As the UK’s Direct Debit landscape evolves, businesses must stay ahead of regulatory updates and operational best practices. Recent changes introduced by Pay.UK present both challenges and opportunities for organisations to enhance their collections processes, reduce fraud, and improve customer experience.
Bacs, part of Pay.UK, released the most recent guide and rules for the Direct Debit (DD) service (version 5.8) on March 28. These rules outline the service users’ obligations for those businesses that operate a DD scheme.
One important change affects the rules surrounding the raising and challenging of DD Indemnity Claims (DDICs), where a payer claims that the business/service user has incorrectly setup a Direct Debit from their bank account. Previously, service users could challenge most reasons for a claim, but not a DDIC raised for reason code 4, stating the payer cancelled the Direct Debit Instruction directly with the service user.
The updated guide permits a challenge to code 4 if the service user can demonstrate that the DDIC has been applied incorrectly. This ability for companies to challenge the DDIC is likely to significantly reduce the number of fraudulent code 4 claims.
Protecting both parties
Importantly, the guide and rules not only protect the service user and provide a widely understood framework to collect DDs but are also in place to protect payers from fraud. The rules clearly outline how to validate and verify customers during onboarding, ensuring Direct Debits are collected as expected from legitimate customer accounts.
Service users must follow the guidance on validation and verification, which is different for a non-Automated Direct Debit Instruction Service (AUDDIS), AUDDIS or Paperless Direct Debit. If they don’t, their business faces losing sponsorship of DDs from their bank or payment service provider or having restrictions placed on their DDs. Expect renewed focus from Pay.UK and the sponsoring banks in ensuring businesses are aware of their obligations.
In a straw poll during our recent webinar “How to Maximise Safe and Sustainable Collections”, almost three-quarters of the audience felt generally satisfied with their DD customer onboarding processes but also think some improvements could be made. Only 9% admitted to needing help with their processes, while 15% hadn’t considered that they needed to make changes alongside streamlining their systems. In light of Pay.UK’s heightened focus on compliance, those businesses should consider taking action.
Dealing with exceptions
Businesses often face challenges around verifying bank account details when collecting DDs. Without a process in place to verify the account holder, it is easy for payers to mistakenly use outdated details of a closed bank account, or accidentally (or even purposely) enter account details that belong to someone else. Therefore, businesses should use a verification service to boost confidence in customer account information.
According to Office for National Statistics (ONS) data, the failure rate for DDs was 2.25% in February but previously it’s been as high as 4%. The industry should be aiming for much less than a 2% failure rate to mitigate the high cost of dealing with exceptions.
The value of account reverification
Many ‘refer to payer’ responses occur on the first DD collection, and this could be because the business hasn’t correctly validated or verified the payer’ bank account details. Even if they did the verification at the outset, it is worth reverifying regularly to ensure it still exists.
It’s also important to ensure that the messages delivered through Bacs ‘A’ Reports related to the Current Account Switch Service (CASS) have been actioned properly.
In another straw poll in the same webinar, just over half (56%) of the audience remain reliant on largely manual-based DD exception processing, with an almost even split between those that think the method is working for them and those that believe it needs some improvement.
Encouragingly, many businesses are starting to look at how to deal with exceptions in a more automated way. Fifteen percent of the audience respondents have developed their own automation tools, while 21% are reliant on third-party automation tools.
Payee/er confirmation for DDs
Historically verifying bank account ownership has been a challenge as legacy account-checking services suffered with low data coverage, especially for business bank accounts, and bank account data refreshes that could be up to a month out of date.
However, this is no longer the case. It’s been almost two years since Pay.UK enabled the use of Confirmation of Payee (CoP) for payers, enabling DD originators to access the same real-time account-checking service that has been used to successfully check payees since 2020.
While around 70 banks were live with CoP in June 2023, there are now over 285 institutions covering both business and personal bank accounts. With banks typically updating their data in near real-time or overnight, it’s never been easier to verify an account holder directly with the account-holding bank to confirm the bank account exists and the name on the account matches.
It is important to note that today, only CoP-approved participants can provide CoP solutions directly to their customers.
Performing verification at the right time
It's important to perform bank account verification at the right stage in the process, ideally within customer facing web pages, phone apps or call centres while the customer is still engaged. This is the cheapest and most effective point to remedy any errors.
A straight-through process to check the payer’s details immediately, without having to go through a convoluted process of sending in paper documentation, delivers a far better customer experience.
CoP can be used in any process where a business captures or updates bank account details to make payments or collections, not only DDs.
Responding to our straw poll, 80% of the webinar audience said that they check account holders by validating the bank account exists. Concerningly, the rest either use a tick box as a proxy for verifying account holders or were unaware that this was a requirement.
Holding sensitive data
In order to make and collect payments, businesses often need to hold bank account data in multiple systems, for example spreadsheets, ERP and CRM systems. However, holding account data adds complexity to a company’s processes and poses the risk of internal fraud and data breaches.
Controlling and auditing access to that data can be challenging. Collection and payment processes often involve unencrypted files and may require multiple teams to manage the data, with a limited audit trail on who’s viewed, accessed, or potentially edited bank account details.
One solution is to replace bank account details in your internal systems with a DD mandate reference or token. This approach can reduce the risk surface area to your business by managing account information within a centralised service. Access to account data can then be restricted to specific users and monitored through audits. Bottomline’s DDM and Payments Hub solutions, for example, allow customers to verify bank account details at the point of capture or update using CoP for Business.
In the poll, almost a third of the audience felt confident managing customer’s account data, leaving 70% feeling that processes needed improvement. While 35% believed that their data is secure from external access, they also felt they could do better internally.
Almost a quarter prefer not to hold bank account data if they can avoid it. Many businesses could reduce their risk of exposure by shifting to a more secure and controlled environment that is specifically designed to store bank account data and carrying out full validation.
The evolving Direct Debit landscape, guided by recent updates from Pay.UK, presents businesses with a timely opportunity to enhance their collections and payment processes. From changes in indemnity claim challenges to the widespread adoption of Confirmation of Payee services, organisations are encouraged to strengthen account validation practices, automate exception handling, and improve data security. With compliance scrutiny increasing, and tools now available to streamline verification and reduce fraud risk, businesses must act decisively to future-proof their Direct Debit operations and maximise value from collections.
*CoP for Business is provided by Bottomline Payment Services Ltd, who are authorized by the Financial Conduct Authority under the Payment Services Regulations for the provision of payment services with FCA registration number 616279.