Direct debit lets a biller take money from a payer’s account on a standing authority — the workhorse of subscriptions, loans and utilities. The mandate is the whole game: get authorisation, abuse, and unpaids right or the rail turns against you.
Direct debit is the payee pulling on the payer’s standing permission. The mandate is the product; the rail just moves the money.
Direct debit is a payment the payee initiates: on a pre-agreed authority (a mandate), the biller pulls funds from the payer’s bank account on a schedule. It is the dominant rail for recurring obligations — subscriptions, insurance premiums, loan repayments, utilities, gym memberships.
Its power is also its danger. Because the biller initiates, the payer is trusting a counterparty to take the right amount at the right time — and trusting their bank and the scheme to police that trust. Every direct-debit scheme is, at heart, a set of rules about mandates, disputes and reversals.
Contrast it with a card-on-file recurring charge (a card-network construct) or an open-banking VRP (a consented, capped pull over instant rails). Direct debit is the bank-account-native version, with decades of legal and operational scaffolding.
Pull rails put the reversal power with the payer. That is the opposite of instant push — and the reason mandate integrity matters so much.
Understanding direct debit means understanding which way the instruction flows — because that determines who carries the risk, who can reverse, and what fraud looks like.
| Dimension | Direct debit (debit pull) | Credit transfer (credit push) |
|---|---|---|
| Initiator | Payee / biller | Payer |
| Authority | Standing mandate, set up once | Per-payment instruction by the payer |
| Best for | Recurring, variable-amount collections | One-off, payouts, P2P, A2A instant |
| Reversibility | Payer can dispute / claim refund within scheme window | Generally final once sent (push finality) |
| Core risk | Unauthorised or abusive pulls; unpaids | Misdirection and APP fraud |
It records who can collect, from which account, and within what scope. A weak or unverifiable mandate is the root of most direct-debit disputes and fraud.
Unlike a card-on-file fixed charge, direct debit comfortably handles variable amounts (a utility bill) with advance notice to the payer.
Schemes typically require the biller to notify the payer of amount and date before collecting — the payer’s early-warning system against surprise debits.
SEPA SDD Core gives an 8-week no-questions refund right (13 months for unauthorised). These rights are pro-consumer — and a chargeback-style risk for billers.
SEPA SDD trades strong consumer refund rights (Core) for an alternative low-refund B2B track. Pick the scheme that matches your payer base — and reserve for the refunds you cannot avoid.
In the eurozone, SEPA Direct Debit (SDD) is the harmonised scheme, run to European Payments Council rulebooks. It comes in two flavours: SDD Core (consumer-facing, with strong refund rights) and SDD B2B (business payers, no consumer-style refund right, faster finality).
An unconditional 8-week refund right, and up to 13 months to claim back an unauthorised collection. Great for payers; a real exposure billers must reserve against.
Designed for business-to-business. The payer’s bank verifies the mandate; there is no no-questions refund right, so finality is quicker.
Unlike DebiCheck, the SDD mandate is typically managed by the biller, with the debtor bank relying on it — which is why the refund rights exist as the counterweight.
SDD runs on ISO 20022 messaging. From November 2026 structured-address requirements tighten (single-line addresses phased out), part of the broader EPC rulebook updates billers must track.
South Africa took the opposite design choice to SEPA on the mandate. After years of debit-order abuse — billers loading collections against accounts with weak or fabricated authority — the SARB and PASA introduced DebiCheck: the payer must authenticate the mandate directly with their own bank before any collection can run.
This flips the trust model. Instead of the biller holding the mandate and the system cleaning up disputes afterwards (the SEPA Core approach), DebiCheck makes the bank verify the mandate up front. The result is a mandate the payer demonstrably agreed to, with the amount, frequency and account confirmed at source — far harder to dispute or fake.
DebiCheck runs alongside traditional EFT debit orders, which remain large in volume (PASA reported hundreds of millions of EFT debit transactions versus a smaller but growing DebiCheck base). The direction is clear: authenticated mandates for new high-risk collections, and tightening rules around disputes — including a 2026 change giving consumers a longer window to dispute certain debit orders.
Direct debit problems are rarely technical. They are about authority, affordability and timing — the human side of a standing permission to take money.
The collection bounces because the payer’s account is empty. High unpaid rates signal poor customer quality, wrong collection timing, or affordability problems — and they cost fees and recovery effort.
Consumer refund rights (SEPA Core’s 8-week window) can be abused — a payer claims back a legitimately authorised collection. Billers must reserve for this and keep airtight mandate evidence.
The original sin of debit orders: collecting against authority the payer never genuinely gave. DebiCheck exists precisely to kill this; markets without up-front authentication remain exposed.
Some collectors deliberately time pulls to early-morning or salary-day windows to win the race against other debits. Schemes increasingly police this; reputationally it is a liability.
Collecting more, more often, or longer than the mandate allows is a fast route to disputes and regulatory attention. Mandate lifecycle management — not just setup — is the discipline.
For subscriptions, premiums, loan repayments and utilities, direct debit is still the cost-effective default — cheaper than cards, no expiry/reissue churn, and built for variable amounts with notice. The mandate, not the rail, is where you must invest.
In South Africa, default to DebiCheck for new collections — the up-front authentication slashes disputes and is increasingly expected. In SEPA, choose Core vs B2B by payer type and reserve appropriately for Core’s refund window.
Weak mandate evidence turns every dispute into a loss. High unpaid rates burn fees and trigger scheme scrutiny. Collecting outside mandate scope invites regulatory and reputational damage — in SA, debit-order abuse is a politically charged issue, not a back-office one.
For one-off or push-suited flows, use credit transfer or instant A2A. For recurring collections where you want capped, consented, real-time pulls with better UX, evaluate open-banking VRP — it is being positioned as the modern successor to direct debit.