EUROPEAN COMMISSION

Brussels, 24.9.2020

COM(2020) 592 final

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

on a Retail Payments Strategy for the EU

LIST OF ACRONYMS

AIS        Account Information Services

AML/CFT    Anti-Money Laundering and Combating the Financing of Terrorism

API        Application Programming Interface

ATM        Automated Teller Machine

CPACE    Common Payment Application Contactless Extensions

CSM        Clearing and Settlement Mechanism

EBA        European Banking Authority

ECB        European Central Bank

eID        Electronic Identification

ELTEG    Euro Legal Tender Expert Group

EMD2        Revised E-Money Directive

EPC        European Payments Council

ERPB        European Retail Payments Board

IBAN        International Bank Account Number

NFC        Near Field Communication

PIS        Payment Initiation Services

POI        Point of Interaction

POS        Point of Sale

PSD2        Revised Payment Services Directive

PSP        Payment Service Provider

SEPA        Single Euro Payments Area

SCT        SEPA Credit transfer

SCT Inst.    SEPA Instant Credit Transfer

SDD        SEPA Direct Debit

SCA        Strong Customer Authentication

SFD        Settlement Finality Directive

TIPS        TARGET Instant Payment System

TPP        Third-Party Provider

SWIFT    Society for Worldwide Interbank Financial Telecommunication

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

on a Retail Payments Strategy for the EU

I.Context and challenges

Once relegated to the back-office, payments have become strategically significant. They are the lifeblood of the European economy. In its Communication from December 2018, the Commission supported “a fully integrated instant payment system in the EU, to reduce the risks and the vulnerabilities in retail payment systems and to increase the autonomy of existing payment solutions.” 1

As highlighted in the digital finance strategy, adopted alongside this Communication, digital innovation is radically reshaping the provision of financial services. The retail payments sector is at the forefront of the trend and the pace and scale of technological change in that sector requires specific and targeted policy measures that go beyond the horizontal scope of the digital finance strategy.

Over the last decade, most payments innovations have focused on improving customer interfaces (e.g. mobile apps) or front-end solutions, without fundamentally changing the payment instruments used (cards, bank transfers etc.).

Recently, however several significant trends have emerged. The act of paying has become less visible and increasingly dematerialised and disintermediated. Large technology companies (‘BigTechs’) have become active in the payments sector. Benefitting from significant network economies, they can challenge established providers. Moreover, with the emergence of crypto-assets (including so-called ‘stablecoins’) they may soon be offering disruptive payment solutions based on encryption and distributed ledger technology (DLT). In spite of this wave of innovation, most of the new digital payment solutions are still largely based on traditional cards or bank transfers, irrespective of whether they are offered by incumbent banks, card companies, financial technology firms (FinTechs), or BigTechs.

Innovation and digitalisation will continue to change how payments work. Increasingly payment service providers will abandon old channels and traditional payment instruments and develop new ways to initiate payments, such as ‘wearables’ (watches, glasses, belts etc.) or parts of the body, sometimes even eliminating the need to carry a payment device, building on advanced authentication technologies such as those relying on biometrics. As the internet of things further evolves, devices such as fridges, cars and industrial machinery will increasingly connect to the internet and become conduits for economic transactions.

With digitalisation and changing consumer preferences, cashless transactions are increasing rapidly 2 . The Covid-19 pandemic has further reinforced the shift to digital payments and confirmed the vital importance of safe, accessible and convenient (including contactless) payments for remote and face-to-face transactions. However, cash remains the means used for a majority of retail payments in the EU.

The public and private sectors have complementary roles to play in the future payments landscape. As more and more central banks around the world look into the possibility of issuing central bank digital currencies (CBDCs), there are tangible prospects of further significant changes in the retail payments market.

A fragmented EU market

There have been substantial improvements in recent years, thanks mostly to the development of the Single Euro Payment Area (SEPA) and to the harmonisation of retail payments legislation. However, the EU payments market remains, to a significant degree, fragmented along national borders, as most domestic payment solutions based on cards or instant payments do not work cross-border. This comes to the advantage of a handful of big global players, which capture the whole intra-European cross-border payments market.

