PAYMENT SERVICES DIRECTIVE II – PROPOSED PROVISIONS
The proposed second payment services directive (PSD II), set to be passed in the coming months, will repeal and replace the existing payment services directive (Directive 2007/64/EC) (PSD I). The European Commission published its proposal for PSD II in July 2013. Various redrafts of PSD II have been produced by the Presidency of the Council of the EU. The most recent draft publically available was published by the Council on 2 December 2014. Trilogue discussions on a compromise text commenced in February 2015 and agreement is expected by the end of June 2015 (i.e. by the end of the Latvian Presidency of the Council).
The proposed core changes to the existing payment services regime, as per the 2 December 2014 draft, are set out below.
Widened Scope of the Payment Services Regime
The scope of the transparency and information requirements and the conduct of business provisions of the regime will for the most part be extended to apply (i) to payment transactions where just one (rather than both) of the payment service providers (PSPs) is located within the EU and (ii) to payment transactions in all currencies that are not currencies of any EU Member State, where both the payer and payee’s PSPs are located within the EU. This constitutes a significant widening of the current scope of the payment services regime.
Additional Payment Services
Payment services regulated by the regime will be widened to include payment initiation services (PISs) and account information services (AISs).
A PIS is a service whereby a payment initiation service provider (PISP) provides a software bridge between the website of a merchant and the online banking platform of a payer’s bank. This allows a payer to initiate an online banking transfer from the payer’s bank account to the merchant through the software, which provides immediate confirmation to the merchant that the requisite funds are available and the transfer has been initiated by the payer. This encourages the merchant to release goods or services immediately, sure in the knowledge that it will receive payment. PISs allow payments to be confirmed instantly without the use of a credit or debit card. A PISP does not hold the payer’s funds at any point in time. PISPs will have to obtain full authorisation from the relevant competent authority under PSD II, regardless of the size of their operations.
An AIS is an online service that provides consolidated information on one or more of a user’s online payment accounts, which may be held with numerous account providers. An account information service provider (AISP) retrieves information from the online banking platform of each of the user’s banks, in order to bring together such information on the AISP’s website or application. AISPs will be required to register with the relevant competent authority but will not have to obtain full authorisation.
Member States will have to ensure that payers have a right to use both PISs and AISPs. Bank account providers will be obliged to facilitate the use of these new payment services and will not be able to discriminate in respect of payment orders received through a PIS or data requests made by an AISP.
PSD II Exemptions
A number of changes have been made to the PSD I exemptions for services that do not trigger the need for the relevant PSPs to be authorised or registered. The “commercial agents” exemption will be redrafted to close a loophole used by e-commerce platforms to carry out payment services when acting as an intermediary between a buyer and seller in online transactions. The exemption for use of instruments in limited networks (e.g. store cards) will be further restricted. Independent ATM providers will still be exempt under PSD II but will be made subject to certain transaction information requirements. Two new exemptions will be introduced to allow charitable donations and ticket purchases to be made through devices such as mobile phones.
Charges for Use of a Payment Instrument
In transactions where a payer wishes to use a particular payment instrument, the payee may wish to add a surcharge to a transaction to cover its costs in accepting payment by such a method. The legality of these surcharges varies between Member States. PSD II will harmonise the position by prescribing that a payee generally cannot be restricted from requesting a surcharge, as long as the surcharge is capped at the payee’s actual costs in accepting payment by the particular method.
However, there is a significant exemption to this general rule in PSD II, which will prohibit surcharging in respect of transactions for which interchange fees will be regulated under the upcoming regulation on multilateral interchange fees (MIFs) (MIF Regulation), which was adopted by the European Parliament on 10 March 2015 and will come into force on the 20th day following its publication in the Official Journal of the EU. The MIF Regulation will cap interchange fees between banks in relation to most credit and debit card transactions in the EU (the most notable exception being certain three-party payment scheme transactions). As such, payees will not be able to request a surcharge for these debit and credit card payment transactions once PSD II is implemented.
Unauthorised Payment Transactions – Reduced Payer’s Liability
The maximum charge that a payment user can be obliged to pay in respect of an unauthorised payment transaction (except for in the case of fraud or gross negligence) will be reduced from EUR 150 to EUR 50.
Security and Incident Reporting
PSD II will require PSPs to establish a framework to manage operational and security risks in relation to their services, which must incorporate mitigation measures and control mechanisms. PSPs will have to report annually to the relevant competent authority on these risks and risk mitigation procedures.
On the occurrence of a major operational or security incident, a PSP will be required to inform the relevant competent authority and any payment service user whose financial interests are affected by the incident.
In respect of payments initiated over the internet, PSPs will be under an obligation to apply strong customer authentication checks in order to mitigate the risks of payment fraud.
Internal Dispute Resolution
PSPs will be obliged to put in place adequate and effective internal consumer complaint resolution procedures and will be subject to maximum response times in respect of consumer complaints.