Moving from coins, notes, cheques, cards and wire transfers, payments increasingly take place online and via mobile phones. This allows for more payment options and more convenience but also brings new challenges to keep consumers’ bank accounts, payment cards and e-wallets secure.
Why it matters to consumers
Every consumer makes one or more payment transactions almost every day. However, the way consumers pay is changing. Moving from coins, notes, cheques, cards and wire transfers, payments increasingly take place online and via mobile phones. This allows for more payment options and more convenience but also brings new challenges to keep consumers’ bank accounts, payment cards and e-wallets secure. This paper addresses how a revised Payment Services Directive 2 (PSD2) needs to be updated to ensure a high-level of consumer protection in these changing realities.
Summary
The digitalisation of payment transactions brings convenience, but consumers cannot fully trust in the use of online and mobile payments or when interacting with new payment service providers. That is because the following problems can occur:
• There is a multitude of actors operating in the payment sector with various statutes and roles who are subject to different legislative frameworks (e.g. PSD2, e-Money Directive, SEPA – the Single Euro Payments Area). For consumers this makes it difficult to understand how they are protected in case of a problem.
• Competent authorities have limited powers to address consumer problems in their country as the authority of the country who issues the licence for a payment service provider (PSP) is responsible for supervision in all Member States.
• Consumers are often declared liable in case of theft due to a phishing attack or when their cards were stolen. This is due to the vagueness and lack of clarity of key definitions in PSD2 such as the definition of ‘gross negligence’ or ‘fraudulent behavior’.
• Consumers struggle with a multitude of different authentication procedures as each payment service provider implements the much-needed strong customer authentication (SCA) differently and often does not guarantee that the authentication method can be used without owning the newest smartphone.
To ensure that payments are secure and convenient for consumers, the review of the Payment Service Directive 2 (PSD2) should fulfil the following objectives:
• The equivalent level of consumer protection applies no matter the statute of the payment service provider (PSP) and the category of payments.
• An efficient system of supervision (with a stronger role of the host Member State1) ensures sound enforcement of the Payment Service Directive and allows a smooth handling of consumer complaints.
• Consumers are protected against phishing attacks and fraudulent use of contactless cards by improved technical security measures, a fair liability regime and the possibility for consumers to easily identify the destination of each transaction.
• Strong customer authentication is easy to use thanks to a standardised authentication procedure, does not require a smartphone (or other sophisticated IT tools) to use it and is systematically applied for all transactions.
1 PSD2 differentiated between home and host Member State, the home Member State being the one where the PSP is registered and the host Member State being the one where the payment service is offered
BEUC
© BEUC
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article