I have found that several companies here in the UK have "secure" Direct Debit payment forms on their websites where the user fills in their bank details and a system is setup so that a regular payment is made from their account.

This method of payment would be extremely useful to several companies that I work with who already run it successfully by mail.

Seeing as this type of transaction cannot be handled automatically like Credit Card transactions, what is regarded as the best way to pass such sensitive data (the users bank details), from the website to the processing department?

Does anyone here use this method successfully online?

Personally, I regard bank details as being even more sensitive than Credit Cards because at least the user is insured against CC fraud. If a scumbag cleans out someones account due to bank information they stole from the web, they haven't got any way of getting it back!

Thoughts on this would be welcome... cheers in advance.