How debit order works in South Africa

Executive summary

A debit order is a pre-authorized payment instruction that allows a business or organization to withdraw funds directly from a customer’s bank account on an agreed recurring date. These are typically used to collect loan instalments, insurance premiums, utility bills, school fees, or subscription payments. 

For businesses, they offer predictable cash flow and simplified collections. For consumers, they provide a hands-off, structured way to manage monthly obligations.

At their core, debit orders are governed by formal mandates; agreements between the payer (consumer) and the payee (business) which authorize the withdrawal of funds from a bank account on specific dates. These transactions are facilitated through a complex ecosystem that includes banks, payment processors, clearing houses, and regulatory bodies.

The system is regulated by the South African Reserve Bank (SARB) and coordinated by the Payments Association of South Africa (PASA). It currently operates across three primary debit order types: Electronic Funds Transfer (EFT), Registered Mandate (RM), and DebiCheck

Since DebiCheck’s introduction in 2019, it has grown steadily, with user uptake increasing by 5% in 2023 and a further 14% in 2024. This trend reflects a shift towards secure, consumer-controlled payment mechanisms. At the same time, the system is processing roughly 16.7 million debit order collections per month, with total annual values exceeding R2.45 trillion in 2024 alone.

Yet the debit order is not without problems. Dispute rates have increased from 2.3% in 2014 to 13.8% by 2024. Abuse of the EFT system remains a persistent issue, often exploited by unscrupulous lenders or service providers operating without proper oversight. Failed payments, mandate mismanagement, and consumer mistrust continue to undermine confidence.

Behind the scenes, infrastructure providers like Direct Debit, Netcash, and BankServAfrica are enhancing their API capabilities and supporting settlement models. There’s also growing emphasis on integrating debit orders with mobile money systems and digital wallets, making way for a more accessible, flexible ecosystem.

This report unpacks the mechanics, rules, challenges, and innovations shaping debit orders in South Africa between 2019 and 2024 offering a full view of where the system is headed and what it means for businesses and consumers alike.

How South Africans govern debit order

South Africa’s debit order system operates within a structured and tightly regulated environment overseen by two central authorities: the South African Reserve Bank (SARB) and the Payment Association of South Africa (PASA). Together, they define the operational, legal, and technical rules that ensure debit orders are processed securely, efficiently, and with proper consumer safeguards.

SARB’s role 

SARB governs the overall stability and safety of the country’s financial system. It manages the final settlement of all interbank payments through the South African Multiple Option Settlement (SAMOS) system. In this capacity, SARB ensures that all payment activities including debit orders adhere to the National Payment System Act 78 of 1998, which sets the legal framework for how money moves between individuals, institutions, and service providers.

SARB also leads long-term strategic reforms through its Vision 2025 program. This initiative focuses on modernizing payment infrastructure and improving consumer protection across the board. The reform of debit order processes is a major part of this plan, as the central bank looks to reduce system abuse and build a safer, more reliable payments environment.

PASA’s management and enforcement role

While SARB provides the regulatory oversight, the Payment Association of South Africa (PASA) acts as the operational authority for the debit order system. Recognized as the official Payment System Management Body, PASA is responsible for coordinating interbank rules, enforcing compliance among its members, and ensuring that all debit order types operate under strict, uniform standards.

PASA sets the technical specifications for how mandates must be captured, stored, and validated. It monitors payment flows between service providers and banks, oversees dispute resolution protocols, and directly penalizes non-compliant operators. Over the past five years, PASA has taken increasingly aggressive steps to clean up the system. Since 2019, it has removed 233 non-compliant users from the payment ecosystem, many for initiating unauthorized debit orders representing over R1.6 billion in abuse-related costs annually. The penalty for a single unauthorized debit order can reach R1,000, which shows the seriousness with which PASA treats system abuse.

Featured read: A report on how debit order works in Botswana

Legally recognized types of debit orders

There are three main types of debit orders permitted in South Africa, each with a different risk profile and level of consumer protection:

• DebiCheck. Debit orders require direct, electronic approval from the consumer before any money is withdrawn. This approval happens through the consumer’s bank via app, SMS, or internet banking and must be obtained for the initial transaction. Once set up, the consumer’s bank stores the mandate and validates each collection against that mandate before allowing funds to be debited. Any changes to the debit order such as amount, frequency, or due date must be communicated to the customer before they take effect. DebiCheck debit orders are processed during the morning payment window, timed to follow salary deposits for maximum success rates.
• Registered Mandate (RM). Debit orders are also stored by the consumer’s bank, and the bank validates each collection against the registered mandate. However, these do not require the consumer’s approval through the bank at the point of setup. Instead, the consumer grants permission directly to the service provider, which then submits the mandate for registration. While this makes RM slightly less secure than DebiCheck, it still provides visibility and traceability. RM debit orders are processed in the evening with first priority after DebiCheck.
• Electronic Funds Transfer (EFT) debit orders. This is the least secure of the three. They can be authorized via paper forms, voice recordings, or electronic methods, and the mandate is stored by the service provider, not the bank. The bank does not validate these mandates before processing the debit, and the customer typically has no visibility into the mandate via their banking app or platform. EFT debit orders are processed during the evening clearing cycle, after both DebiCheck and RM payments. This structure makes them vulnerable to abuse, and they continue to account for a high volume of disputes and consumer complaints.

