SEPA: Understanding Transfers and Direct Debits for Your Merchant Transactions

Since 2002, SEPA has greatly simplified European trade by creating the largest unified market in the world (36 countries in Europe).

A single market of €11 trillion consisting of over 4,000 banks and more than 529 million citizens.

In recent years, SEPA payments have seen remarkable growth.

In 2022, over 46 billion SEPA transactions were made, representing a significant increase of 10% compared to the previous year.

These figures demonstrate the growing adoption of SEPA payments by merchants and consumers across Europe.

Whether you are already familiar with SEPA payments or discovering this concept for the first time, this guide aims to provide you with the essential knowledge to understand and use this payment method.

SEPA: Definition and Overview

SEPA stands for Single Euro Payments Area.

It is a European initiative launched in 2002 by European financial institutions aimed at facilitating cross-border payments and improving their efficiency.

It also aims to transform fragmented national euro payment markets into a single, unified domestic market, while making international payments as fast, easy, and secure as domestic payments.

The overall goal of the SEPA project is to simplify procedures and reduce the costs of moving capital across Europe by allowing businesses to centralize the management of their payments.

The SEPA initiative allows any debtor to make cash payments in euros to any creditor located in the SEPA area, using a single bank account (IBAN) and 4 types of common financial instruments:

SEPA Direct Debit system (SDD Core)
SEPA Direct Debit Business To Business (SDD B2B)
SEPA Credit Transfer (SCT)
SEPA Instant Credit Transfer (SCT Inst)

SEPA Basics: The “ 4 Corners” Model

SEPA payments are based on a four-corner model.

In the four-corner model, the originator wants to make a transaction with a beneficiary.

The originator is managed by Bank or PSP A, while the beneficiary is managed by Bank or PSP B.

To complete this transaction, both banks or PSPs must be connected to the same CSM (Clearing and Settlement Mechanisms).

What is the Geography of the SEPA Zone?

The SEPA coverage includes 36 countries:

The 20 members of the European Economic Area (EEA) and the European Union (EU) that are part of the eurozone. The list includes: Germany, Austria, Belgium, Cyprus, Croatia, Spain, Estonia, Finland, France, Greece, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Portugal, Slovakia, Slovenia;

The 7 members of the European Economic Area and the European Union that are not in the eurozone.. The list includes: Bulgaria, Denmark, Hungary, Poland, Czech Republic, Romania, Sweden;

The 3 European Economic Area members not in the EU: Liechtenstein, Iceland, and Norway;

Switzerland and the United Kingdom, which are neither EEA, EU, nor eurozone members;

Andorra, Monaco, San Marino, and Vatican City, which are neither EEA, EU, nor eurozone members but whose official currency is the euro by agreement with the EU.

French Polynesia, New Caledonia, and Wallis and Futuna (the “three Pacific COMs”) are not part of the European Union but are reachable through the SEPA program.

Key Dates for SEPA

1999: Gradual introduction of the euro as the single currency

2002: Introduction of euro banknotes and coins

2002: Creation of the European Payments Council (EPC) to support and promote the integration and development of the European payments market. Launch of the SEPA project.

2008: Launch of SEPA credit transfers

2009: The Payment Services Directive establishes the validity of a signed mandate in a member country for a SEPA transaction

2010: Launch of SEPA direct debits in France

2011: SEPA payments replace national payment systems

2014: End of the migration period. The SEPA system becomes 100% operational in all eurozone countries.

2016: The SEPA Direct Debit (SDD) Core Rulebook 9.0 comes into effect, reducing the standard timeline (1 business day for the execution of a SEPA direct debit).

2017: Definition of the SEPA Instant Credit Transfer scheme

2020: Definition of the SEPA Request-to-Pay scheme

SEPA Direct Debit

SEPA direct debit is a payment method that is now fully deployed and operational in the eurozone countries.

It is a “pull” payment method that allows a creditor (i.e., a merchant) to directly debit a debtor’s (i.e., a consumer’s) bank account, provided a valid mandate is available to allow the merchant to withdraw money from the debtor’s account.

