This document is an excerpt from the EUR-Lex website
Document 52014AB0009
Opinion of the European Central Bank of 5 February 2014 on a proposal for a directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC (CON/2014/9)
Opinion of the European Central Bank of 5 February 2014 on a proposal for a directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC (CON/2014/9)
Opinion of the European Central Bank of 5 February 2014 on a proposal for a directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC (CON/2014/9)
OJ C 224, 15.7.2014, p. 1–25
(BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
15.7.2014 |
EN |
Official Journal of the European Union |
C 224/1 |
OPINION OF THE EUROPEAN CENTRAL BANK
of 5 February 2014
on a proposal for a directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC
(CON/2014/9)
2014/C 224/01
Introduction and legal basis
On 31 October 2013, the European Central Bank (ECB) received a request from the Council for an opinion on a proposal for a directive on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC (1) (hereinafter the ‘proposed directive’).
The ECB’s competence to deliver an opinion is based on Articles 127(4) and 282(5) of the Treaty on the Functioning of the European Union since the proposed directive contains provisions affecting the tasks of the European System of Central Banks (ESCB) to promote the smooth operation of payment systems and to contribute to the smooth conduct of policies relating to the stability of the financial system, as referred to in the fourth indent of Article 127(2) and Article 127(5) of the Treaty. In accordance with the first sentence of Article 17.5 of the Rules of Procedure of the European Central Bank, the Governing Council has adopted this opinion.
General observations
1. |
The proposed directive, which incorporates and repeals Directive 2007/64/EC (2) (‘Payment Services Directive’ or ‘PSD’), aims to help further develop a Union-wide market for electronic payments, thereby enabling consumers and market participants to fully benefit from the internal market, also taking into account the rapidly developing retail payment market (the introduction of new payment solutions via smart phones, e-commerce, etc.). These proposals follow an extensive review by the Commission of the current payment services environment. In January 2012, the Commission published and publicly consulted its Green Paper towards an integrated European market for card, internet and mobile payments (3), to which the ECB also responded (4). Both the responses to the consultation on the Green Paper and the Commission’s own studies and review of the PSD reveal that recent innovations in the market and in technology for retail payment services pose new challenges for regulators, which the proposals aim to address. |
2. |
The proposed directive introduces numerous amendments to the current PSD regime, including extending coverage as regards the geographical scope and currency of payment transactions. It redefines and amends a number of the current exemptions from the PSD, to make them tighter and more difficult to exploit, and deletes others that are no longer required. For example, it amends the exemption for ‘commercial agents’ so that it will only apply to commercial agents that act on behalf of either the payer or the payee. It also redefines the current digital content or ‘telecom’ exemption with a more restricted focus and removes the exemption from the PSD of ATM services offered by independent ATM deployers. Most significantly, it extends the PSD regime to cover new services and their providers, i.e. ‘third party payment service providers’ (‘TPPs’) whose business activity is providing services based on access to payment accounts, such as payment initiation or account information, but who do not usually hold client funds (5). It also prohibits the practice of merchants imposing surcharges for interchange fee-regulated cards, in view of the capping of interchange fees under the proposed regulation on interchange fees for card-based transactions (6). Finally, it also amends numerous important components of the current regime- such as for example the safeguarding requirements, waiver conditions, and payment service provider (PSP) and payer liability for unauthorised payment transactions - with a view to further harmonising these provisions, develop a more level playing field and improve legal certainty (7). The proposed directive is generally intended to give consumers increased protection against fraud, possible abuses and other incidents related to the security of payment services. It contains several provisions requiring the European Banking Authority (EBA) to contribute to the consistent and coherent functioning of supervision pursuant to Regulation (EU) 1093/2010 of the European Parliament and of the Council (8). |
3. |
The ECB strongly supports the objectives and the content of the proposed directive. In particular, it supports the proposal to extend the current list of payment services to include payment initiation services and account information services as a means to support innovation and competition in retail payments. Supervisors and overseers have extensively discussed the issue of third party access to payment accounts in the context of the European Forum on the Security of Retail Payments (hereinafter the ‘SecuRe Pay Forum’). The core elements of these discussions are reflected in the ECB’s drafting proposals. |
4. |