Legal requirements

Before initiating any debit order, service providers are required to obtain a valid mandate from the customer. This mandate may be written, voice-recorded, or electronically authorized, depending on the debit order type. Failure to obtain or store a valid mandate is a direct violation of PASA rules.

Banks are also legally required to provide consumers with dispute resolution channels. If a customer challenges a debit order, the bank must investigate and process a reversal within 40 calendar days.This consumer protection mechanism is important  in reducing the long-term effects of unauthorized debits, especially for lower-income consumers who may be disproportionately affected.

In addition to storage and dispute obligations, banks and service providers must implement internal controls to prevent mandate tampering and enforce verification procedures. These requirements form part of PASA’s broader anti-abuse strategy.

With the mandatory transition to Registered Mandates by March 2025 and the increasing adoption of DebiCheck, the debit order system is moving toward a more transparent and accountable structure. PASA and SARB are both pushing for industry-wide adoption of secure, consumer-informed debit order practices that are less prone to fraud and more aligned with South Africa’s evolving digital economy.

How debit order works in South Africa

South Africa’s debit order system is built on a dual-layered structure designed to balance operational flexibility for businesses with growing demands for consumer protection and transaction transparency. This structure integrates both legacy systems and modern payment technologies, allowing for different types of debit orders to be processed based on the level of authentication required, the timing of the transaction, and the type of mandate involved.

The two-tier system

South Africa’s debit order system is structured around two parallel processing models each serving distinct use cases, risk profiles, and regulatory expectations. These are the legacy Electronic Funds Transfer (EFT) system and the DebiCheck framework, which is aligned with the international ISO 20022 standard for structured electronic data exchange.

EFT debit order system. The EFT debit order system has been in use for decades and remains the backbone of most recurring payment arrangements. It allows service providers, such as lenders, insurance firms, subscription platforms, and utility companies to debit customer accounts based on a previously agreed mandate. However, one of its main limitations is the lack of real-time validation at the bank level. Once a business has the customer’s consent, it can submit a debit instruction via its sponsoring bank, and the transaction is processed during evening clearing cycles.

While EFT debit orders support high-value transactions up to R1 million per instruction they are also more vulnerable to misuse. Because mandate validation is not performed at the bank at the point of collection, fraudulent or unauthorized deductions are more difficult to prevent in real time. Disputes must be addressed after the fact, often placing the burden on the customer to reverse charges and prove a lack of consent.

Despite these risks, EFT debit orders remain popular, especially among smaller businesses or creditors operating in high-volume, low-margin environments. Their low implementation barrier and compatibility with existing banking systems have helped sustain their relevance, even as the industry moves toward stronger authentication standards.

The DebiCheck system represents a significant leap forward in transaction control, built to directly address the weaknesses of the EFT model. Introduced by PASA in 2019, DebiCheck requires upfront electronic approval from the customer before a single debit order can be activated.

This approval is facilitated through secure digital channels managed by the customer’s bank such as mobile apps, USSD prompts, ATMs, or internet banking. Once approved, the details of the mandate (including the amount, frequency, and debit date) are securely stored within the banking system and referenced each time a collection attempt is made. If any key element of the mandate changes, the consumer is notified and must approve the change before the updated debit can proceed.

DebiCheck transactions are prioritized in morning clearing cycles, giving businesses a better chance of accessing available funds especially important for lenders and subscription services that depend on first-attempt success. However, DebiCheck also has a lower transaction cap of R30,000 per instruction, reflecting its primary focus on consumer-level debit orders rather than large corporate payments.

Importantly, DebiCheck shifts the power dynamic. Consumers are no longer passive participants in debit order setups. They must actively confirm their participation, reducing the potential for unauthorized or abusive debit instructions.

The Early Debit Order (EDO) model lies between the  EFT and DebiCheck. It includes Authenticated Early Debit Orders (AEDO) and Non-Authenticated Early Debit Orders (NAEDO). These were originally introduced to increase the chances of successful collections by targeting salary deposit windows.