With the exception of those large global players, including worldwide payment card networks and large technology providers, there is virtually no digital payment solution that can be used across Europe to make payments in shops and in e-commerce. In their response to the public consultation on this strategy, several FinTechs active domestically reported that this fragmentation was obstructing their efforts to scale-up across the Single Market.

At the same time, there have recently been a number of encouraging developments. For example, on 2 July 2020 a group of 16 European banks launched the European Payment Initiative (EPI) 3 project with a view to offering a pan-European payment solution by 2022. The Commission and the European Central Bank (ECB) had given this initiative their political support from the beginning and welcomed its launch 4 . Other promising market-driven initiatives have emerged recently that are aimed at designing common infrastructures 5 , at increasing cooperation and interoperability between domestic payment solutions 6 and developing new common payment solutions.

In parallel, several initiatives pursued under the auspices of the Euro Retail Payments Board 7 (ERPB) and the European Payments Council (EPC) are aimed at adopting common European schemes and rules, which should eventually facilitate the emergence and interoperability of instant payment solutions in shops and e-commerce.

Why a strategy?

All these initiatives demonstrate the dynamism of the European payments landscape. There is however a risk of inconsistencies and further market fragmentation. There is also a need for a clear ‘governance’ framework to underpin the EU retail payments strategy. EU institutions – and in particular the Commission – can play a role of political catalyst, whilst relying fully on the private sector to design the relevant payments solutions. It is therefore of crucial importance to develop a clear vision, setting out the expected direction of travel and placing future actions under a single, coherent and overarching policy framework. This is the aim of the present Communication.

II.A vision for European retail payments

The Commission’s vision for the EU’s retail payments is that:

-Citizens and businesses in Europe benefit from a broad and diverse range of high-quality payment solutions, supported by a competitive and innovative payments market and based on safe, efficient and accessible infrastructures;

-Competitive home-grown and pan–European payment solutions are available, supporting Europe’s economic and financial sovereignty; and

-The EU makes a significant contribution to improving cross-border payments with non-EU jurisdictions, including remittances, thereby supporting the international role of the euro and the EU’s ‘open strategic autonomy’.

The Commission’s objective is that of a highly competitive payments market, benefitting all Member States, whichever currency they use, where all market participants are able to compete on fair and equal terms to offer innovative and state-of-the-art payment solutions in full respect of the EU’s international commitments.

As payments are at the forefront of digital innovation in finance, implementing this strategy will contribute to the Commission’s broader vision for digital finance and to its objectives of: removing market fragmentation, promoting market driven innovation in finance and addressing new challenges and risks associated with digital finance whilst ensuring technology neutrality. This strategy is therefore presented alongside the digital finance strategy and the two legislative proposals on a new EU framework for strengthening digital operational resilience and on crypto-assets. It is also complementary to the updated retail payments strategy presented by the ECB/Eurosystem in November 2019. 8

This strategy focuses on the following four key pillars, which are closely interlinked:

1)increasingly digital and instant payment solutions with pan-European reach;

2)innovative and competitive retail payments markets;

3)efficient and interoperable retail payment systems and other support infrastructures; and

4)efficient international payments, including remittances.

III. Pillars for strategic actions

A.Pillar 1: Increasingly digital and instant payment solutions with pan-European reach

The Commission wants citizens and companies in Europe to be able to access and rely on high quality payment solutions to make all their payments. These solutions should be secure and cost-efficient, and enable similar conditions for cross-border transactions as for domestic ones. Given the competitive and innovative potential of instant payments, as recognised in its December 2018 Communication, 9 the Commission believes that such solutions should largely rely on instant payment systems.

1.Instant payments as the ‘new normal’

With instant payments, funds are immediately available to the payee. Combined with the development of mobile payment services, instant payments may offer EU payment service providers (PSPs) an additional opportunity to compete with their EU and global competitors. As stated in the Commission’s December 2018 Communication: “an EU-wide cross-border instant payment solution would complement current card schemes, reducing the risk of external disruption and making the EU more efficient but also more autonomous.”

Instant payments are suitable for many uses beyond traditional credit transfers, in particular for physical and online purchases, which are currently dominated by payment card schemes.

The Commission is aiming for the full uptake of instant payments in the EU by end-2021. That will depend on significant advances on three levels: rules, end-user solutions and infrastructures. Significant progress has already been achieved on all three fronts, but some challenges remain and need to be addressed.

