|
These rules, informally agreed by MEPs and ministers last May, also aim to make online payments safer, by laying down data protection and liability rules for all online payment service providers.
"The EU payment services market remains fragmented and expensive, costing €130 billion, or over 1% of EU GDP, a year. The EU economy cannot afford these costs, if it wants to be globally competitive”, said lead MEP Antonio Tajani (EPP, IT), adding that "The new regulatory framework will reduce costs, improve the security of payments and facilitate the emergence of new players and innovative new mobile and internet payment methods".
Use third-party providers to cut payment costs
A payer using an online account will have the right to use payment software, devices and applications provided by an authorised third party and to have payments executed on his or her behalf by this provider. [...]
Payment service providers’ charges should not exceed their direct costs. Additional charges for using payment instruments, such as credit and debit cards, for which banks’ “interchange” processing fees are already regulated, will be prohibited.
Making payments safe
A bank servicing a payer’s account could deny a third party service provider access to it only for objectively justified and substantiated security reasons which have been reported to the supervisory authorities. This safeguard should preclude any possibility of banks “blocking” the market for new payment services.
Third-party payment service suppliers, for their part, would be required to ensure safe authentication of the user and reduce the risk of fraud. They would have to ensure that a user's personal payment data transit through the safe channels and that they are shared only with the user’s consent.
In the event of an unauthorised payment being made from his or her account, the holder should not lose more than €50 if the payment instrument was lost, stolen or misused. A service provider that fails to act to prevent such a fraud after a notification of a loss, or does not require strong customer authentication when necessary, could be deemed liable for its client’s losses and ordered to remedy the financial damage.