Direct debit and the risk of payment fraud; by Gerry Hill, managing director, Direct Debit Limited
With the claimed improvement in the security of chip and pin in the area of credit card payments, the spotlight has switched to other areas such as Direct Debit as a potential alternative area of fraud risk. So how secure is Direct Debit compared to alternative cheque or card payments?
At one level, the nature of the typical Direct Debit payment as used for regular payments is inherently less susceptible to fraud, as there is likely to be a more established relationship between vendor and customer in the case of repeat payments, rather than the one-off purchase more typically associated with the cheque or credit card.
However, there are anti-fraud software solutions available to enhance the security of Direct Debit payments, by verifying the purchaser’s identity through checking the answers to a simple set of personal questions via access to relevant databases.
There is an erroneous yet widely-held belief that credit checks provide the necessary level of additional security here. The reality is that this is insufficient to provide the level of identity verification needed to meet Know Your Customer (KYC) requirements. In addition, this will become more important as the setting up of Direct Debit mandates becomes increasingly paperless.
As one door closes…
According to latest figures from the Home Office Identity Fraud Steering Committee, identity fraud cost the UK economy £1.2 billion in 2008.
In retail, as elsewhere, fraud causes pain to all the stakeholders involved. The bank and the consumer suffer financial loss and the hassle of dealing with the fraud. However, for the retailer as the Direct Debit originator, there is the additional reputational risk as well as lost revenue opportunities.
In helping to tackle this problem, Bacs Payments Schemes Ltd (BPSL), which manages the Direct Debit Scheme, continues to work with banks to eliminate ID fraud through strong scheme compliance. Paperless instructions in particular have been seen as potentially vulnerable to fraud and, as a result, KYC checks have now been made mandatory.
In 2008 the banks combined to make changes to the Direct Debit Scheme Rules. Today therefore, in the case of paperless Direct Debit Instructions (DDIs), the banks mandate the retailer originators to ensure –
*That the payers are who they say they are,
*That they live where they say they live, and
*That the bank account belongs to them.
An advanced software solution such as Direct Debit Limited’s own DD-iD(tm) can help here, by providing a fully automated, on-line ID check which ensures compliance with the various demands of BPSL, the Direct Debit Scheme and the banks.
This is achieved by tying a person to an address and to a bank account in real time. The result is that the risk of fraud is minimised, whilst enabling the retailer to comply fully with their obligations under the new Direct Debit Scheme Rules.
Data is sourced through a large number of UK databases, including DVLA, Electoral Roll, passport, postal and credit card data and utility listings. However, in order to protect customer data and user integrity, this data is not accessed directly. Instead, in any search, cutting edge technology uses algorithms to source specific data elements only to verify a customer’s identity.
In addition, different levels of checking can be applied depending on the needs of the business, the bank or the regulator, up to and including fully auditable, best practice KYC verification where required.
Customer benefits
In the past, customer verification has been essentially manual and therefore slow and prone to error. By adopting such an automated approach, not only will the business become more efficient and better protected, but the customer experience will be enhanced by eliminating laborious and expensive physical checks, or slow and complex on-line or telephone sign-ups.