The ECB also welcomes the fact that: (a) harmonisation and improvement of operational and security requirements for payment service providers has been proposed; (b) the competent authorities’ enforcement powers are to be strengthened; and (c) certain provisions of the PSD, whose application Member States have had considerable discretion over up to now, are to be tightened. This element of discretion has led to considerable divergence in the application of the rules across the Union and consequent fragmentation of the retail payments market (9). The ECB previously made its views known in its response to the Green Paper (10) and also in other forums such as the SecuRe Pay Forum. The ECB is pleased that many of the recommendations made in that response and also by the SecuRe Pay Forum have been covered in the proposed directive. Nonetheless, the ECB has a number of specific comments. |
Specific observations
1. Defined terms
The defined terms of the proposed directive (11) are largely unchanged from those of the PSD, but they could be further improved. In particular, the definitions ‘issuing of payment instruments’ and ‘acquiring of payment transactions’ should be added to the proposed directive (12). This would give Annex I to the proposed directive greater clarity. The definitions ‘payment initiation service’ (13) and ‘account information service’ (14) could also be improved by further amendment, and definitions of ‘credit transfer’, ‘cross-border payments’ and ‘national ‘payments’ should be included for the sake of completeness.
2. Other provisions
2.1. |
As regards the scope of application (15), the proposed directive provides that, where only one of the payment service providers to a payments transaction is located within the Union, the provisions with regard to the credit value date (16) and on transparency of conditions and information requirements for payment services shall apply to those parts of the transaction that are carried out in the Union (17). To the extent possible, Title IV, which covers rights and obligations in relation to the provision and use of payment services, should also apply in such cases and should apply equally in respect of all currencies. |
2.2. |
The proposed directive does not retain the possibility contained in the current PSD that authorises Member States or competent authorities to extend safeguarding requirements applicable to payment institutions engaged in business activities other than payments to payment institutions only involved in the provision of payment services (18). The ECB would propose that payment institutions should have an obligation to provide appropriate protection in the form of the safeguarding requirements for a payment service user’s funds, regardless of whether they are engaged in other business activities than payment services or not. |
2.3. |
For reasons of efficiency, the ECB would welcome one single authority, which would be responsible for ensuring compliance with the directive, but is aware, however, that this might prove difficult in practice due to diverging national arrangements. |
2.4. |
Furthermore, the ECB suggests that Europol be added as an additional authority with which the competent authorities for supervising payment services may exchange information (19), in view of Europol’s expertise in the area of international crime and terrorism, including combatting euro counterfeiting and other misuse of payment instruments and services for the purposes of financial crime. |
2.5. |
Considering that account servicing payment service providers shall, for services under point 7 in Annex I to the proposed directive, be mandated to allow access to payment accounts, and also taking into consideration that TPPs’ services are usually provided over the internet and therefore not limited to one single Member State, the ECB suggests, for security reasons, that TPPs should not be the cause for any waiver under Article 27. |
2.6. |
Payment systems designated under Directive 2009/44/EC (20) (hereinafter the ‘Settlement Finality Directive’) are excluded from the rule in Article 29(1) of the proposed directive, which states that access to payment systems should be objective and non-discriminatory. However, the last paragraph of Article 29(2) of the proposed directive states that, if a designated payment system allows indirect participation, such participation should also be provided to other authorised or registered payment service providers in accordance with Article 29(1). The definition of ‘indirect participant’ in Article 2(g) of the Settlement Finality Directive does not currently cover payment institutions and, in order to ensure consistency and legal certainty, the ECB suggests amending the definition of ‘indirect participant’ in the Settlement Finality Directive to also cover payment service providers. |
2.7. |
In order to combine security requirements and customer protection with the idea of open access to payment account services, the ECB suggests that customers are appropriately authenticated by relying on a strong customer authentication system. TPPs could ensure this through either redirecting the payer in a secure manner to their account servicing payment service provider or issuing their own personalised security features. Both options should form part of a standardised European interface for payment account access. This interface should be based on an open European standard and allow any TPP to access payment accounts at any PSP throughout the Union. The standard could be defined by EBA in close cooperation with the ECB and include technical and functional specifications, as well as related procedures. Furthermore, third party payment service providers should: (a) protect the personalised security features of payment service users they issue themselves; (b) authenticate themselves in an unequivocal manner vis-à-vis the