Proposed in 2013 (see EUROPE 10895) and adopted in 2015, the revised directive on payment services (PSD2) will enter into force this Saturday 13 January and, with it, new rules to make payments cheaper, simpler and safer in the EU. But what will actually change for consumers on Saturday?
No more over-billing for card payments. One of the central measures of this directive is unquestionably the prohibition throughout the EU of the practice of ‘over-billing’ when card payments are made, either in a physical shop or online – a move that has been warmly welcomed by the European Consumer Association (BEUC).
Until today, nearly half of the member states allowed the practice, which consists of charging a few cents extra on debit or credit card payments, frequently when charging small amounts.
The Commission estimates the savings to European consumers at nearly €550 million a year. However, it will not apply to American Express and Diners Club, or to professional credit cards.
Bolstered rights for consumers. The new measures strengthen consumers’ rights in many areas. As regards card payment fraud, the legislation will limit the amount that consumers falling victim to fraud may be charged to €50, compared to €150 previously. It also brings in an unconditional right to reimbursement (no questions asked), for direct debits in euro.
The new directive also requires the member states to appoint competent authorities to deal with payment service users’ complaints concerning any suspected violation of the directive. Payment service providers covered by the directive will also be obliged to respond in writing to any complaint within 15 working days.
Extra security for online payments. The new legislation brings in strict security requirements for electronic payments, for instance by means of strong customer authentication. For transactions above €50, a combination of at least two independent elements is now required when making a payment. These could be a physical item (a card or a mobile telephone) combined with a password or biometric element, such as digital fingerprints.
Furthermore, exemptions have been brought in for contactless payments, standing orders, small transactions (less than €30) and certain types of payment, such as transport or parking costs.
Consumers’ data will also enjoy better protection, with the creation of secure communication channels by banks in order to transfer customer data to the new innovative payment services (FinTech) to initiate their payments.
From Saturday, a more modern payment services environment will apply but in practice, this will not be the case for all provisions of the directive or all member states of the EU.
This is firstly because the provisions on the security of online payments are associated with the final draft regulatory technical standards (RTS) adopted by the Commission at the end of November (see EUROPE 11923) and are currently being examined by the Council and the Parliament. Assuming no objections are raised, they will not begin to apply until 18 months after they have been published in the Official Journal of the EU, in other words September 2019.
Additionally, a European source said on the afternoon of Friday 12 January, only six-member states have notified the full transposition of the directive into their national laws, and one other has notified partial transposition.
According to the same source, the Commission expects three further notifications of full transposition before the deadline closes at midnight on 13 January. The other member states are not expected to have transposed it before the summer. According to the BEUC, those lagging behind include Belgium and Slovenia. In a press release, the Commission called for full transposition as soon as possible. (Original version in French by Marion Fontana)