Known as “prélèvement bancaire” in France, “domiciliación bancaria” in Spain, “domiciliation bancaire” in Belgium, and “Elektronisches Lastschriftverfahren” in Germany, it is a widely used payment instrument, used by millions of Europeans to pay for subscriptions and fixed fees (taxes, electricity, rent…).

In Germany, bank direct debit is mainly used for one-off payments and generally without a valid mandate (which is not compliant with European legislation).

SEPA direct debit is therefore not a new payment method.

Businesses, institutions, and governments have been using it for decades, with the help of their banks, to manage the entire process (collection and archiving mandate, order preparation, and execution).

But to manage the process, this new SEPA direct debit system introduced significant changes that quickly turned into major challenges for creditors.

Creditors are now responsible for the entire SEPA mandate management flow (valid mandate signature, scanning, archiving, assigning a unique reference number). This responsibility was previously handled by their bank.

Creditors must manage new interbank communication file formats.

Creditors must manage a specific SEPA direct debit timeline (payment schedules differ for “SDD First/SDD One-off” and “Recurring” direct debits).

The cash flow of creditors can be affected by returns and rejections of direct debits (R-Transactions) on the debtor’s side, with two important deadlines (8 weeks and 13 months).

These challenges explain why transitioning to SEPA direct debit has not been an easy task for European creditors.

And this is precisely SlimPay’s mission: to make SEPA direct debit easy to use and provide a comprehensive recurring payment gateway for European merchants.

Let’s see what we need to do to make it work.

Obtain a SEPA Creditor Identifier

To get started with SEPA direct debit, any business or institution needs to obtain a SEPA Creditor Identifier (ICS).

The ICS identifies a creditor regardless of their relationship with the creditor’s bank, whatever it may be.

The ICS represents a unique identification of the creditor (each ICS refers to a single creditor only).

It also allows the debtor to:

– Verify a SEPA direct debit transaction,

– Request a refund or dispute with the correct creditor,

– Verify a mandate.

The structure of the ICS may vary from country to country within the SEPA zone.

The SEPA system allows the use of existing national identifiers to create an ICS across the SEPA zone by adding a country code and a check digit.

The general structure of an ICS is:

Each country in the SEPA zone has its own specific procedure and issuing entity for providing the ICS to a creditor.

In France, the ICS is issued by the Banque de France.

A SEPA mandate is correctly identified by the combination of a creditor identifier (ICS) and a unique mandate reference (RUM).

This forms the unique SEPA mandate key.

The RUM can be generated by SlimPay or by the merchant.

How to Set Up a Mandate ?

To perform a direct debit on a bank account, a creditor must obtain the debtor’s consent through a valid and compliant SEPA direct debit mandate.

This mandate constitutes the authorization given by a debtor (customer) allowing the creditor (merchant) to collect future payments from their bank account at any time.

A mandate remains active as long as it is not revoked by either party (debtor or creditor) or if it is not used for 36 months (expiration).

Once a mandate is revoked, all future SEPA direct debits will be blocked.

With SEPA standards, mandate management, commonly through a library called mandate repository, is managed by the creditor.

The mandate must contain mandatory information (such as the debtor’s name, address, and bank details, or the ICS [SEPA creditor identifier], the creditor’s name, and address).

A direct debit mandate necessarily includes a unique mandate reference (RUM), a signature date, and a signature.

Moreover, as the mandate constitutes proof of the debtor’s consent, it must be carefully kept and may be requested in case of disputes or bank requests.

All this may require heavy infrastructure involving costly maintenance processes.

There are two types of mandates:

– Paper mandat

– Electronic mandate, or e-mandate. The e-mandate must be processed in compliance to be legally binding and applicable in case of disputes.

Creating a mandate involves three steps:

1. Identification

Identification (for example, using the person’s identity) is the creditor’s responsibility (merchant) and is based on several proofs directly related to the commercial contract (in any form).

2. Authentication

Authentication (for example, based on the references provided during the identification process) relies on strong customer authentication as defined by the European Central Bank, based on two factors such as a personal identification number and a one-time password sent by SMS to a mobile phone (OTP – One Time Password).

3. Authorization

Authorization (for example, the signature or approval of an e-mandate) uses an electronic signature provided by an approved certification authority that includes the client’s agreement and allows anyone receiving the proof to verify its integrity and unequivocally identify its author.

