What is a SEPA mandate?
Last changed: Tue, 3 Jan, 2017 at 10:39 AM
In order to collect Direct Debit on a bank account, any Creditor needs to get the approval of the Debtor through the acquisition of a valid SEPA Direct Debit Mandate.
This Mandate is the authorisation given by a Debtor (customer) allowing a Creditor to collect future payments on his/her bank account at any time.
Before the migration to SEPA scheme, the mandate management was under the responsibility of banks. One of the biggest change initiated by SEPA regulation is the switch regarding the mandate management responsibility: it's now up to the Creditor (merchant) to deal with everything related to this mandate management: user mandate management, digitalisation, dynamic archiving, unique reference number.
There are basically 2 types of mandate:
- the Paper mandate,
- the Electronic mandate, or e-Mandate.
The paper mandate is the traditional form of mandate, displaying mandatory information and a customer signature. As Direct Debit transactions need to be documented and identified with mandate information, the Creditor has to transfer the printed information of the mandate paper into an electronic format to process bank transactions.
In addition, as the mandate is evidence of Debtor consent, it has to be safely stored and may be needed in case of dispute or bank inquiry. This may require a strong infrastructure, which could be costly to maintain.
The e-Mandate is an electronic form of the mandate. This paperless e-Mandate needs to be properly processed in order to be legally binding and enforceable in case of dispute.
The best practice relies on a 3-steps approach:
1. Identification (e.g. based on the person ID): this is the responsibility of the Creditor (merchant), and is based on evidence directly related to the commercial contract (whatever form it may take)
2. Authentication (e.g. based on credentials issued in the identification process): strong customer authentication, as defined by European Central Bank, is based on two factors: a personal identification number and a SMS OTP (One Time Password) received by mobile phone.
3. Authorisation (e.g. signing or approving an e-mandate): an electronic signature delivered by an approved Certification Authority allows anyone receiving the proof to verify its integrity and identify its author unequivocally.