account servicing payment service provider(s); (c) refrain from storing data obtained when accessing payment accounts, apart from information that identifies payments they initiate, such as reference number, payer’s and payee’s IBAN as well as the transaction amount; and (d) refrain from using data for any purposes other than those explicitly permitted by the payment service user (21). Contracts between the account servicer payment service providers and the TPPs are one possible option for clarifying a number of these aspects. From an efficiency perspective, and in order not to create an undue barrier to competition, the main aspects (including a liability regime) should be clarified in the proposed directive. Further business rules, including technical and operational arrangements, e.g. authentication, protection of sensitive data, identification and traceability of payment orders could be defined through the creation of a payment scheme, to which all relevant actors could adhere and which would avoid the need to seek agreement on individual contracts. |
2.8. |
Concerning the provisions on framework contracts and consumer protection the ECB is of the view that consumers, as payment account holders in relation to payment initiation services, should have a level of protection comparable to that provided to debtors under Regulation (EU) No 260/2012 of the European Parliament and of the Council (22) (hereinafter referred to as the ‘SEPA Regulation’), i.e. the consumer should have the right to instruct its account servicing payment service provider to establish specific positive or negative lists of TPPs (23). |
2.9. |
In the context of direct debits, the proposed directive indicates that the payer should have an unconditional right to a refund, except where the payee has already fulfilled its contractual obligations and the services have already been received or the goods have been consumed by the payer (24). Instead of strengthening consumer protection, it appears likely that the proposed directive would no longer allow the unlimited refund rights under the current SEPA direct debit scheme. To comply with these provisions on the refund right, payment service providers would probably have to collect information about their customers’ purchases. This is an issue which might raise concerns over privacy, as well as increasing the administrative burden on payment service providers. The ECB would instead suggest introducing, as a general rule, an unconditional refund right for a period of eight weeks for all consumer direct debits. For certain kinds of goods and services, debtors and creditors should be able to agree separately that no refund rights will apply. The Commission could establish an exhaustive list of such goods and services by delegated acts. |
2.10. |
The financial compensation to be paid by the TPPs to the account servicing payment service provider in respect of unauthorised payment transactions pursuant to Articles 65 and 82 of the proposed directive does not correspond to compensation for non-execution, defective or late execution. The ECB would therefore suggest aligning these provisions with each other to ensure similar rules for compensation (25). |
2.11. |
The existing PSD has contributed to a considerable extent to increasing the efficiency of retail payments by introducing the ‘D+1’ execution time for credit transfers (26). The ECB has observed that developments in business practices and technology allow for increasingly faster payment execution and welcomes that such services are already available in several Member States to the benefit of both consumers and enterprises. The ECB expects that the markets will continue to improve execution times across Europe and is pleased to support this process in its role as a catalyst. |
2.12. |
The assessment of security arrangements and incident notifications (27) for payment service providers is a core competence of prudential supervisors and central banks. The development of supervisory requirements in these areas should thus remain under the control of these authorities. However, under the PSD, there is a need to share information with the competent authorities, the ECB, and, where relevant, with the European Network and Information Security Agency (ENISA) and competent authorities under the NIS directive in the area of operational risks, including security risks. The EBA should be responsible for coordinating such information-sharing between the competent authorities of Member States, whereby the ECB will notify the members of the ESCB as regards relevant issues for payment systems and payment instruments. |
2.13. |
The EBA should also develop guidelines addressed to competent authorities on complaint procedures (28) that will assist in harmonising procedures. |
2.14. |
Certain provisions (29) only concern Member States’ discretion regarding national payments transactions. Such rules do not appear to be in line with the aim of establishing a single market for payment services and should preferably be taken out. |
2.15. |
Finally, there are separate provisions on access and use of payment account information by TPPs and by third party payment instrument issuers, i.e. when a payment card is issued by a TPP (30). These services are not essentially different, so the ECB would suggest merging these provisions since the former regime on access and use of payment account information by the TPP could also apply mutatis mutandis to third party payment instrument issuers. |
Where the ECB recommends that the proposed directive be amended, specific drafting proposals are set out in the Annex accompanied by explanatory text to this effect.
