Payment Services
Law Blog

The second payment services directive (Directive (EU) 2015/2366, “PSD2”) as well as well as the fourth anti-money laundering directive (Directive (EU) 2015/849, “4AMLD”) gives EU member states’ (“Host Member State”) authorities the competence to require those payment service providers or e-money issuers having its head office in another EU member state and acting in the territory of that Host Member State in forms other than a branch to appoint a central contact point in the territory of that Host Member State. The appointment of such central contact point and the obligations connected with such appointment might have a significant impact on the provision of payment services or e-money business under the provisions of the European Passport.

What are the practical implications? What does it mean that the RTS are now in force? And isn’t PSD2 already in force since 13 January 2018?

On 19 May 2015, the European Union has taken the last step towards capped interchange fees for card-based payment transactions by publishing Regulation (EU) 2015/751. The Regulation follows a number of antitrust investigations into MasterCard’s and Visa’s multilateral inter-change fee (MIF) by the European Commission and national competition authorities (such as in Germany, France, UK, Italy and Poland).

On 2 April 2015, the FCA published a statement on its website as follows:

Security of Internet Payments – EBA Guidelines

The European Banking Authority (EBA) has published its final Guidelines on the Security of Internet Payments. We are fully supportive of the objectives behind the Guidelines and agree with the importance of consumers being protected against fraud when making payments online. Ensuring the security of payments and the protection of sensitive customer data is a critical part of the infrastructure of robust payment systems.

The European Banking Authority (‘EBA’) published a consultation paper in October on the implementation of its Guidelines on the security of internet payments, developed in conjunction with the European Central Bank (‘ECB’), with the basis of much of the Guidelines stemming from recommendations put forward by the European Forum for the Security of Retail Payments. Dr. Matthias Terlau and Dr. Daniel Walter of Osborne Clarke discuss what is expected of payment service providers in the context of the proposed Guidelines.

The German Association for Information Technology, Telecommunications and New Media (BITKOM) published a position paper on the consultation for the security of internet payments. In the statement BITKOM comments on the consultations of the EBA.

The European Banking Authority (‘EBA’) published a consultation paper on the implementation of its Guidelines on the security of internet payments, the output of work undertaken in conjunction with the European Central Bank (‘ECB’), with the basis of much of the guidelines being work by the European Forum for the Security of Retail Payments. The EBA expects these proposed guidelines to enter into force in August 2015. Dr. Matthias Terlau and Dr. Daniel Walter of Osborne Clarke discuss the compliance expectations for payment service providers and analyse the critical aspects of the proposed guidelines.

Both, EU Commission and ECB are particularly engaged to make internet payments more secure. The ECB formed a forum of European central banks and supervisory authorities, called SecuRe Pay, to discuss and eventually agree on a set of rules for the enhancing of security of internet payments, one of the most important of such rules being the strong customer authentification when making internet payments or accessing payment data. The rules were finally issued as recommendations of the ECB in January 2014.
The EU Commission included in July 2014 the same basic rule on strong customer authentification within its proposal for a Second Payment Services Directive (PSD2).

Following recent legal developments regarding Bitcoins, such as the US court decisions in the cases of “Bitcoin Foundation” and “Trendon Savers & Bitcoin Savings Trust”, a US Congress hearing on Bitcoins, the prohibition of the receipt of Bitcoins by financial service providers in China as well as the warnings issued by the French National Bank and the European Financial Supervisory Authority, the German Federal Financial Supervisory Authority (BaFin) has also issued a circular on Bitcoins on 19 December 2013 in order to clarify potential risks for con-sumers as well as authorisation requirements for Bitcoin traders and online platforms.

As is generally known, the supervisory authorities have had to decide on numerous negative clearances regarding eCommerce platforms over the past two years. These were – in their own understandable interest – intending to collect payments from end-consumers for vendors of goods and services offered on the platform. In most cases these companies were relying on an exemption from the authorisation requirement created by PSD1 which applied to payment transactions through a commercial agent authorised to negotiate or conclude the sale or purchase of goods or services on behalf of the payer or the payee. On 24th of July 2013 the European Commission published a proposal for a new Directive on payment services in the internal market (PSD2), in which the Commission argues for a stricter assessment of such exception rule.