Direct Debit
Definition
Direct debit is a pull payment where the operator initiates a bank account debit against a pre-authorized mandate, without requiring customer action per collection.
Direct debit is a pull payment mechanism where the payee — a merchant or biller — initiates a debit against a payer's bank account using a pre-authorized mandate. The payer authorizes the operator once; the operator initiates each subsequent collection without requiring per-transaction customer action. Direct debit differs from credit transfers (payer-initiated push payments) and card payments (which route through a card network with interchange and card-scheme rules). Four major direct debit rails operate across jurisdictions: ACH debit in the United States under Nacha's Operating Rules, SEPA Direct Debit across 36 European countries under EPC rulebooks, Bacs Direct Debit in the United Kingdom under Pay.UK, and eGIRO in Singapore under ABS. Each operates on batch clearing infrastructure with scheme-specific settlement timelines, return windows, and consumer protection frameworks.
Direct debit is used when an operator needs to pull funds from a customer’s bank account on a schedule or trigger, without requiring the customer to initiate each payment. Unlike card recurring — which routes through a card network — direct debit routes directly between bank accounts, typically at lower MDR and without card-expiry risk. The trade-off is a more complex failure model: mandates must be valid before any collection is attempted, returns can occur after settlement, and consumer protection rules in Europe and the UK create reverse-flow risk that varies by scheme.
How direct debit works
A direct debit follows a consistent sequence across all four major rails:
- Mandate setup: The payer authorizes the operator to debit their account. The authorization can be paper-based, electronic, or API-authenticated. The mandate is the legal and operational foundation of every subsequent debit; a debit without a valid mandate is subject to return.
- Debit file submission: The operator — or their PSP or bureau — submits a debit instruction to the clearing network on or before the scheduled collection date, accounting for the rail’s required lead time.
- Clearing: The network routes the debit to the payer’s bank, which validates the mandate and account status.
- Settlement: Funds transfer from the payer’s account to the operator’s account. Settlement is batch-based, with timelines ranging from same-day (via Same Day ACH) to five or more business days depending on the rail and submission timing.
- Return window: After settlement, the payer’s bank can still return funds under scheme-specific conditions — insufficient funds, mandate cancellation, or consumer refund rights. Revenue is not irrevocable until the applicable return window closes.
The four major direct debit rails
| Rail | Jurisdiction | Governing body | Settlement |
|---|---|---|---|
| ACH debit | United States | Nacha | 1–3 business days (standard); same-day via Same Day ACH |
| SEPA SDD | 36 European countries | EPC | T+1 to T+5 (Core); T+1 (B2B) |
| Bacs Direct Debit | United Kingdom | Pay.UK | T+3 (fixed three-day cycle) |
| eGIRO | Singapore | ABS | Next business day |
All four use batch clearing infrastructure. None provides the sub-second settlement of instant payment rails. Operators with latency-sensitive use cases — high-value one-off purchases, immediate service provisioning — should evaluate whether the settlement lag is acceptable.
Mandates
A mandate is the pre-authorization that makes direct debit legal to initiate. Requirements differ by scheme:
ACH: Written or electronic authorization captured from the receiver before origination, retained for a minimum of two years after last use or revocation. SEC code selection (PPD, CCD, WEB, TEL) determines the authorization format requirements.
SEPA SDD: A mandate containing mandatory fields specified in the EPC rulebook, held by the creditor (operator). The operator must hold a Creditor ID before collecting mandates.
Bacs: A Direct Debit Instruction (DDI) submitted to the payer’s bank under the operator’s Service User Number. The mandate is registered with the payer’s bank — unlike SEPA, where the operator holds it.
eGIRO: API-authenticated near-real-time mandate setup via the ABS eGIRO framework. The payer authenticates within their bank’s interface; confirmation is returned via API callback.
A cancelled mandate invalidates all subsequent debits originating against it. Payers can cancel at their bank without notifying the operator directly — mandate status must be monitored, not assumed.
Consumer protection and return windows
Consumer protection varies significantly across rails and is a key factor in revenue reliability planning:
ACH: Unauthorized debit return right for consumer accounts; no fixed time limit on unauthorized claims. Overall debit return rates above 15% and unauthorized return rates above 0.5% trigger Nacha compliance review at the ODFI level.
SEPA SDD Core: 8-week no-questions-asked refund right for all consumers; up to 13 months for unauthorized debits. Refunds are paid by the payer’s bank immediately on request.
Bacs Direct Debit Guarantee: Immediate refund right for any incorrectly applied payment; no fixed time limit for unauthorized debit claims.
eGIRO: Cancellation and dispute handled via the customer’s banking interface under Singapore banking dispute resolution.
Operators collecting via SEPA SDD Core or Bacs should account for reverse-flow exposure in their revenue recognition and cash-flow planning.
Related terms
ACH
ACH (Automated Clearing House) is the US interbank network for batch bank transf...
Bacs Direct Debit
Bacs (Bankers' Automated Clearing Services) is the UK bank payment system for ba...
Recurring Payment
A recurring payment is a pre-authorised, repeating charge made by a merchant aga...
SEPA
SEPA (Single Euro Payments Area) is the European Union's unified payment infrast...