Anonymous Direct Debits

As of Jadu Central 3.3, our Direct Debit functionality now supports anonymous Direct Debit sign-up, modification, and cancellation.

If you require a customer to sign-in before interacting with Direct Debits, simply enable the Registered users only toggle on the related form. This can be enabled in the form's settings.

danger

Enabling anonymous Direct Debit interactions bypasses ownership verification checks, meaning there is no system validation to ensure that the person performing the action is the rightful owner of the Direct Debit.

To mitigate potential security risks, customers should implement their own authentication mechanisms to verify ownership before allowing anonymous Direct Debit transactions. For example, using a generated access code.

If authentication is not enforced, there is a risk that unauthorised individuals could make changes to Direct Debit agreements.

Please carefully assess the impact of enabling this functionality in your implementation.

Access code generation with Jadu Connect

If you use Jadu Connect, one option for authentication is to generate an access code as part of the original Direct Debit form submission, and pass this to the corresponding Jadu Connect Case.

The user can then be made aware of the access code, for example via an email receipt.

The subsequent cancel or update form would:

• have a question for the access code
• use the 'Connect - Value of a Field' logic to obtain the original code
• branch the form to a dead end if they don't match