Approval of updated versions of the SEPA Credit Transfer Scheme (SCT) and SEPA Direct Debit Scheme (SDD) Rulebooks

The EPC Plenary approved updated and enhanced versions of the SEPA Scheme Rulebooks and adjacent Implementation Guidelines for publication on 1 November 2010. The SCT and SDD Schemes evolve based on an open change management process providing all stakeholders with the opportunity to introduce suggestions for changes to the SEPA Schemes. To ensure planning security for all market participants, publication of new rulebook versions follows a strict release management cycle. In accordance with best industry practice, banks and their service providers have sufficient time to address the updates of the rulebooks and Implementation Guidelines ahead of 19 November 2011 - the date that these revised rulebooks will come into effect. The limited number of requests for additional elements introduced into the new rulebook versions demonstrates the maturity of the SEPA Schemes and highlights that they are fit for purpose. For a detailed report on the new mandatory and optional elements introduced into the updated rulebook versions refer to the article "SEPA Schemes: Next Generation" in this newsletter.

Approval of version 1.0 of the SEPA Direct Debit Fixed Amount Scheme (SDD FA) Rulebook

As reported in previous issues of this newsletter, the EPC is in the process of developing a new optional SEPA Direct Debit Fixed Amount Scheme. The new SDD Scheme will apply the regime defined in the Payment Services Directive (PSD) with regard to refund rights; e.g. the refund right does not apply in cases of authorised transactions when the exact amount of the direct debit collection is agreed between the payer (debtor) and the biller (creditor). This option is contingent upon the payer and the biller having agreed the exact amount and the frequency of collections in the mandate. The mandate to be signed by a payer authorising a biller to collect payments under the new SDD Fixed Amount Scheme will clearly highlight the difference to the SDD Core Scheme as regards the application of the refund right in case of authorised transactions to avoid misuse of the 'no-refund' feature.

In the event of unauthorised direct debit collections, the payer's right to claim a refund as stipulated in the PSD extends to thirteen months. Naturally, the right to a refund in case of an unauthorised transaction during a period of thirteen months is granted to the payer also under the new optional SDD Fixed Amount Scheme, in full compliance with the PSD.

The mandate to be signed under the SDD FA Scheme will specify the exact amount of the collection as well as the frequency of the collections, it is the case. If the biller collects a different amount than the amount stated in the mandate, or if the biller diverts from the frequency of collections agreed in the mandate, the payer can make a claim for a refund citing a case of an unauthorised transaction.

The Plenary resolved that the SEPA Fixed Amount Direct Debit Scheme Rulebook version 1.0 and adjacent Implementation Guidelines are approved as ready to be communicated to national banking communities, relevant stakeholders and suppliers, recognising that the adjacent deliverables referred to below remain to be completed and appropriately approved prior to opening the adherence process for future scheme participants and setting a launch date for the SDD FA Scheme. These adjacent deliverables include:

• A separate mandate is available. Approved translations and a specific set of layout guidelines for a separate SDD FA mandate will be prepared.
• Documentation related to adherence by payment service providers to the SDD FA Scheme will be addressed once the first version of the Rulebook has been approved by the Plenary and open questions regarding the proposed Code of Conduct (see below) will be resolved. With future approval of the updated adherence documentation the Plenary will instruct the EPC Scheme Management Committee¹ on the date when to open the SDD FA adherence process and on the launch date of the SDD FA Scheme.
• The EPC Plenary clarified that the launch of the SDD FA Scheme is subject to the development of a "Code of Conduct" specifying the type of trade environment adequate for direct debit collections under the new SDD FA Scheme. The aim of such a "Code of Conduct" is to ensure satisfactory consumer protection. This remains to be developed with the necessary involvement of all relevant market players including representatives of businesses and consumers. The EPC will support the set-up of this guidance in order to have it available as soon as possible. The ownership of this "Code of Conduct" should be shared with the regulators as well as associations representing consumers, corporates and public administrations. Furthermore, it should be decided which governance model will be used to supervise the correct application of the code of conduct usage guidance.

Establishment of a Certification Authority Supervisory Body (CASB)

As previously reported, the SDD Schemes include the optional e-Mandate feature; i.e. the option to create a mandate through an electronic channel. With a mandate the payer authorises a biller to collect payments by direct debit. At the same time the mandate authorises the payer's bank to debit the payer's account when a euro direct debit collection is presented. The e-Mandate option provides an additional means of authorising direct debit collections. The e-Mandate solution is based on secure, widely used online banking services offered by banks today. The e-Mandate solution is an optional service supported and offered by banks to their customers.

