ECJ ruling on litigation between Deutsche Bahn and Austrian Consumer Protection (VKI)
As you may have already read in the press, on 5 September 2019 the European Court of Justice ruled in Case C-28/18 that an online merchant offering direct debits as a means of payment may not restrict this payment method to domestic residents only. The Court bases its decision on Article 9(2) of the SEPA Regulation. According to this, it is forbidden to prescribe to the payer the member country in which the payer maintains his account.
The European Court of Justice saw indirect discrimination in the requirement of domicile. Due to the fact that most buyers would also maintain their account in their country of residence, the restriction to a certain place of residence would be an indirect discrimination, which the prohibition of discrimination of the SEPA Regulation would deprive of its practical effectiveness.
This judgement has been well received by the press. In some pronouncements, the direct debit as a payment method was considered to be no longer feasible as a whole because credit checks, such as those offered in Germany by SCHUFA, are not available in all member countries.
Against this background, we would like to explain in more detail how risk analysis works with Ratepay payment methods and why we consider the impact of the judgment to be very limited on our payment methods:
Ratepay’s risk system uses a large number of data points and our experience in the field of online payment and payment processing to determine the probability of non-payment based on a mathematical-statistical evaluation. If the probability of default is too high, a payment can be rejected. The data points included in the calculation include the price of the goods or service, details of the buyer or user of the service, shopping basket amount, technical data, order times and frequencies, device data and historical information about orders already placed with a Ratepay payment method. Address information is just one of many data points that can - for example - also give an indication of a fraud pattern in connection with the geolocation of the buyer's device if there are – taking all data points into account - indications of unusual and possibly fraudulent user behaviour.
In addition to Ratepay’s own risk analysis mechanisms, under certain circumstances, Ratepay also uses information from external service providers such as SCHUFA. However, we do not exclude any customers on this basis alone.
As a payment institution, Ratepay are also obligated to this type of risk management under supervisory law. Within the framework of combating fraud, risk analysis by Ratepay also serves to protect consumers from misuse of their data by third parties and to protect economic stakeholders from financial losses.
When using the Ratepay payment methods offered by the merchant, such as the SEPA direct debit, a complex risk analysis is carried out based on the evaluation of a large amount of data. Discrimination based, for example, on a (country-specific) IBAN code, nationality or domicile is thus ruled out.