The number of exemptions available will be reduced under PSD2, and the scope of the remaining available exemptions will be narrowed. These changes will need to be carefully reviewed by all firms that have sought to rely on any exemptions under the PSD.
In light of rapid technological developments in the payments space and different implementation and interpretations of the provisions of PSD by European
regulators, the European Commission published, in July 2013, proposals for a new Payment Services Directive (PSD2) to repeal and replace PSD.
PSD2 will increase the scope of regulation. First, the geographical scope will be increased in that certain provisions (relating to transparency of terms and conditions and information requirements) will apply to ‘one-legged’ transactions namely, transactions where either the payer’s or the payee’s payment service provider (rather than both the payer or payee) is located outside the EEA. Secondly, under PSD2, the abovementioned transparency and information requirements will apply to all currencies, not just to EU currencies as is the case under PSD. Thirdly, PSD2 introduces two new payment services: a payment initiation service and an account information service.
Some of the most relevant conduct of business changes in PSD2 relate to security requirements, liability for unauthorised transactions and refunds.
PSD2 introduces new requirements relating to operational and security risks. These include requiring a Payment Service Provider (PSP) to: (i) report security incidents and provide annual information on its assessment of the operational and security risks associated with its payment services; (ii) notify its customers directly and without undue delay if a security incident might impact the financial interests of those customers; and (iii) apply ‘strong customer authentication’ in respect of electronic payment transactions.
With regard to unauthorised transactions, the maximum liability that a payment user will have for such transactions will be reduced from €150 (as it was under PSD) to €50. In addition, in the case of late execution of a payment transaction, the payer can opt to have the amount value-dated at the date the amount should have been received instead of having the amount refunded.
Refund rights in the case of direct debit transactions are to be broadened under PSD2 so that a payer will have an unconditional right of refund within eight weeks of the debit date (as long as the payee has not already fulfilled its contractual obligations).
PSD2 updates the existing regulatory framework on payment services by bringing into its scope payment service providers that were previously unregulated and addressing issues such as transparency and security of payments through new payment channels. During the two year implementation period, efforts will need to be made to ensure that PSD2 is applied in a consistent and co-ordinated manner across the EU if objectives such as the SEPA area are to be realised. Firms will also need to carefully review the application and scope of PSD2 in light of the proposed changes including those mentioned above.