AEDO requires card-and-PIN verification at the time of agreement often used in physical retail or loan application settings. Once approved, future debits follow the same early morning processing schedule as DebiCheck. NAEDO, on the other hand, is based on a signed or voice mandate but does not require card or real-time digital authentication. While still used in some sectors, NAEDO has seen declining adoption due to its vulnerability to abuse.

Over time, both AEDO and NAEDO are being phased out in favor of DebiCheck, which combines the early collection advantage with stronger authentication and a fully bank-validated process.

Mandate initiation

Every debit order, regardless of type, begins with a mandate, the formal agreement that authorizes the service provider to collect funds from a customer’s account. This is the legal and operational cornerstone of the entire system.There are three main ways mandates can be established:

• Written mandates involve physical, signed documents that outline the collection terms agreed upon by both parties. Though still valid under PASA regulations, written mandates are gradually giving way to digital alternatives due to issues with storage, verification, and efficiency.
• Electronic mandates are captured through secure web forms, portals, or APIs provided by payment service providers. These digital mandates can be signed electronically and stored in encrypted databases, making them easier to audit and retrieve during disputes.
• Voice-recorded mandates are used in call center environments. These are recorded under strict legal and procedural guidelines, including identity verification and confirmation of mandate terms, ensuring they meet PASA’s requirements.

For DebiCheck, a separate authentication process occurs once the mandate is established. The customer receives a digital prompt via their bank to review and confirm the details of the agreement. This step is compulsory before the first collection can take place. Without this bank-issued confirmation, the debit order cannot be activated.

Once created, mandates are stored in different locations based on the debit order type. For DebiCheck and Registered Mandate transactions, the customer’s bank holds the mandate, enabling bank-level validation and full visibility. In contrast, EFT mandates are stored solely by the service provider, which limits transparency for consumers and increases the risk of unauthorized debits going unnoticed until after funds are withdrawn.

Featured read: Don’t have access to GSI? Use direct debit to achieve same result

Debit order flow (simplified)

• Mandate setup: The consumer authorizes the debit order, either by signing a mandate, completing a digital form, or confirming via phone or bank interface (in the case of DebiCheck).
• Mandate storage: Depending on the type of debit order, the mandate is securely stored by the consumer’s bank (DebiCheck and RM) or by the service provider (EFT).
• Instruction submission: On the agreed debit date, the service provider submits a debit instruction through their bank or PSP platform for clearing.
• Validation and clearing: The consumer’s bank validates the debit order against the stored mandate if required (for DebiCheck and RM). BankservAfrica clears the transaction across participating institutions.
• Settlement: If validation passes and funds are available, money is withdrawn from the consumer’s account and transferred to the service provider’s account.
• This structured flow, while highly automated, depends on strong governance and effective system checks. The mandate verification step is vital in preventing unauthorized deductions and limiting downstream disputes.

Market participants 

South Africa’s debit order ecosystem operates through a layered network of participants, each playing a distinct role in facilitating, regulating, or enabling recurring payments. From traditional banks and fintech innovators to backend processors and clearing systems, the ecosystem reflects a blend of legacy infrastructure and evolving digital solutions.

Traditional banking sector

South Africa’s four largest banks: Standard Bank, Absa, FirstRand, and Nedbank remain the dominant players in the debit order market. These institutions serve dual roles: they provide the consumer-facing interfaces for setting up and disputing debit orders, and they also operate as sponsoring banks for businesses and service providers that need access to the national payment system.

As custodians of consumer accounts, these banks are responsible for storing mandates (in the case of DebiCheck and Registered Mandates), verifying transactions before they are executed, and facilitating reversals when necessary. They also compete aggressively for business clients in sectors such as insurance, credit, and utilities, offering tailored debit order products as part of broader cash management and merchant service packages.

However, their dominance is being gradually challenged. The traditional banks face increasing pressure from digital-first providers that offer faster onboarding, more transparent pricing, and developer-friendly APIs designed for modern business environments.

Fintech innovation 

South Africa’s growing fintech sector has introduced innovation into the debit order space. Platforms like Stitch Money, Yoco, and Peach Payments offer merchants and startups unified payment stacks that go beyond debit orders incorporating instant EFTs, card payments, digital wallets, and subscription billing tools.

These fintechs are especially attractive to technology driven businesses and small merchants seeking plug-and-play integrations without dealing directly with large banks. By offering API-first infrastructure, these platforms simplify the complexity of recurring payments, including mandate creation, customer authentication, and payment tracking.

One of the most notable contributions of fintech in this space is the consumer experience layer. Unlike legacy systems that require multiple offline steps, fintechs offer in-app debit order sign-ups, instant verification flows, and real-time notifications features that align with modern user expectations.