Done at Frankfurt am Main, 5 February 2014.
The President of the ECB
Mario DRAGHI
(1) COM(2013) 547/3.
(2) Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC (OJ L 319, 5.12.2007, p. 1).
(3) COM(2011) 941 final.
(4) See Eurosystem response to the European Commission Green Paper ‘Towards an integrated European market for card, intent and mobile payments’ of March 2012, available on the ECB’s website at www.ecb.europa.eu.
(5) See Point (7) of Annex I to the proposed directive.
(6) Proposal for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions (COM (2013) 550/3); 2013/0265.
(7) Further provisions clarify the rules on access to payment systems and the right of refund, and also address the security aspects and aspects of authentication in line with the Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union (COM(2013) 48 final) (hereinafter the ‘Network and Information Safety (NIS) Directive’);. For the proposed NIS Directive see further para. 2.12 below.
(8) Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12).
(9) See, for example, Article 66 of the proposed directive on the rules on PSP and payer liability in case of unauthorised card transactions.
(10) See footnote 4.
(11) See Article 4 of the proposed directive.
(12) See drafting amendment 12 in the Annex.
(13) See Article 4(32) of the proposed directive.
(14) See Article 4(33) of the proposed directive.
(15) See Article 2 of the proposed directive.
(16) See Article 78 of the proposed directive.
(17) See Title III of the proposed directive.
(18) See Article 9 of the PSD.
(19) See Article 25 of the proposed directive.
(20) Directive 2009/44/EC of the European Parliament and of the Council of 6 May 2009 amending Directive 98/26/EC on settlement finality in payment and securities settlement systems and Directive 2002/47/EC on financial collateral arrangements as regards linked systems and credit claims (OJ L 146, 10.6.2009, p. 37).
(21) See Article 58 of the proposed directive.
(22) See Recital 13, and Article 5(3)(d)(iii) of Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (OJ L 94, 30.3.2012, p. 22) (hereinafter the ‘Single European Payments Area (SEPA) Regulation’).
(23) See Articles 45 and 59 (new) of the proposed directive.
(24) See Recital 57 and Article 67(1) of the proposed directive.
(25) See Articles 65, 80 and 82 of the proposed directive.
(26) Article 69(1) of the existing PSD provides for credit transfers to be credited to the payment service provider’s account of the payee by close of business on the day following receipt of the payment order at the latest.
(27) See Articles 85 and 86 of the proposed directive.
(28) See 'Article 88(1) of the proposed directive.
(29) See Article 35(2) and 56(2) of the proposed directive.
(30) See Articles 58 and 59 respectively.
