly how big the problem is. But surveys indicate that fraudulent revenue makes up between 1 and 2 per cent of an average company’s total revenue – with some industries more vulnerable than others:

“SEPA DD fraud is more common in sectors with low-friction signup, such as parking, where you can create an account using only an email address and a telephone number,” he explains, and provides an example:

“In a recent meeting with one of our mobility sector clients, they described this as a growing problem impacting their monthly revenue loss ratio. They estimate that 20 per cent of these losses are driven by bad actors, while the rest is attributed to ‘friendly fraud’ or collection gaps.”

What are the financial consequences of SEPA DD fraud?

SEPA Direct Debit fraud directly impacts two of the most important metrics for your financial department: bad debt and payment rates. But the total costs are much greater, says Michael:

“The problem isn’t just that you provided a service that you didn’t get paid for. Every case also sets off costly and time-consuming processes that include paying fees to banks and payment partners, as well as a substantial back-office workload. And if your team relies on manual routines for handling reason codes, reconciling disputes, and blocking accounts, this eats up valuable time that could be better spent.”

Don’t swat flies with a sledgehammer

While it might seem tempting to tackle the SEPA DD fraud problem with stricter verification and credit checks for all customers, this is not a strategy that Michael recommends:

“Of course, there are situations where credit checks are called for. But as a blanket approach, it’s a bit like using a sledgehammer to swat a fly. It’s expensive, not globally scalable, adds friction to the user experience, and risks excluding students and other groups that tend to get a low score, but could become valuable customers.”

Key elements of a well-balanced fraud-prevention strategy 

Instead, Michael advocates a fine-tuned fraud prevention strategy, applying the right measure to the right user at the right time:

• At mandate creation – for low-friction gatekeeping: Evaluate new users verifying account ownership combined with data enrichment to assess individual risk parameters. This way, you can offer low risk users a friction free signup, require further verification from medium risk users, and block users flagged as high risk due to previous misconduct or clear fraud signals. 

• In-life payment monitoring – for continuous data hygiene: Apply continuous payment monitoring to identify early indicators of fraud which allows for the immediate offboarding of suspicious users. This helps maintain data integrity and proactively identifies risks that may have emerged after the initial mandate creation.

“The goal of this strategy is to increase pay rates and reduce bad debt while minimizing friction for the vast majority of low-risk users. That’s how you protect revenue without breaking yo ur customer experience,” Michael concludes.

Want to explore how to reduce fraud without sacrificing conversion or customer trust?
Let’s talk about how smarter payment design can protect revenue and improve the payment experience.