Despite these advancements, fintech adoption remains skewed toward urban, digitally literate users. The challenge ahead lies in extending this convenience to sectors with lower levels of digital access or financial literacy.

Payment service providers (PSPs)

Another key part of the ecosystem is the group of Payment Service Providers (PSPs) that bridge the gap between businesses and the banking system. Companies like Netcash, Paysoft, and Ecentric Payment Systems provide end-to-end debit order solutions. These typically include:

• Mandate management systems (including voice and digital capture)
• Batch and real-time processing tools
• Integration with BankservAfrica for clearing
• Reporting dashboards and automated reconciliation

Many PSPs also offer developer APIs that allow businesses to embed debit order functionality directly into their software systems. This is especially useful for subscription platforms, microlenders, and service providers that require high-volume recurring payments without manual overhead.

Smaller businesses often rely on PSPs rather than dealing directly with sponsoring banks. PSPs reduce the technical and compliance barriers, while still ensuring that transactions flow through the regulated interbank channels mandated by PASA.

Specialized debit order processors

Companies like Altron FinTech also offer dedicated debit order collection platforms. These are not general payment processors but focused services built specifically around recurring collections. Their platforms are cloud-based, with integrated validation tools, customizable payment schedules, and failover mechanisms to retry failed debits.

These specialists often serve industries with high transaction volumes and specific compliance demands such as financial services, education, healthcare, and municipal billing. Some also offer hybrid solutions that combine EFT debit orders, DebiCheck, and card billing in one consolidated environment.

Mobile money

Unlike many African countries where mobile money dominates payment rails, South Africa remains an outlier. The country’s widespread bank penetration, coupled with a historically strong card and EFT infrastructure, has stunted mobile money’s adoption.

One of the most notable examples is Vodacom’s M-Pesa, which was launched in South Africa in 2010 but shut down in 2016 after failing to achieve necessary mass. Despite an ambitious goal of reaching 10 million users, the service had just 76,000 active users at its peak. The failure was attributed to several factors: a mature banking sector, limited merchant acceptance, and a product-market mismatch.

As a result, debit orders in South Africa have remained largely bank-centric, processed through formal channels rather than mobile wallets or USSD-based interfaces common elsewhere on the continent. While some fintechs have attempted to revive wallet-based models, none have gained significant traction in the debit order space.

Clearing and settlement

At the center of the debit order infrastructure sits BankservAfrica, South Africa’s automated clearing house. Owned by the country’s major banks, Bankserv is responsible for routing debit instructions, validating settlement information, and ensuring that funds move correctly between banks.

Every debit order initiated whether through a fintech, PSP, or bank ultimately flows through Bankserv for final processing. The platform handles both same-day clearing (for DebiCheck and AEDO) and delayed settlement (for EFT and RM), depending on the transaction type and timing.

Bankserv also plays an important role in dispute management, fraud detection, and system uptime monitoring, helping to maintain the operational reliability of South Africa’s entire debit order framework.

Adoption patterns and use cases

Debit orders remain a foundational payment mechanism in South Africa’s financial system, particularly for businesses and institutions that depend on predictable, recurring income. From formal lenders to municipal service providers, the reliability of debit order collections makes them indispensable for managing large-scale payment flows. On the consumer side, adoption is steadily increasing, driven by broader shifts toward digital financial services and reinforced by the added security of systems like DebiCheck.

Business applications

For many sectors, debit orders are the default collection method. Their automation reduces the overhead associated with manual billing, ensures predictable cash flow, and helps minimize defaults through consistent scheduling.

Insurance providers rely on debit orders to collect monthly premiums across all categories: life, health, and short-term cover. The system supports both traditional insurance models and newer insurance technology offerings, many of which embed DebiCheck authentication to reduce payment disputes and cancellations.

Lenders, both banks and alternative credit providers, use debit orders to enforce loan repayment schedules. This applies across the board: from mortgage payments and vehicle financing to short-term personal loans and payday advances. A successful debit order system enables lenders to reduce delinquency rates and plan capital allocation with more certainty.

Utility companies and municipalities, including those managing electricity, water, waste management, and telecommunications depend on debit orders to simplify household billing. In a landscape where non-payment of utilities can create systemic strain, the debit order model offers a reliable method to ensure revenue collection without relying on in-person payments or call center follow-ups.

Subscription-based services such as gyms, streaming platforms (e.g., Showmax, Netflix), software-as-a-service (SaaS) providers, and educational platforms also benefit from debit orders. For these businesses, predictable revenue through automated billing is essential for growth and investor confidence. Many of these newer entrants now prefer DebiCheck-enabled debit orders due to lower chargeback rates and improved customer transparency.