ANNEX
Drafting proposals
Text proposed by the Commission |
Amendments proposed by the ECB (1) |
||||||||||||||||||||||||||||||||||||
Amendment 1 |
|||||||||||||||||||||||||||||||||||||
Recital 6 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation See Amendment 31. |
|||||||||||||||||||||||||||||||||||||
Amendment 2 |
|||||||||||||||||||||||||||||||||||||
Recital 7 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation See Amendment 31. |
|||||||||||||||||||||||||||||||||||||
Amendment 3 |
|||||||||||||||||||||||||||||||||||||
Recital 18 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation It is suggested to describe all types of TPPs under the same recital, therefore recitals 18 and 26 have been merged and reference is also made to TPPs issuing payment instruments, e.g. debit or credit cards. Following the inclusion of the latter, it is suggested to delete the example on the alternative to such cards. Moreover, the possibility is expressed that account information services could be provided at the same time as payment initiation services. |
|||||||||||||||||||||||||||||||||||||
Amendment 4 |
|||||||||||||||||||||||||||||||||||||
Recital 26 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation This recital has been merged with recital 18 (see Amendment 3). |
|||||||||||||||||||||||||||||||||||||
Amendment 5 |
|||||||||||||||||||||||||||||||||||||
Recital 51 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Editorial clarification on parties concerned. |
|||||||||||||||||||||||||||||||||||||
Amendment 6 |
|||||||||||||||||||||||||||||||||||||
Recital 52 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation See Amendment 19 and 24. |
|||||||||||||||||||||||||||||||||||||
Amendment 7 |
|||||||||||||||||||||||||||||||||||||
Recital 57 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Making refund rights dependent on the underlying purchase raises privacy concerns, as well as concerns relating to efficiency and costs. The adoption of this proposal would probably mean that the unlimited refund rights under the current SEPA direct debit scheme would no longer be permitted, bringing less favourable conditions to consumers. The ECB suggests introducing, as a general rule, an unconditional refund right for a period of eight weeks for all consumer direct debits. For listed goods or services meant for immediate consumption, debtors and creditors could separately and explicitly agree that no refund rights should apply. The Commission could establish such a list by means of a delegated act. |
|||||||||||||||||||||||||||||||||||||
Amendment 8 |
|||||||||||||||||||||||||||||||||||||
Recital 80 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Security aspects with respect to payment services also fall under the competence of central banks. The ECB has established, on a voluntary basis, a close cooperation with supervisors of payment service providers in the SecuRe Pay Forum. This successful cooperation should be formalised. The current proposal does not include any regulatory technical standards; therefore the reference has been deleted. |
|||||||||||||||||||||||||||||||||||||
Amendment 9 |
|||||||||||||||||||||||||||||||||||||
Article 2 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation In order to ensure comprehensive protection to users of payment services, the provisions on transparency and credit value date, as well as the provisions on rights and obligations relating to the provision and use of payment services should apply to transactions where only one of the payment service providers is located within the Union, in respect to those parts of the transaction that are carried out in the Union. |
|||||||||||||||||||||||||||||||||||||
Amendment 10 |
|||||||||||||||||||||||||||||||||||||
Article 4(32) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation The definition needs to remain as simple and flexible as possible so that future solutions are also covered. The definition should be free of requirements or references to specific technologies. |
|||||||||||||||||||||||||||||||||||||
Amendment 11 |
|||||||||||||||||||||||||||||||||||||
Article 4(33) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation The definition needs to remain as simple and flexible as possible so that future solutions are also covered. The definition should be free of requirements or references to specific technologies. |
|||||||||||||||||||||||||||||||||||||
Amendment 12 |
|||||||||||||||||||||||||||||||||||||
Article 4(39)-(43) (new) |
|||||||||||||||||||||||||||||||||||||
No text |
|
||||||||||||||||||||||||||||||||||||
The definitions of ‘issuing of payment instruments’ and ‘acquiring payment transactions’ should be added in order to ensure that all providers involved in payment services come under the proposed directive as provided for in Annex I. These definitions should be aligned with the proposal for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions (COM (2013) 550/3); 2013/0265. The definition of ‘credit transfer’ should be included since this is one of the core payment instruments of the abovementioned proposed regulation. The inserted definition is aligned with the SEPA Regulation. Including definitions for ‘cross-border payment’ and ‘national payment’ should increase clarity. |
