March 25, 2025
March 25, 2025
Product
4 minutes

How Stitch prevents fraud for DebiCheck and Debit Order

Methods like debit order and DebiCheck offer convenient ways to collect recurring debits from customers. But what happens when these methods become targets of fraud?

Ena-Marié Louw
Share this article
Copy link
How Stitch prevents fraud for DebiCheck and Debit Order

South Africa has long struggled with high levels of economic crime, with fraud rates consistently exceeding the global average by approximately 27 percentage points since 2009. One major contributor has been unauthorized debit orders. This prompted the South African Reserve Bank (SARB) and the Payments Association of South Africa (PASA) to develop DebiCheck - a system designed to enhance the security of recurring debits via authorized and tracked mandates.

DebiCheck, which took over R4 billion to implement, requires consumers to electronically confirm new debit order mandates with their bank before any debits occur. It protects consumers by ensuring that only authorized transactions are debited, and protects merchants from common challenges like debit order disputes on legitimate mandates.  This added layer of security is particularly crucial for industries like healthcare and insurance, where reliable payment collection is essential for service continuity.

While DebiCheck marks a significant step forward in combating debit order fraud, its success relies on widespread adoption by both consumers and businesses. Continued education and vigilance are necessary to ensure its effectiveness and to counter evolving fraud tactics in the payments landscape.

Here, Ena-Marié Louw, Fraud Lead at Stitch, touches on the different kinds of fraud that can occur with these recurring collections methods, and how Stitch works with our clients to prevent them. 

Fraud risks associated with DebiCheck + debit order

Unlawful disputes: 

A fraudulent user may sign up for a product or service, pay the subscription fee for one month or more, and later dispute all the collections processed against their account. This results in an unjustified dispute, allowing the user to benefit from the service or product without actually paying for it.

Identity theft:

A fraudster commits identity theft by stealing a victim’s personal details, such as their ID number, full name or banking credentials, and using this information to open a new bank account in the victim’s name. 

Once the fraudulent account is set up, the fraudster can register a DebiCheck mandate on it. Because the victim is unaware that an account has been opened in their name, they do not receive any alerts or warnings. The fraud may only come to light when the victim notices unfamiliar accounts linked to their name or when they receive debt collection notices for transactions they never authorized. By this point, the fraudster has already received the product or service.

Account takeover:

A fraudster gains unauthorized access to a victim’s existing bank account, typically through phishing, credential stuffing, or a SIM swap attack. Once inside the account, the fraudster registers a DebiCheck mandate using the victim’s details. If they also control the victim’s mobile number, they can accept the MFA prompt themselves. In some cases, they might choose to neither accept nor reject the prompt, relying on the victim’s lack of awareness to let the mandate proceed. By the time the victim realizes their account has been compromised and unauthorized deductions have been made, the fraudster has already obtained the product or service, making recovery difficult.

Proceeds of fraud:

A fraudulent user could sign up for a product or service and pay using stolen funds. If the rightful account owner later disputes the unauthorized transaction, the merchant may face a dispute against the collections, while the fraudster has already received the device or service.

How Stitch helps to mitigate DebiCheck + debit order fraud

While Stitch cannot prevent all disputes, we do proactively mitigate the risk by preventing the issuance of products or services to users with a suspicious dispute or purchasing history. This can be achieved by restricting mandate creation based on historical transaction observations.

To accurately identify clients, Stitch needs to collect information on the customer and their transaction details, including metadata related to disputed records. Additionally, Stitch helps incorporate account verification steps into the DebiCheck process.

While these checks ensure that the provided credentials belong to the specified persona and account, fraudsters may have access to this information, making the checks insufficient on their own. 

To combat this, Stitch Shield tracks and validates all transactions based on a set of rules and identifiers. If fraud is suspected, we automatically run interventions to delay processing or block users.

Get in touch to learn more about how Stitch can help detect and prevent fraud for your recurring payments.

Protect your recurring payments with Stitch

Request a demo
Further Reading
We offer multiple options for clients to integrate card payments on their platform, depending on their goals and particular use case. Here is a quick breakdown of card integration options clients can get with Stitch.
March 11, 2025
March 7, 2025
Product

Guide: Integration options on Stitch card

The Shyft team has partnered with Stitch to offer instant top-ups on the Shyft wallet via card, providing customers from any bank with more immediate access to funds for global transactions.
March 4, 2025
March 3, 2025
Product

Stitch partners with Standard Bank’s Shyft to enable instant wallet top-ups

How can businesses ensure their mandates are signed, authorized and collected efficiently? TT3 could be an answer.
February 5, 2025
February 6, 2025
Product

Optimise collections with TT3 mandates

All posts