Back in 2008, outspoken TV and radio presenter Jeremy Clarkson published his personal bank account number and sort code in his Sun newspaper column. He intended to prove that a public furore over the loss of 25 million people’s personal details was ‘a palaver about nothing’. Faster than you can say ‘I wouldn’t do that if I were you’, Clarkson discovered that a reader used his details to donate £500 to charity Diabetes UK and, because of the Data Protection Act, he was unable to stop or even identify who was behind the unauthorised payment. Despite the unorthodox approach, Clarkson’s blunder, and subsequent retraction, did highlight that there are historically gaps in Direct Debit’s fraud prevention.

Direct Debit is a fantastic payment method for recurring revenue use cases. It has low transaction fees, high payer preference and low payment failure rates. It has long been a popular choice for organisations such as gyms, telecom providers and even not-for-profits. However, this doesn’t mean that Direct Debit isn’t without its associated risk, with no additional authorisation steps currently in place for payers.  

For too long businesses have been forced to either accept fraud risk or implement high-friction payment solutions. The result is that 35%* of businesses across the US and Europe rank payment fraud among the top threats facing their business today, with an additional third of businesses taking an average of three days to catch a fraudulent payment. In those three days, businesses lose more than just revenue. It’s the cost of additional time, admin, employed headcount and resources spent identifying and chasing payments that fail because of fraud. 

There are varying degrees of vulnerability depending on the merchant use case, with high volume subscription businesses being at the higher end of the risk spectrum. This is because 1) they are onboarding hundreds, if not thousands, of new customers every day, making manual account validation impossible, and 2) often merchants are stuck in a paradox of choice between pre-emptively protecting revenue or providing a positive customer experience by instantly sending out a customer’s order. It’s also worth noting that in an era of social media and WhatsApp, as a company’s user base grows, so does the risk of people sharing a business’ weaknesses and tips on how to “work the system”.

It’s a long-standing pain point that spurred GoCardless to expand our fraud prevention offering, launching Verified Mandates in the UK. Powered by Open Banking, Verified Mandates builds payer verification directly into the payment set-up flow, enabling merchants to instantly verify whether the bank account information a new customer uses is valid by authenticating the details within the bank’s online or mobile banking app. 

Verified Mandates comes hot on the heels of our launch of Instant Bank Pay last year, in which businesses can collect the first payment of a service via open banking. This is great when they want to take the first payment upfront, as it serves to also verify ownership of the account. But in many scenarios, businesses simply don’t want to do that. Think of businesses that offer an initial free trial period that requires the entry of payment details to begin, or of utility companies that base their pricing models on usage, they have to collect at the end of a month or quarter. Instead, it is the combination of open banking and Direct Debit that gives both merchants and customers the protection and checkout experience that they want – removing the need for either to compromise. 

Should your business use Open Banking to verify bank details, even if fraud is currently more of an inconvenience than a bigger problem? Put simply – yes. It’s rare that businesses don’t have the ambition to scale and without the proper payments strategy in place early, inconveniences grow to become issues. And no, bank mandate verification can’t solve every form of fraudulent behaviour or cybercrime, and it certainly can’t go back in time to help Mr Clarkson – but it is a great place to start.

* The Financial Cost of Fraud, University of Portsmouth, 2019

[The author of this article, Siamac Rezaiezadeh, is Director of Product Marketing at GoCardless]