|||||||||||||||||||||||||||||||||||||
Amendment 13 |
|||||||||||||||||||||||||||||||||||||
Article 9(1) introductory paragraph |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation In line with the aim to harmonise safeguarding requirements, the alternative text is suggested in order to ensure that payment service user’s funds for all payment institutions are appropriately protected, regardless of whether they are engaged in other business activities. |
|||||||||||||||||||||||||||||||||||||
Amendment 14 |
|||||||||||||||||||||||||||||||||||||
Article 12(1) |
|||||||||||||||||||||||||||||||||||||
[…]
|
[…]
|
||||||||||||||||||||||||||||||||||||
Explanation Providing accurate statistical information is essential for monitoring risk related to payment institutions. |
|||||||||||||||||||||||||||||||||||||
Amendment 15 |
|||||||||||||||||||||||||||||||||||||
Article 25(2) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Europol should be added as an additional authority with which the competent authorities should be able to share information, in view of its competence and expertise in investigating and coordinating, at Union level, the fight against, inter alia, euro counterfeiting, forgery and other serious financial crime involving means of payment. See Annex to Council Decision 2009/371/JHA (3). |
|||||||||||||||||||||||||||||||||||||
Amendment 16 |
|||||||||||||||||||||||||||||||||||||
Article 27(5)(a) (new) |
|||||||||||||||||||||||||||||||||||||
No text |
|
||||||||||||||||||||||||||||||||||||
Explanation Since account servicing payment service providers have to provide access to TPPs, allowing the latter to obtain a waiver from the supervisory requirements could bring unanticipated risks. Additionally, the services that TPPs offer are usually provided over the internet and therefore not limited to one single Member State. Therefore, TPPs should not be able to obtain a waiver. |
|||||||||||||||||||||||||||||||||||||
Amendment 17 |
|||||||||||||||||||||||||||||||||||||
Article 35(2) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation For national payment transactions, i.e. those that are not cross-border, it does not appear necessary to allow Member States or their competent authorities to significantly adjust the maximum payment amounts in Article 35(1) due to the derogation for low value payment instruments. Additionally, allowing this adjustment would result in very divergent national regimes on derogation, which conflicts with the objective of an integrated and harmonised European retail payments market. |
|||||||||||||||||||||||||||||||||||||
Amendment 18 |
|||||||||||||||||||||||||||||||||||||
Article 39 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation This addition provides clarification that with regard to charges, third party payment services providers will only be able to detail their own charges; not charges levied by the account servicing payment services provider. |
|||||||||||||||||||||||||||||||||||||
Amendment 19 |
|||||||||||||||||||||||||||||||||||||
Article 40 |
|||||||||||||||||||||||||||||||||||||
‘Where a payment order is initiated by the third party payment service provider’s own system, it shall in case of fraud or dispute make available to the payer and the account servicing payment service provider the reference of the transactions and the authorisation information.’ |
‘Where a payment order is initiated by the third party payment service provider’s own system, it shall in case of fraud or dispute make available to the payer and the account servicing payment service provider the reference of the transactions and the authorisation information proof that the user has been authenticated in accordance with Article 58(2).’ |
||||||||||||||||||||||||||||||||||||
Explanation Since personalised security features should no longer be shared, the TPP in the event of a dispute or fraud needs to proof that (a) the PSP confirmed to the TPP that the transaction has been authorised or (b) that the customer was undisputedly authenticated based on the personalised security features issued by the TPP. |
|||||||||||||||||||||||||||||||||||||
Amendment 20 |
|||||||||||||||||||||||||||||||||||||
Article 41 |
|||||||||||||||||||||||||||||||||||||
‘Immediately after receipt of the payment order, the payer's payment service provider shall provide or make available to the payer, in the same way as provided for in Article 37(1), the following data: […].’ |
‘Immediately after receipt of the payment order, the account servicing payer's payment service provider shall provide or make available to the payer, in the same way as provided for in Article 37(1), the following data: […].’ |
||||||||||||||||||||||||||||||||||||
Explanation This change provides clarification that this article refers only to account servicing payment service providers, since the TPPs’ obligations are already outlined in Article 39. This applies to situations where TPPs are involved as well as for traditional payment services. |
|||||||||||||||||||||||||||||||||||||
Amendment 21 |
|||||||||||||||||||||||||||||||||||||
Article 45(5)(g) (new) |
|||||||||||||||||||||||||||||||||||||