Consumer trends

While debit orders are widely used in formal financial engagements, it’s important to recognize that cash still plays a dominant role in South Africa’s everyday economy. Informal traders, domestic services, and day-to-day purchases are still often settled in cash, particularly in lower-income areas and rural regions where bank infrastructure is limited.

However, the shift toward digital transactions is gathering momentum. Debit card usage has seen consistent year-on-year growth, with an average of 89.2 transactions per card in 2024, up from 61.8 in 2020. This increase is tied to several factors:

• Post-COVID behavioral changes, where contactless payments became a health and safety priority
• Higher penetration of point-of-sale (POS) terminals, particularly in retail and transport sectors
• Increased adoption of mobile banking apps, particularly among younger and urban consumers
• Trust in DebiCheck, which reassures consumers that they have control over recurring deductions

Consumers who previously avoided debit orders for fear of being scammed or debited without consent are now more open to participating especially when DebiCheck is used. Its upfront approval process via bank notification restores a sense of control and has helped reduce the emotional and financial frustration of unauthorized debits, a long-standing pain point in the market.

Featured read: GSI vs Direct Debit: Similarities and differences

DebiCheck’s adoption growth

Although DebiCheck faced a slow rollout in its early years, recent adoption figures point to significant progress. By 2024, over 6 million consumers had active DebiCheck mandates, marking a 14% increase from the previous year. The number of successful DebiCheck collections also grew, indicating not just more signups, but higher usage and merchant trust in the system.

This uptick aligns with broader regulatory pressure and merchant incentives to migrate from legacy EFT and NAEDO systems. Since the March 2025 deadline for mandatory Registered Mandate compliance has now passed, more businesses particularly in high-risk sectors like lending and insurance have transitioned to DebiCheck as their default collection model.

That said, gaps remain. Adoption is still uneven across income brackets and industries. Many small businesses and informal service providers have yet to integrate debit order solutions, either due to cost, complexity, or lack of customer demand. Bridging this adoption gap will require continued fintech innovation, better consumer education, and simplified onboarding tools for merchants.

System limitations

While debit orders remain essential to South Africa’s payment infrastructure, their implementation is not without friction. The system continues to face structural, behavioral, and technical challenges that undermine its effectiveness. As adoption grows, so too does the complexity of managing consumer expectations, fraud risks, dispute volumes, and compliance overhead. The issues detailed below remain at the heart of ongoing reform efforts.

Dispute rate crisis

The most persistent and damaging challenge in the current debit order ecosystem is the escalating dispute rate. What was once a manageable concern 2.3% of transactions in 2014 has transformed into a systemic issue, reaching 13.8% by 2024. On average, 1.9 million disputes are now processed each month, creating a significant operational burden on banks, payment processors, and service providers alike.

Most disputes do not stem from outright fraud. PASA estimates that nearly 90% of these reversals are the result of consumers intentionally disputing valid debit orders, often for cash flow reasons such as trying to delay a payment or prioritize spending elsewhere. This type of behavior, sometimes referred to as “friendly fraud,” distorts the intention behind the dispute system and inflates reversal volumes unnecessarily.

For banks and service providers, this issue translates into lost revenue, administrative strain, and increased reputational risk. For consumers, it can mean confusion over the legitimacy of their own transactions, unnecessary fees, and even long-term credit consequences if valid payments are reversed and services are suspended.

Security and fraud concerns

Despite years of technological upgrades, unauthorized debit orders remain a serious concern. High-profile scams like the “R99 debit order scam” in which small, unauthorized amounts were systematically debited from thousands of accounts without consent have left a lasting impact on public perception. Even when consumers are aware of the dispute process, the mere presence of these scams has undermined confidence in the system.

DebiCheck was introduced largely to combat this issue. Its real-time mandate verification mechanism and requirement for upfront customer approval significantly reduce the risk of rogue debit orders. However, adoption is still not universal, and older EFT systems, which don’t require bank-side validation, continue to be exploited.

Moreover, fraudsters now adapt to new technologies just as quickly. There are ongoing reports of synthetic mandate creation, impersonation of legitimate businesses, and abuse of voice mandate loopholes. These cases are harder to detect and often go unnoticed until patterns are identified across a large volume of transactions.

Technical and infrastructure limitations

At a systemic level, debit order processing still relies on a mix of legacy systems and newer frameworks. While DebiCheck is based on the ISO 20022 messaging standard, much of the EFT infrastructure predates this standard and lacks real-time capabilities.