Uniform rules

Having uniform rules for the execution of payment transactions that set out, for example, payment service providers’ mutual rights and obligations, is indispensable. The European Payments Council (EPC) developed a 'Scheme’ for instant payments in euro (the ‘SCT Inst. Scheme’) in 2017, as it had already done in the past for SEPA direct debits and credit transfers. The scheme enables funds to be available on the account of the payee in less than ten seconds.

Unfortunately, in August 2020, after nearly three years since its introduction, only 62,4% of all EU payment service providers offering SEPA credit transfers had joined the SEPA Credit Transfer Inst. Scheme 10 . In terms of payment accounts, the European Payments Council estimates that there are 12 EU Member States (all from the euro area) where more than half of the payment accounts are reachable for SCT Inst.

As the owner of the SCT Inst. Scheme, the European Payments Council has made efforts to promote adherence. For example on 1 July 2020 it increased the maximum amount per SEPA Instant Credit Transfer transaction from 15.000 to 100.000 euro. However, the current voluntary nature of the Scheme has not attracted sufficiently rapid and broad participation. Some euro area Member States are clearly lagging behind. The Commission therefore believes that action is likely to be necessary in order to accelerate the pace of adherence to the SCT Inst. Scheme.

The SEPA Regulation requires the participants in the payment scheme to represent “a majority of PSPs within a majority of Member States, and constitute a majority of PSPs within the Union, taking into account only PSPs that provide credit transfers or direct debits respectively.” 11 With the National Bank of Belgium (which is the national competent authority monitoring the SCT Inst. Scheme under the SEPA Regulation), the Commission is examining the legal implications of the expected failure to fully comply by 21 November 2020 (i.e. the end of the temporary exemption period) with those adherence requirements.

End-user solutions

At the end-user level, the Commission expects payment solutions to be interoperable, accessible, to add value and meet the needs of a broad range of users, including businesses of different sizes, without excluding categories of customers, such as older persons or persons with disabilities.

The Commission fully supports and is involved in the important work carried out by the Euro Retail Payments Board (ERPB) on the interoperability of instant payment solutions for payments in shops and in e-commerce 12 . In addition, various completed or ongoing workstreams under the auspices of the European Payments Council have the potential to add value to the SEPA Instant Credit Transfer (SCT Inst.) Scheme, to improve the usability of instant payment solutions and ultimately to support the uptake of instant payments. 13

This work should be inclusive, involving all categories of PSPs, including Payment Initiation Service (PIS) and Account Information Service (AIS) providers and other relevant players, which may not be payment services providers, such as providers of end-user interfaces and user representatives.

The Commission expects broad adherence of market participants to the Schemes and recommendations developed by the Euro Retail Payments Board and European Payments Council. So far, payment service providers have not taken advantage of some of the newly developed Schemes, e.g. the ‘SEPA proxy-look-up’, launched by the European Payments Council in 2019 and updated in June 2020. This enables customers to use their mobile device to transfer money from their payment account to the account of another individual in the EU without manually exchanging payment information such as the International Bank Account Number (IBAN). 14

A growing number of end-user payment solutions offer point-of-interaction 15 (POI) payments relying, for example, on QR 16 -codes, Bluetooth (BLE) or Near Field Communication (NFC) technologies. However, QR-codes are not standardised at EU level, which restricts their acceptance, in particular for cross-border transactions. In addition, payment service providers’ access to Near Field Communication technology in mobile phones is restricted by some providers of mobile devices. This makes it difficult for providers of instant payment solutions to offer merchants and consumers convenient and affordable solutions using unified QR-codes as an alternative to cards, or to offer Near Field Communication-enabled mobile payments. 17

The Commission considers that the development of a single, open and secure European standard for QR-codes would support the uptake and interoperability of instant payments. It therefore welcomes the ongoing work of the Euro Retail Payments Board working group on a ‘Framework for instant payments at Point of Interaction’, carried out in cooperation with the European Payments Council Multi-Stakeholder Group on mobile-initiated SEPA credit transfers, and on a single standard for both merchant-presented and consumer-presented QR-codes. 18

Interoperable infrastructures

Cross-border infrastructures for the clearing and settlement of instant payments already exist in Europe, but full interoperability between these clearing and settlement mechanisms (CSMs) is yet to be achieved. As this creates a clear obstacle to the uptake of instant payments in the EU, on 24 July 2020 the ECB announced measures to address these issues 19 . There is a firm expectation that clearing and settlement mechanisms and payment service providers will ensure timely implementation of these measures, before end-2021, in view of their legal obligation to be reachable EU-wide when providing instant payments.

