On 8 October 2015 the European Parliament voted to pass the revised Directive on Payment Services (PSD2), amending several existing Directives and repealing the Directive on Payment Services (PSD). Following the European Parliament’s vote, the Directive will be formally adopted by the EU Council of Ministers. EU Member States will have two years to introduce the necessary changes in their national laws in order to comply with the new rules. The Law on Payments of the Republic of Lithuania and the Law on Payment Institutions of the Republic of Lithuania will be amended accordingly due to the changes introduced by the PSD2.
The most important innovations introduced by the PSD2
The Commission proposed a review of the PSD to modernise it to take account of new types of payment services. PSD2 widens the scope of PSD by covering new services and players as well as by extending the scope of existing services, enabling their access to payment accounts. The new directive introduces the following changes:
- PSD2 provides a legislative basis for the right to an unconditional refund that already exists for the Single Euro Payments Area (SEPA) direct debit; in such cases, payers can request a refund in the case of a disputed payment transaction.
- The payee will only be allowed to block funds on the account of the payer if the payer has approved the exact amount that can be blocked.
- PSD2 will cover money remittance services outside the EU or paying in non-EU currencies: rules on transparency will be applicable to “one-leg transactions”.
- New rules will oblige payment service providers to provide a written answer to any complaint within 15 business days.
- All payment services providers, including banks, payment institutions or third party providers, will need to prove that they have certain security measures in place ensuring safe and secure payments.
- PSD2 regulates the activities of third party providers: payment initiation services providers and account information services providers.
- Under PSD2, the purchase of physical goods and services through a telecom operator now falls within the scope of the Directive, except for the purchase of digital services such as music and digital newspapers that are downloaded on a digital device.
- As under PSD, payment transactions based on a specific payment instrument within a limited network are outside the scope of the Directive. However, PSD2 provides that, when their activities reach a certain value, networks must notify these activities to the competent authorities for assessment as to whether or not the network should apply for a licence as a payment institution.
- PSD2 specifically provides that Member States will have to ensure that credit institutions do not block or hinder access to payment accounts and that payment institutions have access to credit institutions’ payment accounts services in an objective, non-discriminatory and proportionate manner.
- Payment service providers will be obliged to apply so-called strong customer authentication when a payer initiates an electronic payment transaction.
Payment initiation service providers and account information service providers
Since the PSD was adopted in 2007, new services have emerged in the area of internet payments, where so called third party providers offer specific payment solutions or services to customers. The main innovations that should be very welcome in the Baltic states, where “bank-link” services dominate, are:
- Payment initiation services: activities during which a payment initiation service provider helps to initiate a payment from the user account to the merchant account by creating a software “bridge” between these accounts, fills in the information necessary for a transfer (amount of the transaction, account number, message) and informs the merchant once the transaction has been initiated.
- Account information services: activities during which an account information service provider collects and consolidates information on the different bank accounts of a consumer in a single place. These services will typically allow consumers a global view of their financial situation and a user-friendly analysis of their spending patterns, expenses and financial needs.
These new services should increase competition in the Baltic payment market and strongly compete with “bank-link” services.
According to the PSD2, from the date of entry into force of the Directive, Member States should interpret the existing rules in line with PSD2. Member States must not adopt new measures contradicting the provisions of PSD2.
In addition, the PSD2 introduces direct obligations on the Member States to allow an existing payment initiation service or account information service provider in their territories to operate in accordance with the currently applicable regulatory framework.
The European Banking Authority guidelines on the security of internet payments address the issue of security of internet payment as an interim solution until the application of the PSD2 and its more comprehensive security requirements.