Payment Services Directive
PSD2 Payment Service Directive 2
The revised Payments Services Directive (PSD2) officially published by the European Commission in December 2015 aims to bring about increased competition, greater transparency and security across the European payments landscape. PSD2 is designed to make payments safer, increase consumer protection, foster innovation and competition while ensuring a level playing field for all players, including those payment service providers which are not being regulated under the previous PSD1 regime. PSD2 follows on from PSD1, which went live in 2009, and in fact replaces it in its entirety. The timelines for the majority of the PSD2 provisions become live on 13 January 2018.
Certain Regulatory Technical Standards (RTS), which have been given to the European Banking Authority (EBA) to define, have a different timeline. For example the RTS for Strong Customer Authentication (SCA) will go live 18 months from when they have been published, which on current thinking would mean an implementation date of around the first half of 2019. As this is an EU Directive, it still needs to be transposed into the local laws of the respective countries.
Scope
PSD2 applies not only to banks but to all providers of payment services within the European Economic Area (EEA), thus fostering greater competition, efficiency and cost-reduction.
These new payment providers, referred to as Third Party Payment providers (TPP), are payment service providers which do not hold customer payment accounts. PSD2 identifies two types of TPPs: Payment Initiation Service Providers (PISP) and Account Information Service Providers (AISP). PISPs are a type of payment service provider which can initiate a payment from a customer’s payment account held with a bank, after seeking the customer’s consent. AISPs are a type of payment service provider which provide, with the customer’s consent, an aggregated view of a customer’s payment accounts held with different banks.
While PSD1 was applicable to payments made in euro, or in the currency of an EU/EEA State and to payments where the payment service providers of both the payer and the payee are situated within the EU/EEA, the scope of PSD2 has been extended to also cover all currencies as long as one payment service provider is located within the EU/EEA.
Security
PSD2 aims at reducing the risk of fraud for electronic transactions and enhancing the protection of the consumers’ financial data through stronger means of customer authentication. These improved security measures will be applied by all market players, including the newly regulated payment service providers. To increase security and mitigate card fraud, all local debit cards with magnetic stripe will be phased out and replaced with Chip and PIN debit cards. This change will also pave the way forward for the introduction of contactless cards in Malta.
Customer Protection
PSD2 reduces the payer’s liability from EUR 150 to EUR 50 for unauthorised transactions related to lost, stolen or misappropriation of a payment instrument. Thus, in case of unauthorised transactions, the payer will not pay more than EUR 50 except in cases where he/she has acted fraudulently or with gross negligence. Payment service providers are obliged to provide a free communication channel for consumers to report a lost or stolen payment instrument. Currently, consumers enjoy a 13 months refund right for unauthorised transactions which is now being extended to include payments originating via a third party. Such refund will be credited to the customer’s account by the bank by the end of the next business day (D+1), without prejudice to pending investigations. Furthermore, any complaints lodged by a customer related to an alleged infringement of the PSD2, has to be replied to by the bank within 15 business days. This timeframe may be extended to 35 business days should the delay for providing a reply be beyond the control of the bank. Should the customer be unsatisfied with the solution provided, he/she may resort to the Office of the Arbiter for Financial Services for alternative dispute resolution.
Charges
PSD2 prohibits surcharging on all electronic payment instruments, which means that merchants cannot charge extra for payers opting to pay with an electronic instrument such as a card. Also with regard to bank transfers where both the payer and the payee are located in an EEA country, the ‘SHA’ (shared) charge type will apply. This means that the payer will pay the fee charged by his bank while the payee will pay the fee charged by his bank.
Information
PSD2 mandates that banks should provide monthly and annual statements, free of charge, to the account holder, in paper or electronic form. Should the account holder opt to receive such statements on a less frequent basis, he/she is allowed to revert back to the initial statement frequency at any time and at no charge. Furthermore, upon termination of a payment account, the bank is also obliged to provide the following information, free of charge, to the account holder:
« The latest annual statement
« An interim statement covering the period from the last date of the annual statement until the date of termination.
PSD2 will also have an impact on the value dates which banks apply to funds deposited into a payment account. For transactions denominated in EEA currencies, banks have to apply the same value date as when the funds were received.