Login
Get started

SEPA Direct Debit risks — and how serious operators mitigate them

SEPA Direct Debit is the most cost-efficient way to collect recurring Euro payments in Europe. It is also the rail with the longest list of operational footguns. Here is what to design for.

The 8-week refund window (and what it really means)

Under SDD Core, a consumer can request a refund for any reason — or no reason — within eight weeks of debit. The merchant has no veto. The bank simply reverses the transaction and notifies you after the fact.

This is not a chargeback in the card-scheme sense. There is no representment, no documentary defence, no fee. It is a unilateral right, and it is the price you pay for the cheap unit economics.

Operators who treat SDD as a card replacement get hurt here. Operators who design for it — clear pre-debit notifications, transparent billing descriptors, fast customer-service response — keep refund rates under 0.3%.

R-transactions: the dialect you must speak

Each carries its own ISO 20022 reason code. The mature thing to do is treat them as a finite state machine with explicit handling per code — not a single “failed” bucket.

  • Reject (before settlement): file or mandate error.
  • Refusal: the consumer pre-emptively refused the debit.
  • Return (after settlement): debtor bank refused for technical/balance reasons.
  • Refund: the consumer-initiated reversal within 8 weeks.
  • Reversal: the creditor itself reverses a wrongly-collected debit.
  • Revocation: the creditor cancels before submission.

Mandate fraud

The classic SEPA fraud is straightforward: a bad actor signs up with an IBAN that is not theirs. Until the rightful account holder notices, the merchant collects — and then everything reverses inside the 8-week window with a clean refund.

Defences are layered: IBAN-to-name verification (Confirmation of Payee where available), device fingerprinting, behavioural signals on the signup flow, and a hard rule that the first SDD is never the largest. Mature merchants also defer high-value access until at least one debit has cleared and aged 14+ days.

What a clean SDD programme looks like

  • Refund rate < 0.3% across rolling 90 days.
  • R-transaction rate < 1.5% (Core) or < 0.5% (B2B).
  • Pre-debit notification sent ≥ 2 business days before collection, with a stable billing descriptor.
  • A funnel that captures mandate, IBAN, and proof-of-account-ownership in a single, traceable session.
  • Automated dunning that doesn’t hammer R-codes that won’t resolve (e.g. AC04 — closed account).

Want to use SEPA in your own product? Nexinity is a licensed Polish payment institution that does this for a living. Talk to our team →