2.Increasing consumers’ trust in instant payments

The quasi real-time availability of the funds on the payee’s account, combined with the irrevocability of payments, may have implications for consumers in cases, for example, of erroneous transactions, fraud 20 , etc. Instant payments may also present challenges in terms of money laundering, financing of terrorism, cyber-attacks, as well as operational and liquidity risks for financial institutions. If not appropriately identified and addressed, these risks may undermine the confidence of consumers and merchants using instant payments, potentially hindering their full rollout as the new normal. The Commission recalls that, when providing instant payment services, payment service providers must ensure that they have in place appropriate and real-time fraud and money laundering/terrorist financing prevention tools, in full conformity with existing legislation.

In order to be more attractive to consumers, instant payment services should offer features that put them on an equal footing with other payment instruments (e.g. cards) that offer chargebacks, i.e. the return of credit card funds used to make a purchase to the buyer in certain cases (e.g. mistakes).

If instant payments are to become the new norm, the Commission considers that it would be appropriate that the charges of both regular and instant credit transfers should be the same. Otherwise, instant payments would remain a niche product, alongside regular credit transfers. On the other hand, it is clear that there can be additional costs for the provider if some features and add-ons, such as chargebacks, are offered with instant payments.

3.European-grown payment solutions that work cross-border

Completion of the key actions for facilitating instant payments, as identified in Sections 1 and 2 of this Chapter, may not be sufficient to ensure the successful deployment of pan-European payment solutions. Additional actions may need to be taken for European actors to thrive in a landscape occupied by well-established incumbent competitors.

New actors wishing to offer pan-European solutions may face a number of significant challenges:

·acceptance by merchants and consumers;

·customer recognition of new brands;

·designing a competitive and innovative business model catering for differing national payment traditions and habits;

·financing costly infrastructures; and

·restrictions to access certain technical infrastructures or functionalities, etc.

In addition, the strict conformity of governance and financing patterns with competition rules must be ensured. 

The Commission is fully aware of these challenges. Given the strategic nature of payments, it will continue to play an active political role to foster the development of competitive pan-European payment solutions that rely extensively on instant payments, and to address the above challenges, in full compliance with EU competition rules.

4.Reaping the full potential of the Single Euro Payments Area (SEPA)

The Single Euro Payments Area (SEPA) was created to make all cross-border electronic payments in euro as easy as domestic payments by harmonizing the way cashless euro payments are made across Europe.

Today, six years after the end-date for SEPA Credit Transfers (SCT) and SEPA Direct Debits (SDD) in euro Member States, and four years after the end-date for non-euro Member States, many citizens still face unacceptable refusals of cross-border SEPA Direct Debit transactions (‘IBAN discrimination’). This means that they cannot use IBANs from a different country to make a payment. Payees are still often unwilling or not technically able to accept cross-border SEPA Direct Debits. The Commission’s attention has frequently been drawn to cases of tax and other public administrations refusing to send or receive payments to or from a foreign account. These cases of IBAN discrimination are a breach of the SEPA Regulation, as confirmed by established case law 27 .

Even though the relevant competent authorities are required by law to monitor compliance by payment service providers with the SEPA Regulation, and to take action in case of a breach, they do not always adequately and systematically address such breaches of SEPA rules, as evidenced by the many complaints received by the Commission services.

5.Exploiting the potential of electronic identity (eID) for customer authentication

As financial services shift progressively from traditional face-to-face business towards the digital environment, digital identity solutions that can be reliably used for remote customer authentication become increasingly relevant. PSD2 has stimulated innovation in this area through the introduction of strong customer authentication (SCA), with its strict security requirements for access to payment accounts and the initiation of digital payments. In some EU Member States, electronic identification schemes have been developed for customer authentication based on national electronic identification (eID) schemes offering the highest levels of assurance.

However, the picture across the EU involves a plethora of different authentication solutions at national level with limited cross-border interoperability. This may hinder further innovation and the development of new payment services.

