A View from Constantine Cannon’s London Office
By James Ashe-Taylor and Yulia Tosheva
The European Parliament formally adopted the revised Directive on Payment Services (PSD2) today.
The new law, proposed by the European Commission in July 2013, aims to enhance consumer protection, innovation and security of payment services. Among the key changes introduced by the new rules are the following:
Introduction of strict security requirements for the initiation and processing of electronic payments and the protection of consumers’ financial data.
Opening the European Union payment market for companies offering innovative payment services based on access to payment accounts – the so-called “payment initiation services providers” and “account information services providers.”
Enhancing consumers’ rights in numerous areas, including reducing the liability for non-authorised payments and introducing an unconditional (“no questions asked”) refund right for direct debits in euros.
New Payment Services
In recent years, new players have emerged in the area of internet payments, offering consumers the possibility to pay instantly for their internet bookings or online shopping without the need for a credit card (around 60% of the EU population does not have a credit card). These innovative and low cost payment solutions are called “payment initiation services,” and are already offered in a number of Member States (including Sofort in Germany, iDeal in The Netherlands and Trustly in Sweden). Until now, these new providers were not regulated at the EU level. PSD2 will cover these new payment providers, addressing issues which may arise with respect to confidentiality, liability or transaction security.
PSD2, which seeks to foster lower charges for consumers, introduces a ban on “surcharging” for card payments in the vast majority of cases (including all popular consumer debit and credit cards), both online and in shops. In all cases where card charges imposed on merchants are capped, in accordance with the recently adopted EU Regulation on Interchange Fees, merchants will no longer be allowed to surcharge consumers for using their payment card. This will apply to domestic as well as cross-border payments. According to estimates of the European Commission, the prohibition of surcharging will cover around 95% of all card payments in the EU and will save consumers approximately 730 million euros annually.
Consumer Protection Against Fraud
Under PSD2, consumers will be better protected against fraud and their liability in most cases will be strictly limited. Except in cases of fraud or gross negligence by the payer, the maximum amount a payer could, under any circumstances, be obliged to contribute in the case of an unauthorised payment transaction will decrease from 150 to 50 euros.
Role of EBA
The European Banking Authority (EBA) has a number of important mandates under PSD2. It is responsible for developing regulatory standards and guidelines in relation to (i) operational and security requirements; (ii) customer authentication; and (iii) cooperation and information exchange between national authorities. As the security requirements under the PSD2 are not expected to come into force until 2018/9, the EBA has already issued (19 December 2014) its final Guidelines on the Security of Internet Payments, which will apply until the PSD2 requirements come into force.
EU Commissioner Margrethe Vestager, responsible for competition policy, said:
We have already used EU competition rules to ensure that new and innovative players can compete for digital payment services alongside banks and other traditional providers. Today’s vote by the Parliament builds on this by providing a legislative framework to facilitate the entry of such new players and ensure they provide secure and efficient payment services. The new Directive will greatly benefit European consumers by making it easier to shop online and enabling new services to enter the market to manage their bank accounts, for example to keep track of their spending on different accounts.
Following the Parliament’s vote, the Directive will be formally adopted by the EU Council of Ministers in the near future. Member States will have two years to introduce the necessary changes into their national laws.
In a poll of more than 100 banks conducted by Finextra earlier this year, 54% of all respondents said that they are in the process of rethinking their retail banking customer relationship and revenue/business model, to accommodate the new rules. However, only 37% of European banks felt that understanding of the full implications of the new rules was high across all of their IT, payments and retail banking units and at board level. It remains to be seen how the industry will adapt to the new regulatory landscape.
– Edited by Gary J. Malone