Jakob The thing is that once a company has a license to withdraw directly from an account, they can technically do that from any account. Approval is administrative a company needs to follow, but not a technical authorization. Luckily with the introduction of IBAN typos are unlikely, but the system still makes it possible for a company to withdraw without authorization.
When you approve with a token or bank app, or send money to another account yourself, it should not be possible to reverse the transaction. Which to me makes perfect sense.
I don’t know how the support to the customer has been implemented per bank. Bit surprising that N26 does not seem to support it at all.
I’m all for to make the default behavior configurable, or that you can whitelist contacts as trusted.