Purpose and scope of PSD2
The 2nd Payment Services Directive (PSD2) establishes rules concerning:
- Respective rights and obligations of payment service users (PSU) and payment service providers (PSP).
- Transparency of conditions and information requirements for payment services.
PSD2 aims at making payment more secure and cheaper, further opening the market for PSPs in an integrated European market.
PSD2 replaces PSD1 in force since 2007 extending its scope by:
- Adding Payment Initiation Service providers (PISP) and Account Information Service providers (AISP) as 2 new types of PSPs, giving them right to consult payment account of users of their payment service user (account servicing PSP are obliged to provide them information), opening the payment market for new players .Introducing enhanced security measures for PSP (strong authentication required, regulatory standards).
- Enhancing cooperation between authorities in supervising payment institutions (eg. Central register of payment institutions).
Payment Service Providers requirements
- Payment Institutions (one of types of PSPs):
- Authorization process and supervision
- Registration (public register of authorized payment institutions)
- Accounting and statutory audit obligations
- Permitted activities
- Miscellaneous: record-keeping obligations, use of branches and outsourcing, etc.
- Common provisions for PSPs: rules with respect to access to payment systems and accounts.
Transparency conditions and information requirements
- General rules for single payment transactions, framework contracts and related payments. PSPs cannot charge for information and have burden of proof.
- Specific rules for single payment transactions and framework contracts: information elements/conditions to be provided by PSP to PSU (payer/payee/other PSP) at various moments in the payment process: max execution time, charges breakdown, confirmation of payment execution steps, exchange rates, etc.
- Rules on framework contracts: information/conditions to be provided on paper/durable medium, rules with regard to change of conditions, termination, information requirements for individual payments under the framework, etc.
Rights and obligations in relation to provision and use of payment services
- Common provisions: PSP cannot charge for his obligations, some articles do not apply when PSU is consumer or low value transactions.
- Authorisation of payment transactions: transaction consent/withdrawal of consent rules, blocking transaction amounts on accounts, rules with respect to use/access to payment accounts (granting PISPs and AISP access to account information managed by the account servicing PSP). Accounts information, rules/obligations of PSU and PSP in relation to payment instruments (eg. spending limits), the liability of the providers for unauthorized payment transactions and refunds.
- Execution of payment: rules with respect to payment orders, amounts transferred, execution time (T+1), value date and liability.
- Data protection: Obligations & rules for PSPs to protect personal data (only process personal data necessary for payment services, with explicit consent of PSU or when necessary for fraud management.
- Risk management: Obligations & rules for PSPs to establish appropriate operational and security risk framework and incident management and reporting.