This creates a fragmented ecosystem in which banks, fintechs, PSPs, and merchants must operate across multiple protocols and timelines. As a result, technical integration becomes costly and time-consuming, especially for smaller businesses that lack the engineering resources of larger financial institutions.

The recent migration from the Registered Mandate Service (RMS) to the new Registered Mandate (RM) framework, completed by March 2025, further illustrates the scale of coordination required. This migration involved changes to data formats, authentication processes, dispute resolution timelines, and back-office reconciliation procedures. Many providers struggled with the transition, especially those without direct access to core banking systems or updated API documentation.

These limitations make it harder to introduce agility into the system. For example, updating mandate information, onboarding new merchants, or adapting to compliance changes can take weeks or even months depending on the readiness of upstream systems.

Consumer trust and education gaps

Even where technical improvements have been made, the system still suffers from low consumer awareness. Many South Africans are unable to distinguish between DebiCheck, EFT, and other debit order types. Few understand what makes a mandate valid, how to approve one, or when they are within their rights to dispute a debit.

This knowledge gap contributes directly to dispute rates, as consumers sometimes reverse transactions simply because they don’t recognize the name of the service provider or misremember signing a mandate. Others are unaware that repeated reversals of valid debit orders may affect their credit standing or lead to service suspensions.

Banks and service providers have attempted to close this gap through SMS alerts, mobile app prompts, and customer education campaigns. However, the impact has been uneven, especially in communities with low digital literacy or where informal lending practices blur the lines between formal mandates and verbal agreements.

Notably, DebiCheck’s own performance reveals the issue: while over 6 million consumers have registered for DebiCheck by 2024, the mandate approval rate hovers around 62%, meaning that nearly 4 in 10 debit order requests go unconfirmed. In many cases, consumers simply ignore the authentication prompt, unsure of what it means or fearing it’s a scam.

Bounced payments and the cost of failure

A more operational challenge lies in bounced debit orders transactions that fail due to insufficient funds in the consumer’s account. This is particularly common in industries like microlending, prepaid services, and insurance, where debit orders are timed around salary runs but may not always align with actual deposit dates.

Failed debit orders result in penalty fees for the customer, lost revenue for the service provider, and administrative costs for banks. In cases where debit orders bounce repeatedly, businesses may be forced to write off the payment or suspend the service, increasing churn.

Moreover, timing mismatches between debit windows and salary deposits especially for part-time workers, freelancers, or grant recipients can exacerbate the problem. DebiCheck’s morning window prioritization offers some protection, but only when authentication and timing are executed correctly.

Featured read: A report on how direct debit works in Tanzania

The RMS to RM transition

The mandatory transition from the Registered Mandate Service (RMS) to the Registered Mandate (RM) model, which took effect in March 2025, marked a significant regulatory shift in South Africa’s debit order ecosystem. Driven by the South African Reserve Bank (SARB) as part of its Vision 2025 strategy, the transition was designed to eliminate the long-standing dependence on non-authenticated collections within the early debit order (EDO) processing window. By enforcing stricter mandate authentication and removing non-verified instructions from priority processing cycles, the move aimed to strengthen consumer protection, improve system integrity, and reduce debit order abuse.

Under the RMS model, businesses were able to process early debit orders typically in the morning salary run window without real-time consumer authentication, relying instead on pre-existing mandates stored and managed within the service provider’s infrastructure. While this system offered high success rates for collections, it opened the door to abuse, particularly when mandates were disputed, poorly documented, or misused. Consumers were often debited without adequate transparency or control, undermining trust in debit order systems overall.

The RM framework addresses this issue by enforcing stricter mandate registration standards, greater accountability through bank-side mandate storage, and by removing all non-authenticated mandates from the early collection cycle. From 2025 onward, only authenticated transactions such as DebiCheck are allowed to run in the early window. All other transactions, including those under RM, are relegated to the evening processing cycle, effectively deprioritizing them in favor of consumer-controlled debit order types.

Impact on collection success rates

One of the most tangible impacts of this transition is the expected drop in collection success rates. Historically, RMS mandates processed in the early morning hours benefited from higher success probabilities due to alignment with payroll credits and social grant disbursements. Many lenders and insurers timed their debit runs to coincide with peak fund availability, allowing them to capture payments before consumers had a chance to withdraw or redirect their income.

The shift to RM changes this dynamic. Under the RM model, debit orders are processed later in the day, competing with other spending priorities and increasing the risk of insufficient funds at the time of collection. According to Amplifin, a leading credit management service provider, the difference in collection performance between authenticated early debit orders and RMS mandates can be as high as 16%. For businesses that operate on tight margins or rely heavily on recurring payments such as microlenders, subscription services, and utilities this drop could significantly affect monthly cash flows.

