The letter is the result of a breakdown of dialogue on security and governance between European consumers and the European Payments Council (EPC), the banking consortium that drafted SEPA.
"The European Payments Council is creating SEPA without the end-user," Anne Fily, head of BEUC's legal and economic department, told EurActiv, criticising the EPC's bank-centric attitude. End-users are retailers, SMEs, consumers and insurance companies.
BEUC argues that end-users' concerns have been continually falling on deaf ears and for that reason it has left the EPC-led stakeholder forum on SEPA's implementation.
In addition the group is angered by the Council's decision to revisit the "right to refund" rule, according to which a payer will be reimbursed after eight weeks in the event of fraud.
Fily told EurActiv that the EPC will try to seek further restrictions to this rule, which the group already deems "curative and not preventative".
"We have agreed to study the concerns of the end-user committee with all the attention they need," Herman Segers, secretary-general of the EPC, told EurActiv. But he admitted these issues have been bones of contention for over a year.
Legally the EPC is a non-profit organisation and decisions are made during the group's quarterly plenary involving 76 members of Europe's banking industry.
SEPA direct debits open to fraud
"We have a lot of concerns regarding SEPA Direct Debit (SDD)," BEUC's Fily told EurActiv, underlining that SEPA's Creditor Mandate Flow model (CMF) is "massively open to fraud".
In layman's terms, the CMF prevents the debtor bank from intervening once a payment has left an account and the creditor is in full control of the transaction.
Previously direct debits were authorised by the bill payer and the recipient, like a utility company or mobile phone operator, but not by banks.
Under SEPA, banks will also have to authorise a payment, making it more difficult for a bill payer, for example, to prove fraud after the event and get their money back, argues Marc Rothemund from Brussels-based think-tank CEPS (Centre for European Policy Studies).
The rules for SEPA payments are described in the EPC rulebooks and banks are supposed to commit to these rules by signing an adherence agreement.
BIC and IBAN not enough
One of the benefits of the Payments Services Directive, the EU's umbrella law on harmonising payments, and of SEPA, is that payments only require an International Bank Account Number (IBAN) and a Bank Identifier Code (BIC).
However, critics argue this is not enough information to guard against fraud.
A case in the German high court illustrates the point, according to Marc Rothemund.
The German court found that in order to clearly identify an account, banks would have to verify an account holder's name and postal address on top of the IBAN and BIC.
The German court has now been overruled by the translation into national law of the EU's PSD, and the German national umbrella consumer group, VZBV, has warned German users to be prudent due to these changes under the PSD.
Across the EU, SEPA direct debit has had a sluggish take-off and banks cite both cost and security concerns as reasons for the slow migration.
"Unless a host of improvements are made, we do not see how consumers would express any interest in migrating from national Direct Debit schemes to SEPA Direct Debit," BEUC said in yesterday's letter.