> The Single Europe Payment Area (SEPA) offers free, instant transactions between European banks. They’re pull based; a user communicates their banking information to a business, which debits the user’s account, rather than the business communicating their banking information to the user in order to send them money.
I think this is something of a simplification since SEPA encompasses multiple types of payment. While Direct Debits are pull based you can also make push based payments from your bank, usually for free.
It's completely normal and safe in Europe to share your bank account number (IBAN) with others so that they can send you money through online banking. This is how I paid my rent (you can setup a recurring payment, kinda like bill pay but instant and without the risk of a physical check potentially being delayed in the mail); settled up with friends for shared expenses; and got paid for freelance consulting (I'd put my IBAN on the invoice.)
I don’t understand why SEPA direct debit was started a few years ago. Push based methods were working great for decades, and SEPA had unified national payment methods to a european level. There were national pull based methods with built in fraud guard rails, and automatic recurring payments for e.g. monthly subscriptions.
Then came direct debit, where giving out your IBAN now somehow became a fraud risk. Meanwhile, most companies still publish their IBAN on their websites. Customers hate giving away control over their account and seeing random money transfers from mysterious companies. Banks hate all the random middleman grabbing money out of accounts. We need these new middleman for some reason.
I have no idea why they implemented SDD like this. It reeks as if someone decided to force the US payment system on top of SEPA, even if the legal framework for it is missing, there is a huge cultural impedance mismatch, and the credit card based system is inferior in almost every way to the existing debet cards. Things that were working just fine in the 1980’s are now losing consumer trust because of SDD. All of this was a very predictable idiotic clusterfuck. Why?
Having a single European-wide integrated pull-based payment method is great for cross-border commerce. When I went studying abroad, I just gave the rental agency my IBAN, and they pulled the rent from my account the same way my local landlord did. I can sign up for services from any company in the EU and have recurring payments just like I would for local companies. That's not as easy if there's 27 national methods.
Furthermore, I don't think SDD is a big fraud risk. To be able to make direct debits, you need a contract with a bank, and, at least in my experience, they're quite thorough about that: you need to have a legal entity, banking history and show government identification; and even then the amount you can direct debit is limited to just a little more than your usual turnover. If a fraudulent debit happens anyway, you can one-click, no-questions-asked reverse them for up to eight weeks. After that, you can report it as an unauthorized transaction for up to 13 months and the bank will reverse it unless the creditor can show a signed mandate.
I don't think I've ever heard of anyone having had a direct debit from an unknown party. At least over here in the Netherlands, all banks also support requiring pre-authorization for direct debits nowadays, eliminating the risk completely.
> Then came direct debit, where giving out your IBAN now somehow became a fraud risk.
I do not know about other EU countries, but here in CZ, i have to allow each counterparty and set a limit to maximum amount of direct debit to that counterparty in order to direct debit transfer be accepted.
It is useful for transactions like monthly phone payments, where exact sum is different each month.
If your bank accepts direct debit without you allowing it, then it is a problem with your bank, not with SEPA.
> It's completely normal and safe in Europe to share your bank account number (IBAN) with others so that they can send you money through online banking. This is how I paid my rent (you can setup a recurring payment, kinda like bill pay but instant and without the risk of a physical check potentially being delayed in the mail); settled up with friends for shared expenses; and got paid for freelance consulting (I'd put my IBAN on the invoice.)
Just because everyone does it this doesn't mean it's safe to do. If some trolls manage to get hold of your IBAN and the account isn't protected from direct debit, you will get fucked by idiots ordering pizza and dildos.
> Just because everyone does it this doesn't mean it's safe to do. If some trolls manage to get hold of your IBAN and the account isn't protected from direct debit, you will get fucked by idiots ordering pizza and dildos.
I don't know anyone who this has ever happened to. Only vetted companies are allowed to perform Direct Debits, e.g. utilities who know your physical address. In the UK (still a member of SEPA even post Brexit) the Direct Debit Guarantee [1] makes it easy to reverse any errant Direct Debits through your bank.
The pizza or dildo company likely won't accept Direct Debits and will require a debit or credit card for the transaction instead.
My iban was used 3 weeks ago to buy ~578€ worth of tools via a hardware online store, via a Paypal guest account. For some reason they did not need verification of the account.
Perhaps it had to do with this exact Iban being verified with my PayPal account but this account was not hacked or used in any way.
Lidl also had huge issues surrounding sepa debit payments, it was in the media.
Credit card payments are getting more secure by the day in the EU, and direct debit is still a piece of rubbish.
> Only vetted companies are allowed to perform Direct Debits, e.g. utilities who know your physical address.
The scenario is not fraud, that is hard(er) to pull off due to vetting, but trolling someone with fake online shop orders.
> In the UK (still a member of SEPA even post Brexit) the Direct Debit Guarantee [1] makes it easy to reverse any errant Direct Debits through your bank.
It's the same here in Germany, but you're still stuck with unwinding all of the bullshit.
> The pizza or dildo company likely won't accept Direct Debits and will require a debit or credit card for the transaction instead.
SEPA Direct Debit is mostly used for recurring payments, and the account owner must authorize the company to use it. Just knowing someone's account number is not enough, you still need that initial authorization.
In fact, in some EU countries businesses are required to publish their bank account numbers in some central, government-run registry. It wouldn't be safe to do, if it could result in having your money stolen.
I think this is something of a simplification since SEPA encompasses multiple types of payment. While Direct Debits are pull based you can also make push based payments from your bank, usually for free.
It's completely normal and safe in Europe to share your bank account number (IBAN) with others so that they can send you money through online banking. This is how I paid my rent (you can setup a recurring payment, kinda like bill pay but instant and without the risk of a physical check potentially being delayed in the mail); settled up with friends for shared expenses; and got paid for freelance consulting (I'd put my IBAN on the invoice.)