The reclassification of RMS collections into a lower-priority queue also means that creditors who fail to migrate to DebiCheck risk not just a drop in successful collections, but an increase in bounced payments, dispute volumes, and account management overhead.

Business adaptation requirements

Businesses were compelled to upgrade their systems to comply with new authentication protocols, particularly for DebiCheck. This required integrating with bank APIs, enabling real-time mandate approvals, and aligning with PASA’s revised data standards. The shift away from passive debit orders meant organizations had to reconfigure how mandates were created, stored, and verified, especially as non-authenticated collections were removed from the early morning processing window, which had previously offered higher success rates.

The move also created a need for consumer education. Customers were now required to authenticate mandates in real time via mobile banking apps, USSD codes, or ATMs introducing new points of friction, especially among users unfamiliar with these tools. To minimize drop-offs and disputes, many businesses introduced onboarding prompts, multilingual instructions, and improved mobile experiences. Others tested fallback collection strategies such as payment reminders and retry windows to maintain revenue stability amid the changes to processing priorities.

Operationally, the transition came with notable cost implications. RM-based systems demanded stricter compliance, auditability, and secure data handling placing a heavier burden on smaller providers and informal lenders. For some, the added complexity and cost of real-time verification pushed them toward third-party payment processors or simplified billing models. Despite these growing pains, the businesses that adapted early gained an advantage in a more secure, regulated, and consumer-controlled debit order environment.

Future innovations

Regulatory bodies, financial institutions, and fintech players are actively experimenting with new technologies and policy directions aimed at solving longstanding inefficiencies and preparing the ecosystem for the next generation of payments.

DebiCheck evolution and post-RMS realignment

With the RMS-to-RM transition completed in March 2025, the emphasis has moved toward optimizing the performance of DebiCheck, now the system’s most secure and consumer-centric debit order format. While adoption continues to rise, authorization rates remain a weak point, with only 62% of DebiCheck requests successfully approved in 2024. This low completion rate reflects friction in the consumer experience, delays in responding to authentication prompts, confusion over mandate notifications, and a general lack of clarity about the process.

To address this, banks and payment providers are focusing on simplifying consumer interfaces, reducing delays in prompt delivery, and offering more contextual information during authentication (such as service provider name, amount, and payment frequency). The goal is to improve trust and transparency without introducing additional complexity. Mobile-first designs, USSD fallback options, and real-time support during mandate approval are expected to be key features of this next phase.

Central bank digital currency (CBDC)

The South African Reserve Bank (SARB) is actively exploring the feasibility of a retail Central Bank Digital Currency (CBDC) as part of its broader digital payments roadmap. While no final decision has been made on deployment, SARB’s research signals strong interest in using CBDCs to improve financial inclusion, ease transaction settlement, and lower the cost of domestic and cross-border payments.

If implemented, a retail CBDC could fundamentally reshape how recurring payments like debit orders are executed. Instant settlement, lower infrastructure costs, and programmable logic (e.g., conditional payments) could allow for more granular, secure, and affordable debit order-like arrangements particularly for unbanked or underbanked segments currently excluded from automated debit systems.

For now, SARB is testing the operational viability of CBDCs through Project Khokha and Project Dunbar, both of which explore digital currency infrastructure and regional payment interoperability.

Artificial intelligence in debit order management

Artificial Intelligence (AI) is gaining traction in the order-to-cash cycle, with growing use in predictive analytics, dispute risk detection, and payment timing optimization. In the context of debit orders, AI systems can evaluate consumer behavior patterns and historical data to forecast the likelihood of collection success for each debit run.

This enables businesses to tailor the timing and frequency of collections to maximize success while minimizing bounce rates. AI tools can also identify anomalous patterns such as unusually frequent disputes from a specific consumer segment or service category allowing for pre-emptive intervention before reputational or financial damage occurs.

Some larger payment service providers have begun integrating machine learning models into their mandate verification pipelines, helping flag potential compliance issues or technical anomalies in real time. Over time, such AI-driven automation could reduce human workload, cut operational costs, and improve the reliability of recurring payment ecosystems.

Blockchain and cross-border transparency

While still in the early stages, blockchain-based technologies are being explored for use cases that may eventually intersect with debit order systems particularly in the areas of international payments and auditable mandate tracking.

Blockchain’s ability to provide immutable transaction records and transparent clearing mechanisms could help build consumer trust in recurring debit instructions, especially in sectors plagued by mandate disputes and back-office delays. Additionally, for South African companies involved in cross-border remittances or pan-African lending, distributed ledger technologies offer a path toward more efficient, fraud-resistant payment infrastructures.

