Jerome Traisnel, CEO, SlimPay: "As electronic payment evolves, the IBAN becomes a sensitive data"

There are many electronic mandate solutions in the Euro area. Could you elaborate on the strengths of the e-mandate solution SlimPay provides?

SlimPay is a universal (whatever the payer’s PSP is), synchronous (real-time) and multi-channel (PC, tablet, mobile, call center and point-of-sale) solution for pan-European electronic mandates. Acting as payee’s PSP, SlimPay delivers added value that makes payee responsibilities and liabilities clearer such as payment guarantees. It should be classified as a three-corner/creditor model. The solution has been available on the market for three years and has collected and managed more than 4 million SDD electronic mandates in 24 SEPA countries for bank accounts in 531 different European payer’s PSP. It serves currently more than 1,000 creditors across Europe, with several large corporates running cross-border direct debit collections. The solution is also opened to creditors that do not select SlimPay as their PSP for SEPA operations.

How does the authentication process work? Do the necessary steps required to complete the process comply with the ECB’s Recommendations for the security of Internet payments released in January 2013?

The solution already complies with ECB’s recommendations and works in three steps. First, the payer’s identification is the responsibility of the creditor, and is based on a body of evidence directly related to the commercial contract. SlimPay delivers a risk assessment for each registration to alert the creditor when additional identity check is recommended. Second, authentication relies on a strong customer authentication as defined by ECB, based on two factors such as personal identification number and SMS OTP received by mobile phone. Third, authorization uses an advanced electronic signature delivered by an approved Certification Authority based on X509.

What is your response to several companies’ reluctance in outsourcing the management of their mandates due to worries regarding the confidentiality requirements?

As encountered for bank card payments where outsourcing is nowadays the only way possible, the management of alternative payments will have to deal with confidentiality and security constraints. The payer’s PSP is of course the ideal partner to play this role, being supervised and regulated by ECB’s recommendations. As electronic payment evolves, the bank account number (IBAN) becomes a sensitive data. The merchant’s image may be dramatically altered by any breach of its customers’ IBAN database. The trend moves then forward to the universal adoption of outsourced virtual safe-deposit box for all sensitive payment data and tokenization with their PSP.

In your opinion, do the measures you take to prevent identity theft during the authentication have a direct impact on conversion rates?

Although we have implemented ECB’s recommendation for strong user authentication and we process an advanced electronic signature of the mandate, the conversion rate of our solution is higher than 92%. This proves that security is not always incompatible with conversion. Some may argue that no prevention at all delivers better conversion figures. The risk mitigation needs indeed to be assessed by the merchant. However this assessment should not alter the consumer right to be protected and have a peaceful usage of its payment means. Identity theft is a nightmare for the consumer, and our responsibility is to promote a virtuous commerce.

SlimPay started offering its services in France, what industries do you have in mind when expanding across Europe? Do you have any competitors at European Level?

Our aim is to enable the digital transformation of the subscription economy. The subscription ecosystem has no frontiers and accounts already for 22% of the total B2C online commerce. We are notably targeting the cloud industry and the businesses that are running on subscription whatever it is about content, access, donation and service. We have opened an office in Berlin and Brussels. Banks may be seen as competitors in this approach. They are in fact good partners in most of the cases. We provide innovative value whereas our partners bring long-term relationship with key merchants.

Do consumers have the possibility to cancel a direct debit mandate? From your experience, what is the percentage of consumers that do this?

A consumer has the possibility to revoke a mandate at any time. He can do it directly to his merchant, via his PSP, or via the merchant’s PSP (SlimPay in our case). The percentage is extremely low, around 0,25%. It is not always necessary to revoke a mandate. If the mandate is not used anymore, it will become invalid automatically after a certain period of time. Acting as a payee’s PSP, we estimate that our role is to assist the merchant is handling claims and mandate suspensions in order to create a virtuous ecosystem, the basis of the consumer confidence in payments.

About the author:

Jerome Traisnel is CEO and co-founder of SlimPay. He is also the president of the Non-Bank Payment Institutions Association (AFEPAME). Jerome founded Freever in 2000 that became one of the first European mobile social media. Jerome held various management positions in Gemalto.

Company description:

SlimPay enables the digital transformation of the subscription economy. With SlimPay, companies and organizations set up innovative subscriptions offers to customers and collect recurring payments more efficiently. Subscriptions increase customer loyalty and reduce the risks of payment incidents by offering secure payments via direct debit, or by combining direct debit and credit card payment.