What validates a SEPA direct debit mandate?

An advanced (or superior) electronic signature validates a mandate, as it complies with strict customer authentication conditions.
Only a qualified electronic signature has the same legal value as a handwritten signature.
A set of mandatory elements as defined in the SEPA – Core Direct Debit Scheme Rulebook.

Note that there are no specific guidelines regarding the layout (format, colors) of the mandate itself.

No mention of European regulations indicates that an electronic payment authorization must be accompanied by a legally equivalent element to a handwritten signature.

For instance, online card transactions must be identified by 3DS, which are not signatures.

It is the payer’s bank that has the final say on payment requests.

It assesses the robustness or weakness of the payer’s authentication.

The burden of proof is on the creditor in the event of an unauthorized direct debit reported by the payer after the initial 8-week refund period without a claim.

Regardless of its status (advanced or qualified), European Regulation 910/2014 Article 25 indicates that an electronic signature cannot be denied its legal value and admissibility as evidence in legal proceedings solely because of its electronic format.

How does the SEPA direct debit flow work?

The SEPA direct debit flow consists of three main steps:

1. Acquisition and Management of the Mandate

→ A SEPA direct debit mandate has a “lifetime.”

Once duly signed by the debtor, several “events” can affect it (IBAN changes, physical address changes, third-party consultation, proof management, direct debit revocation, etc.).

A comprehensive dynamic database and flow management system must be established.

2. Order Management

Before receiving a payment from the debtor’s bank account, several steps must be completed:

Pre-notification to the Debtor:

→ The notification period is 14 days (which can be shortened with the debtor’s agreement).

This pre-notification must include:

The payment due date,
The fee amount,
The unique mandate reference and the creditor’s identifier.

There are no conditions regarding the communication method; these steps can be done through an agreement in the terms and conditions, mentioned on an invoice, displayed on an online account, etc.

SEPA Payment Request to the Bank:

→ It must be done via a specific .xml file compliant with ISO 20022 standards and following the correct SEPA direct debit sequence.

2. Execution of Orders

This involves managing transactions, preparing direct debit orders, transmitting them to the bank, and executing the payments.

Funds are collected in a holding account opened in the merchant’s name in SlimPay’s books.

Execution of orders also includes managing failed transactions, known as R-Transactions (return, rejection, or refund).

What is the SEPA timeline?

SEPA direct debit follows a strict sequence of orders.

R-Transactions (return operations) can also occur at various stages of the process.

How do direct debits work in SEPA zones outside the EEA?

Since November 19, 2017, the EPC (European Payment Council) has made changes to the Rulebook governing payments in the SEPA zone.

It is now mandatory to indicate the name and address of the debtor for direct debits in SEPA zones outside the European Economic Area (EEA).

The concerned countries/states are: Switzerland, Guernsey, Jersey, Isle of Man, Norway, Monaco, and San Marino.

This obligation also applies to transfers made in the context of a customer refund.

Consequences: The absence of name and address will result in the rejection of the direct debit under rejection code RR04.

Finally, the return period for SEPA B2B direct debits is extended from 2 to 3 business days.

For further information, please contact us: support@slimpay.com.

What are R-Transactions?

Like any other payment method, a SEPA direct debit can result in a failed transaction.

These are called R-Transactions.

There are four types of R-Transactions that can occur at various levels of the SEPA direct debit flow:

Rejection: The debtor’s bank rejects the SEPA direct debit. This situation can occur if the bank account is closed, invalid, or does not exist.
Refusal: A single transaction may be refused (the mandate remains valid for subsequent transactions), or a mandate may be revoked, meaning subsequent transactions will be systematically refused.
Return: The debtor’s bank returns the SEPA direct debit (SDD) due to a problem during processing. Most returns are due to insufficient funds in the debtor’s account.
Refund: Between Day 0 and Day +8 weeks, the debtor can request a refund without needing justification. Between Day +8 weeks and Day +13 months, the debtor can request a refund only if they claim they never signed a mandate.

R-Transactions can have several fundamental causes.

SEPA Credit Transfer

The SEPA credit transfer is a payment method that is now fully deployed and operated in the eurozone countries.