That said, widespread blockchain adoption in debit order processing is not imminent. Challenges such as interoperability with traditional banking systems, transaction speed limitations, and regulatory uncertainty still need to be addressed before the technology can be applied at scale.

Open banking and API-driven payment models

The gradual rollout of open banking across South Africa is unlocking new opportunities for innovation in debit order services. By giving consumers greater control over their financial data and allowing third-party providers to initiate payments directly from bank accounts (with consent), open banking could replace traditional debit orders with more flexible, real-time alternatives.

Payment service providers are already building API-based debit solutions that operate outside the formal debit order rails but offer similar functionality recurring pull-based payments with built-in consent and revocation mechanisms. These API models allow for richer transaction context, dynamic billing structures, and better real-time feedback loops.

More importantly, open banking enables true portability of financial behavior across providers. This makes it easier for consumers to switch services, manage subscriptions, and track automated payments all from a single interface. For service providers, this means better engagement and the ability to bundle value-added services around debit management.

Regulatory refinement and consumer safeguards

With the infrastructure pieces falling into place, regulators are shifting focus to enforcement, audit trails, and customer safeguards. SARB and PASA are expected to issue updated guidelines on mandate auditability, authentication timeout policies, and recurring dispute behavior thresholds in the coming months. These policies will help formalize gray areas in the current system, ensuring that participants cannot game the dispute mechanism or bypass verification obligations.

Two-factor authentication, real-time consumer notifications, and enhanced traceability requirements are also gaining traction, especially as fraud prevention remains a top concern. The goal is to strike a balance between usability and security, enabling businesses to collect efficiently without compromising on consumer protection.

Regional payment integration

Common monetary area changes: Starting September 2025, notable regulatory changes are set to reshape the way debit orders function across borders within the Common Monetary Area (CMA), which includes South Africa, Lesotho, Eswatini, and Namibia. These reforms, led by regional central banks in collaboration with the South African Reserve Bank (SARB), will prohibit the use of domestically-issued debit orders for cross-border collections. In effect, debit order instructions initiated in South Africa will no longer be valid for debiting accounts held in neighboring CMA countries.

This restriction is a major shift for businesses with a regional footprint especially insurers, microlenders, and utility providers operating across CMA borders who previously relied on centralized debit order systems to collect from customers in multiple jurisdictions. These businesses will now be required to restructure their collection strategies, possibly by establishing local banking relationships or deploying alternative payment models such as real-time EFTs, mobile payment platforms, or card-based auto-debits within each country.

The change is part of a broader effort to strengthen currency sovereignty, improve cross-border settlement transparency, and ensure compliance with anti-money laundering (AML) standards. However, the short transition period presents real operational challenges, especially for small-to-mid-sized firms that lack the infrastructure to localize collections quickly. Service providers and PSPs are now working to roll out cross-border payment tools that comply with the new framework while preserving the recurring payment convenience that debit orders offer.

International standards alignment: These regional reforms are also part of a larger national push toward aligning South Africa’s payments ecosystem with global standards. A key component of this modernization is the adoption of the ISO 20022 messaging framework, which brings greater consistency, data richness, and interoperability to financial transactions. Already implemented in the DebiCheck system, ISO 20022 allows for more detailed mandate data, including payer identity, transaction purpose, and mandate terms elements that support better fraud prevention, automated reconciliation, and regulatory compliance.

South Africa has strengthened its authentication protocols, moving beyond paper-based and voice-recorded mandates to multi-channel, real-time consumer validation via banking apps, USSD, and secure APIs. These enhancements not only improve trust and traceability within domestic payment systems, but also lay the groundwork for easy integration with international clearing networks, should cross-border debit order capability be reintroduced under stricter standards in the future.

Together, the CMA restrictions and ISO 20022 alignment reflect a deliberate shift toward a more secure, resilient, and globally interoperable payments environment, one in which South Africa is positioning itself as a regional leader in financial infrastructure reform.

What lies ahead for debit order in South Africa

The evolution of debit orders in South Africa isn’t just a story of policy upgrades or better software. It reflects a deeper recalibration of how financial systems assign responsibility, enforce consent, and manage risk at scale. Each regulatory change, from the elimination of RMS to cross-border payment restrictions, has pushed the system toward greater accountability but also introduced friction, cost, and complexity that institutions must now manage.

What lies ahead is less about innovation for its own sake and more about execution under constraint. Banks and businesses are under pressure to deliver easy consumer experiences within tighter rules. Consumers, in turn, are being asked to engage more actively in processes they were once excluded from. Whether that trade-off results in a healthier payment ecosystem depends on how well participants balance technical compliance with usability and whether trust can be rebuilt, not through messaging, but through actual outcomes. Debit orders were once invisible. They no longer have that luxury.