With the eIDAS Regulation 28 , the EU introduced in 2014 a first cross-border framework for trusted digital identities and trust services. The aim of the Regulation is to facilitate access of all EU citizens to public services across the EU by means of eID issued in their home country. The experience with the application of eIDAS reveals, however, a number of structural shortcomings, which restrict its capability of effectively supporting a comprehensive digital ID framework. In the February 2020 Communication “Shaping Europe’s digital future”, the Commission committed to revise the eIDAS Regulation to improve its effectiveness, extend its application to the private sector and promote trusted digital identities for all Europeans. The intention is to provide a future proof regulatory framework to support an EU-wide, simple, trusted and secure system to manage identities in the digital space, covering identification, authentication and the provision of attributes, credentials and attestations that will play a key role also in the payments field.

The Commission is determined to harness the potential offered by the rapid development of digital identity solutions in the financial sector. As set out in the digital finance strategy, the Commission will implement by 2024 a sound legal framework enabling the use of interoperable digital identity solutions that will allow fast and easy access of new customers to financial services. This will facilitate, as part of such solutions, their deployment in payments, with a view to improving interoperability, efficiency, ease of use (especially across borders), and safety and security, in particular to reduce instances of fraud and other crimes.

6.Improving the acceptance of digital payments

The Covid-19 pandemic has shown how important it is that digital payments be widely accepted by merchants. However, acceptance of digital payments varies significantly in the EU. There are still many entities (merchants, public administrations, hospitals, public transports) which do not accept digital payments. 

The Single Digital Gateway Regulation will bring strong improvements. It will facilitate online access to the information, administrative procedures and assistance services that citizens and businesses need to get active in another EU country. By the end of 2023, citizens and companies moving across EU borders will be able to perform a number of procedures in all EU member states without the need for any physical paperwork, like registering a car or claiming pension benefits. 29

The Commission expects Member States, in particular, to:

-explore and address the reasons for reluctance to accept digital payments, and encourage merchants to accept digital payments, including contactless payments;

-increase the digitalisation of government payments, beyond those covered by Regulation (EU) 2018/1724; and

-equip public administrations, hospitals, etc. with terminals for digital payments.

7.Maintaining the availability of central bank money

Cash accessibility and acceptance

Cash is a means of payment that offers instant settlement in face-to-face transactions, without any technical infrastructure. It is still the only form of money individuals can hold directly. As such, it should remain widely accessible and accepted.

In the euro area, euro banknotes and coins are the only legal tender pursuant to Article 128 TFEU and to Council Regulation (EC) No 974/98 of 3 May 1998 on the introduction of the euro. A Commission Recommendation of 2010 explains that, where a payment obligation exists, the legal tender of euro banknotes and coins implies:

(a)    mandatory acceptance by the creditor;

(b)    at full face value; and

(c)    with the power to discharge the payment obligation.

The Recommendation also states that the acceptance of euro banknotes and coins as a means of payment in retail transactions should be the rule, and that refusals should be possible only on the basis of the “good faith principle” (e.g. if the retailer has no change available).

Over the years, the use of non-cash means of payment has consistently increased in Europe 30 . However, cash remains the dominant means of payment in the euro area, where it is still used for 78% of all transactions 31 .

The statistics for cash usage conceals a wide range of situations. Some euro area countries (Austria, Germany Ireland, Slovakia and Slovenia) have a marked preference for cash. Estonia and the Netherlands are situated at the other end of the spectrum, with cash being used for less than half of transactions at points of sale. Outside the euro area, Sweden is a country where the use of cash has substantially decreased 32 . In all EU countries, the Covid-19 pandemic has reduced the number of cash-based transactions during lockdown, but precautionary holdings of cash have actually risen markedly in some economies 33 .

In practice, the availability of cash has decreased in recent years. 34 Cases of non-acceptance of cash increased during the Covid-19 crisis, due to public concerns about viral transmission caused by handling cash 35 and to the increasing need for remote transactions generated by lockdowns, which favoured a shift to digital payments.

While promoting the emergence of digital payments to offer more options to consumers, the Commission will continue to safeguard the legal tender of euro cash. It is aware of and shares the concerns expressed by consumer associations that there is a tangible risk that as more services are digitalised, those without access to digital services may find themselves more excluded than they are today. 36 There are still about 30 million adults in the EU who do not have a bank account 37 .