It is an order that the payer gives to their bank to transfer funds from their account to the beneficiary’s account located within the SEPA zone.

There are two types of credit transfers:

Standard Transfer:

→ The amount of the standard SEPA transfer is credited to the beneficiary’s account in a maximum of 1 banking day from receipt by your bank of your instructions.

→ There is no minimum or maximum amount.

→ The amount deducted from the payer’s account is transferred in full to the beneficiary’s account (no fees apply).

Instant Transfer:

→ It is characterized by a much faster fund transfer time than the standard transfer, as it must usually be completed within 10 seconds, regardless of the day or time of the transaction.

→ The instant transfer may be charged to the payer by their bank, depending on the banks and the terms of use they have agreed to.

The SEPA Credit Transfer Timeline

The SEPA credit transfer follows a strict sequence of orders.

For information, SlimPay systematically rejects credit transfer return requests.

Using the SEPA Credit Transfer

At SlimPay, we use credit transfers in two cases:

Refunds: When a merchant wishes to refund or make a commercial gesture towards the debtor (i.e., the consumer).
SlimCollect Pay Offer: When a merchant wishes to make an initial payment (standard or instant transfer), then automatically construct a mandate using the transfer information.

→ Once the mandate is constructed, it allows the merchant to perform direct debits.

→ Combined with Open Banking and particularly payment initiation, this use case avoids manually entering the IBAN, reducing human errors and IBAN fraud.

Technical Implementation

SlimPay offers a Rest API, available 24/7/365, which you can integrate with the programming language of your choice.

For more information and documentation : https://dev.slimpay.com/

SlimPay is a European leader in recurring payments through SEPA direct debit.

We offer a comprehensive SEPA direct debit solution to manage the entire process:

Acquisition and management of the mandate
Preparation and submission of orders
Execution of transactions
Management of R-Transactions
Pre-collection of receivables

Founded in 2009 as a licensed payment institution, SlimPay serves over 2000 clients in 28 countries. We are 100 SEPA direct debit specialists across two European offices (Paris, Madrid) and ready to help you switch to SlimPay.

Merchant Responsibilities and Consumer Protection

→ How to handle the risk of customer disputes?

According to European payment services regulations, the consumer’s right to dispute places a risk on the certainty of received funds—regardless of the payment method used—and can last for a very long period.

A consumer can obtain an immediate refund from their bank for up to 13 months following the date of the debit on the grounds of an unauthorized transaction.

If the payee of the payment, the merchant, cannot prove the authenticity of the payer’s consent, the payer’s bank will charge this refund to the merchant through their payment service provider.

This operation is commonly referred to as a dispute, or chargeback.

→ Is the consumer informed of the date and amounts of the direct debits that will appear on their account?

The merchant is required to inform the consumer in advance of the amount and date of the direct debit(s) in the form of, for example, a schedule when known in advance, an invoice, etc.

If the consumer does not have this information, they can contact their merchant to request it.

→ Is the direct debit subject to fees?

Setting up direct debits is rarely charged by banks.

Check with your bank and do not hesitate to request a waiver if it was not the case.

Each direct debit operation is most often free.

Also, check your institution’s practices and do not hesitate to compare with other providers.

→ How to terminate a direct debit mandate?

The consumer can, at any time, permanently terminate a direct debit mandate by requesting its revocation (also known as cancellation) from their merchant, who must then cease issuing SEPA direct debits based on this mandate.

It is strongly recommended to simultaneously inform the bank and keep a record.

This revocation is usually done without charge.

If the consumer still owes money to the merchant, they will need to settle the amount due by another means, respecting the deadlines and schedule.

A SEPA direct debit mandate becomes invalid if no direct debit has been presented within 36 months.

→ How to dispute an unauthorized direct debit?

If a consumer notices that their account has been debited for a direct debit they did not authorize, they have a maximum of 13 months to dispute it with their bank.

The bank will credit the consumer’s account with the amount of the disputed transaction upon receiving the request and may contact the merchant’s bank to verify the existence or absence of an authorized mandate.

An unjustified dispute will result in the cancellation of this refund and potential additional charges from the merchant.