No text |
|
||||||||||||||||||||||||||||||||||||
Explanation Payment service users will only be able to exercise their rights under proposed Article 59 (new) to block payment initiation services or to establish positive or negative lists for specific TPPs if they are informed accordingly. |
|||||||||||||||||||||||||||||||||||||
Amendment 22 |
|||||||||||||||||||||||||||||||||||||
Article 54(1) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation See explanation to Amendment 26. |
|||||||||||||||||||||||||||||||||||||
Amendment 23 |
|||||||||||||||||||||||||||||||||||||
Article 56(2) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation For national payment transactions, i.e. those that are not cross-border, it does not appear necessary to allow Member States or their competent authorities to significantly adjust the maximum payment amounts in Article 56(1) due to the derogation for low value payment instruments. Additionally, allowing this adjustment would result in very divergent national regimes on derogation, which conflicts with the objective of an integrated and harmonised European retail payments market. |
|||||||||||||||||||||||||||||||||||||
Amendment 24 |
|||||||||||||||||||||||||||||||||||||
Article 58 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
It is a core principle of IT security that credentials used to authenticate the payment service user are not shared with any third party. Therefore TPPs should ensure strong customer authentication by either: (a) redirecting the payment service user in a secure manner to its account servicing payment service provider; or b) issuing its own personalised security features. Both options should form part of the standardised European technical interface for payment account access. This secure standardised interface for third party service providers for access to payment account information should be based on an open European standard and allow, upon the transposition of the proposal, any TPP to access payment accounts at any PSP throughout the Union. This interface should be defined shortly after the proposed directive is adopted, by EBA in close cooperation with the ECB and include, at a minimum, technical and functional specifications as well as related procedures. Furthermore, third party service providers should: (a) protect the personalised security features of the payment service user, (b) authenticate themselves in an unequivocal manner as regards the payment service user’s account servicing payment service provider(s); (c) refrain from storing data obtained when accessing the payment service user’s payment account, apart from information for identifying a payment initiated by TPPs, such as the reference number, payer’s and payee’s IBAN, the transaction amount; and (d) refrain from using any data for purposes other than explicitly requested by the payer. |
|||||||||||||||||||||||||||||||||||||
Amendment 25 |
|||||||||||||||||||||||||||||||||||||
Article 59 |
|||||||||||||||||||||||||||||||||||||
‘Article 59 Access to and use of payment account information by third party payment instrument issuers
|
‘Article 59 Access to and use of payment account information by third party payment instrument issuers
|
||||||||||||||||||||||||||||||||||||
Explanation The provisions of this article on the access to and use of payment account information by third party PSPs issuing payment instruments, e.g. payment cards are in substance identical to those of Article 58 governing the access to and use of payment account information by third party PSPs. Accordingly Article 59 could be deleted without any risk to legal certainty for PSPs and for payers making use of their services. |
|||||||||||||||||||||||||||||||||||||
Amendment 26 |
|||||||||||||||||||||||||||||||||||||
Article 59 (new) |
|||||||||||||||||||||||||||||||||||||
No text |
‘Article 59. The payer must have the right to: (i) instruct its account servicing payment service provider to block any payment initiation services from the payer’s payment account; (ii) to block any payment initiation services initiated by one or more specified third party payment service providers; or (iii) to only authorise payment initiation services initiated by one or more specified third party payment service providers.’ |
||||||||||||||||||||||||||||||||||||
Explanation In line with the provisions on consumer protection and the safeguards for payment service users contained in Recital 13 and Article 5(3)(d)(iii) of the SEPA Regulation, and to ensure legal consistency, a new article guaranteeing payment service users the right to instruct their PSPs to establish specific positive or negative lists of TPPs should be added. This provision should not, however, apply to payment users other than consumers (see Amendment 22). Since the instructions must come from the payer, this should not cover a generalised default blocking or inclusion of a generalised blocking of TPPs in the terms and conditions or contracts of a PSP. |
|||||||||||||||||||||||||||||||||||||
Amendment 27 |
|||||||||||||||||||||||||||||||||||||
