The Payment Services Directive 2015/2366/EC (PSD2), which will have to be transposed into the Member States’ national law by 13th of January 2018, introduces substantial changes to the current EU payment services system, as it is amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010 as also it is repealing Directive 2007/64/EC (PSD1).
This is a brief summary highlighting the basic changes that will take place in order to ensure compliance of national provisions with the new Directive.
• Extension of the Payment Institution’s definition
The PSD2 extends the Payment Institution’s definition including new categories and types of players, who are encouraged to enter the «payment market» as external parties according to the banks.
In particular, there are two new categories of Third Party Payment Service Providers/Players (TPPs) introduced, as follows:
1. Account Information Service Providers – AISPs
AISPs are providers that can connect to bank accounts and retrace information from them (e.g. investment recommendation service).
2. Payment Initiation Service Providers – PISPs
• PISPs can initiate payment transactions and nowadays only (SEPA) Credit Transfers and Debit Cards can take money from an account and send it elsewhere.
• PISPs will not receive or handle customer funds and will not provide a statement of account balance with the precondition that the payer gives its explicit consent to the Account Servicing Payment Service Provider (ASPSP).
In any case banks are not allowed to force PISPs to agree terms governing their responsibilities and liabilities when accessing the Payment Service Users (PSU) accounts.
• Increase of security and transparency requirements
The PSD2 expands the reach of the PSD1, including transactions in non – EU currencies and the «one leg out» transactions. The latest are referred to cases where only one Payment Service Provider (PSP) is located within the EU borders in contrast to the former provision which obliged both the payer’s and the payee’s PSP to be located in the EU (Article 2).
• Change to the «commercial agent» exemption
This exemption applies in case the agent acts either on behalf of the payer or the payee and not simultaneously for the parties. However, in case an agent acts in the name of both parties (e.g. e – commerce) the exemption may be applied but only in cases where the agent does not come into possession or have control of clients’ funds [Article 3 (b)].
• Restriction of the «limited network» exemption
The same payment instrument will not be used in order to acquire an unlimited range of goods and services. Furthermore it will not be used in more than one limited networks [Article 3 (k)].
• Limitation of the «mobile device content» exemption
The provision of PSD2 limits the reach of the exemption to individual payments that do not exceed 50€ and on a monthly basis to transactions that do not exceed 300€ in aggregate per subscriber [Article 3 (l)].
• Conditions of the «ATM» exemption
In order to enhance transparency and security, operators of ATM are obliged to inform the customers about the withdrawal charges prior to the transaction and the customer’s receipt (Article 59).
It is worth noted that the PSD2 also contains provisions to harmonize the national interpretations and applications of specific exemptions.
• Liability
PSPs are liable for unauthorized payment transactions although PSUs may be obliged to bear losses up to 50€, in contrast to the 150€ that were provided by PSD1, in a case of lost or stolen instrument [Article 74 (1)].
• Security of online payments and account access
The provisions of the PSD2 introduce new security requirements for electronic payments and account access, new security challenge relating to AISPs and PISPs and also prohibition of card surcharge.
In particular, the PSD2 defines the «strong customer authentication» and the PSPs are requested to apply strong costumer authentication when a Payment Service User (PSU) accesses his/her online account or initiates a payment transaction (Article 97).
Furthermore, the PSD2 strengthens cooperation and exchange of information between the Member States’ authorities as well as obliges the PSPs to apply effective and within a specific period complaint resolution procedures (Article 101).
• Consumer Protection
The PSD2 establishes new fees, charges and a Commission’s obligation to produce a leaflet for consumers about their rights and obligations (Article 106).
• Bank accounts for Payment Service Providers (PSPs)
The PSD2 requires Member States to ensure that all the Payment Institutions have access to payment account services provided by banks, including the AISPs, the PISPs and also other payment institutions as the money remitters.
• Relation to other legislations
Last but not least, the PSD2 is focusing on data protection and seeks to promote compliance with the relevant national legislations in the EU, the Data Protection Directives and the General Data Protection Regulation (GDPR), which will apply from May 2018 throughout the European Union (Recital 89 and Opinion of the European Data Protection Supervisor No C 38/8.2.2014).
The Payment Services Directive 2015/2366/EC has not been transposed yet in the Greek legislation. The public consultation for the related draft law ended on 10th November 2017 and the voting of the same by the Greek Parliament is pending.
Edited by Dimitra Panagidi