→ What happens if a direct debit is rejected?

If a direct debit cannot be paid to the creditor due to insufficient funds in the account, the bank may reject/return the direct debit.

This incident results in the imposition of banking fees. Penalties may also be due to the merchant.

→ Why choose direct debit?

Direct debit is favored by consumers for:

Avoiding any delays or payment oversights,
Using a secure and easy-to-set-up payment method,
Settling amounts due on a pre-determined date,
Using a payment method suited for recurring payments,
Retaining control over payments with the option to terminate the SEPA direct debit mandate at any time.

SEPA Glossary

→ IBAN (International Bank Account Number)

The IBAN (International Bank Account Number) is a standardized format for bank account numbers used internationally.

Developed by the European Committee for Standardization (CEN) and the International Organization for Standardization (ISO), it facilitates electronic funds transfers between countries.

The IBAN consists of an alphanumeric series of characters that uniquely identify a bank account in a specific country.

The length of an IBAN is fixed in each country with a minimum of 14 characters and a maximum of 34 characters. It is defined by ISO standard 13616.

It generally includes:

A country code (2 letters),
A check digit (2 digits),
A Basic Bank Account Number (BBAN).

The IBAN is specific to each individual or business.

The main advantage of the IBAN is that it allows for precise identification of bank accounts internationally, facilitating cross-border transactions and reducing payment routing errors.

The use of the IBAN is common in many countries worldwide, particularly in EU member states and other countries that have adopted this system.

It is important to note that the structure and length of the IBAN may vary from country to country, as each country may have specific formats.

Thus, it is essential to provide a correct and valid IBAN when sending or receiving international payments.

→ BIC (Bank Identifier Code)

The BIC (Bank Identifier Code), also known as the SWIFT code (Society for Worldwide Interbank Financial Telecommunication), is a unique code used to precisely identify financial institutions internationally.

The BIC is primarily used in international payments and facilitates the secure routing of financial information between banks.

The BIC is an alphanumeric code consisting of 8 or 11 characters. It generally includes the following information:

The first four characters: the bank code (sometimes called the bank identifier), which uniquely identifies a specific financial institution;
The next two characters: the country code where the financial institution is located;
Two additional characters (optional): used to identify a specific branch of the financial institution (location code);
The last three characters (optional): represent the branch location code (typically the city).

The BIC is essential in international fund transfers as it allows precise identification of the banks involved in the transaction.

It is used together with the IBAN (International Bank Account Number) to ensure that payments are directed to the correct bank account in the target country.

It is worth noting that the BIC is also referred to as the “SWIFT code” due to its association with the SWIFT organization, which manages the secure communication networks used for international financial transactions.

→ European Commission

The European Commission, aiming to establish a single euro payments area, has developed, with the help of the ECB (European Central Bank) and the EPC (European Payments Council), a set of regulations and directives that form the legal and technical framework for SEPA.

The implementation of SEPA payment methods is dictated by the Payment Services Directive published in the Official Journal of the European Union on December 5, 2007, providing the necessary legal basis.

In France, SEPA credit transfers have been available from banks since 2008 and direct debits since 2010.

The European Commission plays an active role in creating rules related to the Payment Services Directives, better known as PSD1 and PSD2.

Read also : PSD1: what is it all about ?

→ EPC (European Payments Council)

The European Payments Council (EPC) is an organization based in Brussels, Belgium, founded in 2002, that plays a key role in creating and promoting harmonized payment solutions in Europe.

It brings together representatives from banks and other payment industry stakeholders.

The EPC works closely with the European Commission, the ECB, and other regulatory bodies to facilitate the integration of payment markets in Europe.

The primary goal of the EPC is to develop and promote common standards and rules for cross-border and domestic payments in euros.

The EPC is responsible for implementing the SEPA (Single Euro Payments Area) automated payment system, which aims to harmonize euro payments within participating countries.

This allows consumers, businesses, and financial institutions to make euro payments efficiently and transparently, regardless of the EU country in which they are located.

The EPC sets the rules and technical standards for the various SEPA payment instruments, such as SEPA credit transfers and direct debits.