Article 65(2) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation From a customer protection perspective, it is natural that payer would turn to the account servicing payment service provider for a refund, since their relationship with the TPP may only take place on a one-off basis, e.g. for payment initiation. The account servicing payment service provider could then claim compensation from the TPP, unless the TPP can prove that it was not responsible for the error. Compensation for the TPP should follow the same rules as for the non-execution, defective or late execution of a payment transaction pursuant to Article 80 as well as a right of recourse pursuant to Article 82. Such compensation may, for example, be available where the TPP has issued its own security features, e.g. for a payment card. |
|||||||||||||||||||||||||||||||||||||
Amendment 28 |
|||||||||||||||||||||||||||||||||||||
Article 66(1) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Consumers should be ensured similar protection irrespective of the payment initiation channel. |
|||||||||||||||||||||||||||||||||||||
Amendment 29 |
|||||||||||||||||||||||||||||||||||||
Article 67(1) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Making refund rights dependent on the underlying purchase raises privacy concerns, as well as concerns relating to efficiency and costs. The adoption of this proposal would probably mean that the unlimited refund rights under the current SEPA direct debit scheme would no longer be permitted, bringing less favourable conditions to consumers. The ECB suggests introducing, as a general rule, an unconditional refund right for a period of eight weeks for all consumer direct debits. For listed goods or services meant for immediate consumption, debtors and creditors could separately and explicitly agree that no refund rights should apply. The Commission could establish such a list by means of a delegated act. |
|||||||||||||||||||||||||||||||||||||
Amendment 30 |
|||||||||||||||||||||||||||||||||||||
Article 82(1) |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Unauthorised payment transactions should also be covered under the right of recourse. In order to provide more clarity, it would be desirable to define the term ‘intermediary’ in the proposed directive. |
|||||||||||||||||||||||||||||||||||||
Amendment 31 |
|||||||||||||||||||||||||||||||||||||
Article 85 |
|||||||||||||||||||||||||||||||||||||
‘Article 85 Security requirements and incident notification
|
‘Article 85 Security requirements and incident notification
|
||||||||||||||||||||||||||||||||||||
Explanation Supervisors and the ESCB are the competent authorities to issue guidelines on incident management and incident notifications for payment service providers as well as to issue guidelines on sharing incident notifications between the relevant authorities. Placing payment service providers under the NIS Directive could interfere with the tasks of supervisory authorities and central banks, and should therefore be avoided. However, guidelines developed by ENISA for other sectors and the requirements to be laid down in the Commission’s implementing act in accordance with Article 14(7) of the proposed NIS Directive could be considered in order to ensure a reasonable level of consistency between sector-specific pieces of legislation. The mandate for issuing the guidelines on the classification of incidents and incident reporting is closely related to the requirements laid down in this Article. Therefore it is suggested that the mandate forms part of this Article rather than Article 86. |
|||||||||||||||||||||||||||||||||||||
Amendment 32 |
|||||||||||||||||||||||||||||||||||||
Article 86 |
|||||||||||||||||||||||||||||||||||||
‘ Article 86 Implementation and reporting
|
‘ Article 86 Implementation and reporting
|
||||||||||||||||||||||||||||||||||||
Explanation Reporting requirements as regards operational and security risks should be defined and assessed by prudential supervisors and central banks. Information can be shared with ENISA or competent authorities under the NIS directive, with the EBA as the appropriate authority for coordination. |
|||||||||||||||||||||||||||||||||||||
Amendment 33 |
|||||||||||||||||||||||||||||||||||||
Article 87 |
|||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||
Explanation Please see explanation under Amendment 24. |
|||||||||||||||||||||||||||||||||||||
Amendment 34 |
|||||||||||||||||||||||||||||||||||||
Article 89(5) (new) |
|||||||||||||||||||||||||||||||||||||
No text |
|
||||||||||||||||||||||||||||||||||||
Explanation Harmonised procedures for complaints would facilitate the handling of cross-border complaints and contribute to smooth and efficient compliance procedures supporting the competent authorities in their duties under the proposed directive. |
(1) Bold in the body of the text indicates where the ECB proposes inserting new text. Strikethrough in the body of the text indicates where the ECB proposes deleting text.
(2) Directive XXXX/XX/EU of the European Parliament and of the Council of [date] concerning measures to ensure a high common level of network and information security across the Union (OJ L x, p x).
(3) Council Decision 2009/371/JHA of 6 April 2009 establishing the European Police Office (Europol) (OJ L 121, 15.5.2009, p.37).