The payer's bank validates the e-Mandates issued by a payer wishing to make euro payments by SEPA Direct Debit either itself or through a validation service provider acting on behalf of the payer's bank. The routing service necessary to facilitate the communication between all parties involved in the process is supplied to the biller by the biller's bank or by one or more routing service provider(s) acting on behalf of the biller's bank. The biller and his bank should have an agreement on the conditions for the use of routing service(s).

The messages sent from the biller via the routing service to the validation service of the payer's bank are routed via open networks by making use of the Internet. In order to make this message exchange reliable and secure, the EPC has defined a standard for this messaging which is called the "EPC e-Mandates e-Operating Model". This is a high-level definition describing message flows, a data model and general requirements as regards the solution itself and the parties executing it. In addition, the detailed specifications of the EPC e-Mandates e-Operating Model facilitate consistent implementation of the e-Mandate feature by the parties involved in the process. Last but not least, the EPC e-Mandates e-Operating Model establishes a secure environment based on defined security requirements. The messages exchanged via the EPC e-Mandates e-Operating Model must be compliant with the ISO 20022 standards set out in the e-Mandate-Service Implementation Guidelines for the SDD Core and SDD B2B Schemes, respectively.

The EPC e-Mandates e-Operating Model also spells out the requirements to be met by EPC-approved Certification Authorities (CAs). It is the role of the EPC-approved Certification Authorities to securely qualify legitimate validation service providers and routing service providers. The CAs will issue certificates to validation service providers and routing service providers that meet the requirements of the EPC e-Mandates e-Operating Model. The EPC-approved Certification Authorities provide a common trust (and hence liability) model enabling secure message flows between the validation service providers and the routing service providers facilitating the e-Mandate service. Thanks to the Certification Authorities, there is no need for the parties involved in the e-Mandate process flow to establish bilateral agreements.

The EPC will allow any Certification Authority approved by the EPC according to a dedicated approval process, based on well accepted international standards, to provide certificates to validation service providers and routing service providers. The public key certificates identifying EPC-approved Certification Authorities for e-Mandate Services will be published in a so called Trust-Service Status List (TSL) for e-Mandate Services. The EPC has contracted a Trust Body to establish and publish this Trust Service List.

Any Certification Authority that wants to get EPC-approval can submit its registration request to the EPC with information on its auditor. If the auditor is not yet accredited by the EPC, the auditor must be accredited by the EPC according to the requirements outlined in the EPC document "Approval Scheme for EPC Approved CAs" (a link is included below). The auditor prepares an audit report confirming that the examination has been conducted in accordance with the standards and specifications published by the EPC and the candidate CA will sign an agreement with the EPC clarifying the liabilities between the EPC and this CA. Once the EPC has granted approval, the CA will be published as "EPC-approved CA for e-Mandates" on the EPC web site.

The Plenary established the Certification Authority Supervisory Body (CASB) - the body responsible for approving Certification Authorities in the e-Mandate process. The CASB will approve applications from candidate CAs. In addition, the CASB will also review and approve the audit reports on the TSL Trust Body.

For more information on the optional e-Mandate feature included in the SDD Schemes and the security architecture of the EPC e-Mandates e-Operating Model refer to the article "Have it Your Way! The EPC e-Mandate option: a secure way to authorise a SEPA Direct Debit payment" (EPC Newsletter, Issue 6, April 2010).

Approval of EPC-GSMA Mobile Contactless Payments Service Management Roles Requirements and Specifications

The Plenary approved publication of the joint EPC and the GSMA paper "Mobile Contactless Payments Service Management Roles - Requirements and Specifications". The paper describes the provision and lifecycle management of banks' mobile contactless payment applications when integrated with a mobile phone. It also outlines the role of the 'Trusted Service Manager", which is to support banks and mobile operators aiming to promote mobile contactless payments. For details refer to the article "Common Architecture for Mobile Payments. EPC and GSMA publish joint paper on mobile contactless payments service management" in this newsletter.

The Plenary thanked Herman Segers for his contributions as EPC Secretary General

The Plenary thanked Herman Segers, who served as EPC Secretary General since 2008, for his significant contributions and support to the Plenary. Herman Segers retired following completion of his term in office.

The Plenary welcomed Marco Musto as the new EPC Secretary General

The EPC Plenary welcomed Marco Musto as the new EPC Secretary General. Marco Musto has more than 20 years of international experience in the payments industry. His strong and extensive professional portfolio features assignments across different industry segments including the banking, processing and acquiring sectors. Since 2005, he was responsible for SEPA product development, management and deployment on behalf of leading payment service providers.

Gerard Hartsink is the Chair of the EPC.

Related article in this issue not linked above:

The Quantum Leap for SEPA Direct Debit. From 1 November 2010, all banks in the euro area are reachable for SEPA Core Direct Debit

¹ The EPC Scheme Management Committee (SMC), amongst others, administers and approves adherence applications of payment service providers wishing to become participate in the SEPA Schemes.