It also plays a key role in managing and evolving the SEPA payment system, ensuring it remains aligned with the changing needs of the market and users. SlimPay implements the standards set by the EPC.

→ EBA (European Banking Authority)

The EBA (European Banking Authority) is a European Union agency responsible for regulating and supervising the banking sector across the EU.

It was established in 2011, replacing the Committee of European Banking Supervisors.

The EBA’s main tasks include:

Promoting the integrity, transparency, efficiency, and stability of the European banking sector,
Developing technical and regulatory standards to harmonize banking practices within the EU,
Conducting regular assessments of the stability of the European banking system and publishing reports on these assessments,
Supervising national banking authorities in applying EU regulations and standards,
Coordinating responses to cross-border banking crises and facilitating cooperation between national competent authorities.

The EBA thus plays an essential role in promoting harmonized banking standards and practices across the EU, as well as protecting consumer interests and financial stability.

It helps to strengthen confidence in the European banking sector and ensures a high level of regulation and supervision throughout the European Union.

The EBA, as an EU banking regulatory agency, plays an important role in implementing PSD2.

→ PSP (Payment Service Provider)

A PSP (Payment Service Provider) is a provider of payment services.

It is an entity that offers services related to the management and execution of electronic payments.

PSPs play a crucial role in facilitating financial transactions between consumers, merchants, and financial institutions. They come in various categories: credit institutions, payment institutions, electronic money institutions, etc.

SlimPay is a PSP authorized by the ACPR (Prudential Control and Resolution Authority).

→ PISP (Payment Initiation Service Provider)

A PISP stands for “Payment Initiation Service Provider.”

A PISP is a service provider offering solutions to initiate electronic payments on behalf of users.

PISPs are authorized to access users’ bank accounts with their consent to facilitate online or mobile payments. They act as intermediaries between consumers and financial institutions to execute payment transactions.

The main function of a PISP is to initiate online or mobile payments securely and conveniently, without users needing to provide their banking information directly to each merchant or online service provider.

PISPs can be integrated into payment applications or platforms to allow users to make payments without leaving the familiar environment of the app.

PISPs are governed by specific regulations, such as the Payment Services Directive (PSD2) within the EU, which sets standards for security, consumer protection, and data privacy for payment initiation service providers.

SlimPay is a PISP authorized by the ACPR.

→ AISP (Account Information Service Provider)

An AISP stands for “Account Information Service Provider.“

An AISP is a service provider offering solutions to access and view users’ bank account information.

AISPs are authorized to access users’ financial information and account data with their consent to provide account aggregation and consultation services.

They act as intermediaries between consumers and financial institutions to collect, aggregate, and present financial information from different bank accounts.

The main services provided by an AISP include:

Displaying account balances,
Transaction history,
Expense categorization,
Budget management,
And other financial information-related features.

AISPs can be integrated into financial applications or platforms to provide users with an overview of their finances and manage their bank accounts more easily.

AISPs are governed by specific regulations, such as the Payment Services Directive (PSD2) within the EU, which sets standards for security, privacy, and data protection for account information service providers.

SlimPay is an AISP authorized by the ACPR.

→ CSM (Clearing and Settlement Mechanisms)

CSMs (Clearing and Settlement Mechanisms) are interbank platforms for processing payment flows.

CSMs ensure the clearing of retail payment methods such as credit transfers, TIPs, bills of exchange, cheque images, card transactions, etc., among all banks (PSPs) in the SEPA area.

Clearing is defined by the European Central Bank as “the process of transmitting, reconciling and, where appropriate, confirming transfer orders before settlement, including possibly the netting of orders and the establishment of final positions for settlement.”

Settlement is “the discharge of an obligation through the transfer of funds.”

The EPC (European Payments Council) regulates the operational rules of CSMs.

The CSM calculates the positions of each bank/PSP and shares the information with the central bank.

It is important to note that a payment is not necessarily transmitted to a CSM.

For example, a payment between two customers of the same bank can be processed through “intra-group” clearing, which reduces the processing cost for the target bank.

In France, there are several CSMs for SEPA direct debits and credit transfers.

Banks and PSPs primarily use STET CORE for domestic payments and ABE – STEP 2 for European payments.

However, most banks are accessible through both CSMs.