An alternative solution to part of this problem (online payments only) will be mandatory by 2020, but Monzo have the upper hand over legacy banks due to their high agility.
You can read more here
It’s my understanding though that this is designed to combat online fraud, but it could easily be extended to authorising all new direct debits regardless of who, how and where they were setup, online or not. Most direct debits are setup online nowadays though.
Unless I’ve misunderstood the concept, I do foresee an issue that allows online retailers to charge a customer using their card details instead of their account number and sort code; as with card details most banks aren’t aware of the location of the merchant, whether offline of not. Monzo however are aware of merchant locations and if it took place online or offline. Therefore it would be easy for Monzo to extend the security to all online transactions requesting payment whether by card details or direct debit.
New online merchant you’ve never paid before. Authorise payment of £XX.xx
Maybe not to everyone’s taste but could make it an option at least.
This also has the added bonus of allowing us to prevent failed payments due to lack of funds. See a request for authorisation → transfer from another account before the request expires → authorise the payment → done.