Opening up the online payments market, so as to reduce fees and fraud risks
Updating EU rules on payment services will cut the cost of paying bills, by enabling new market players to use mobile and online tools to make payments on a client’s behalf, MEPs said voting a law on Thursday. These rules, informally agreed by MEPs and ministers last May, also aim to make online payments safer, by laying down data protection and liability rules for all online payment service providers.
The law now needs to be officially endorsed member states before it can enter into force.
“The EU payment services market remains fragmented and expensive, costing EUR 130 bln, or over 1% of EU GDP, a year. The EU economy cannot afford these costs, if it wants to be globally competitive,” said lead MEP Antonio Tajani (EPP, IT), adding that “the new regulatory framework will reduce costs, improve the security of payments and facilitate the emergence of new players and innovative new mobile and internet payment methods.”
The draft law was approved by 578 votes to 29, with 52 abstentions.
A payer using an online account will have the right to use payment software, devices and applications provided by an authorised third party and to have payments executed on his or her behalf by this provider. For example, payers who have no credit or debit card will be able to authorise new market entrants such as SOFORT in Germany, Trustly in Scandinavian countries or IDEAL in the Netherlands to use their bank details to make payments from their accounts.
Payment service providers’ charges should not exceed their direct costs. Additional charges for using payment instruments, such as credit and debit cards, for which banks’ “interchange” processing fees are already regulated, will be prohibited.
A bank servicing a payer’s account could deny a third party service provider access to it only for objectively justified
by EU and substantiated security reasons which have been reported to the supervisory authorities. This safeguard should preclude any possibility of banks “blocking” the market for new payment services.
Third-party payment service suppliers, for their part, would be required to ensure safe authentication of the user and reduce the risk of fraud. They would have to ensure that a user’s personal payment data transit through the safe channels and that they are shared only with the user’s consent.
In the event of an unauthorised payment being made from his or her account, the holder should not lose more than EUR 50 if the payment instrument was lost, stolen or misused. A service provider that fails to act to prevent such a fraud after a notification of a loss, or does not require strong customer authentication when necessary, could be deemed liable for its client’s losses and ordered to remedy the financial damage.
The payment services directive (PSD2) is the most recent set of EU rules on payments, which also covers online payment services. In 2012, the single euro payments area (SEPA) was introduced requiring banks to comply with SEPA rules that enables their clients to use a single bank account to make euro payments to and from all SEPA countries, the 28 EU member states plus Iceland, Liechtenstein, Norway, Switzerland and Monaco. This makes payments faster and cheaper with no differentiation between national and crossborder euro payments.
In 2014, the interchange fees were capped and surcharging prohibited for consumer cards under the Multilateral Interchange Fees (MIF) regulation for card-based payment transactions.