In order to preserve access to and acceptance of cash, and its legal tender, the Commission:

•Recalls that, as legal tender, euro banknotes and coins must be accepted by the creditor at full face value where a payment obligation exists and they have the power to discharge the payment obligation.

•Expects Member States to ensure the acceptance and accessibility of cash as a public good, in line with Article 128 TFEU and Council Regulation (EC) No 974/98 of 3 May 1998 on the introduction of the euro, while acknowledging the possible legitimacy of duly justified and proportionate limitations to the use of disproportionate amounts of cash for individual payments that may be necessary, inter alia, in order to prevent the risk of money laundering, terrorist financing and related predicate offences, including tax evasion 38 . One means whereby Member States might preserve access to cash could be to provide for minimum coverage of automated teller machines (ATM), or equivalent means of access, on their territory.

Central Bank Digital Currencies and further innovation in payments

The decline in the use of cash, the increasing weight of private sector payment solutions and the prospective emergence of asset-referenced tokens have led central banks to explore the issuance of Central Bank Digital Currencies (CBDCs). Depending on its design, a retail CBDC can serve both as a digital substitute for cash and private payment solutions, as well as a driver for continued innovation in payments, finance and commerce, addressing specific use cases in our increasingly digitalised economies and societies. A retail CBDC can also enhance the international role of the euro and the EU’s ‘open strategic autonomy’, and support financial inclusion. It may also contribute to the provision of resilient, fast and inexpensive payments, whilst enabling automated and conditional payments. 

As highlighted in the digital finance strategy, the Commission supports work by central banks (in particular the ECB), which are looking into the possible issuance of a retail CBDC available to the general public (households and businesses) while safeguarding the legal tender of euro cash.  This work complements the Commission’s proposed regulatory framework on asset-referenced tokens used for payment purposes.

Further work is needed to assess the potential impacts of CBDC on monetary policy, financial stability and competition, and to avoid undue disintermediation. In close coordination with the ECB, the Commission will continue to work to foster cooperation between the private and public sectors.

B.Pillar 2: Innovative and competitive retail payments markets

1.Reaping the full potential of the Payment Services Directive (PSD2)

The revised Payment Services Directive (PSD2) has enabled the emergence of new business models based on the sharing of payment account data (‘Open Banking’), such as payment initiation services (PIS) and account information services (AIS). It has also improved the general level of the security of payment transactions through the implementation of strong customer authentication (SCA). It has become a worldwide reference in terms of open banking and secure transactions.

In the wake of PSD2, more than 400 non-bank entities – third party providers (TPPs) – are now authorised to provide either payment initiation or account information services, and an increasing number of banks are themselves offering account information services and payment initiation services. However, the large potential of open banking still remains largely untapped. Two years after its entry into force the Directive has not yet yielded its full impact. Strong Customer Authentication – particularly in e-commerce – is not yet fully enforced, largely because of late or insufficient market preparedness. The uptake of regulated services based on access to payment accounts by third party providers, one of the PSD2’s cornerstones, still poses challenges to regulators and stakeholders. The existence of many different application programming interfaces (API) standards, which are key for efficient and secure access to payment accounts data, as well as different API functionality levels, have presented challenges for third party providers, in particular those that were already in business before PSD2. These third party providers had to integrate and adapt their business to different technical specifications and customer journeys for accessing payment accounts.

Given the magnitude and the complexity of the transition required by PSD2, these early challenges were to be expected. The Commission, the European Banking Authority (EBA) and national competent authorities have been working hard to address and overcome them. Important clarifications have been given via more than 100 responses provided to Q&As submitted by external stakeholders, EBA Guidelines, 39 EBA Opinions 40 , clarifications provided as a result of requests made by members of the EBA Working Group on Application Programming Interfaces 41 , and numerous meetings in which the Commission has sought to shed light and facilitate dialogues between various communities. 42

The Commission reaffirms its strong belief in the potential of open banking and is determined to make PSD2 a full success. The Commission will continue to work with the EBA to ensure that illegal obstacles to third party providers’ services are removed, and to promote a constructive dialogue between all stakeholders. In particular, it will support the finalisation of the work on a ‘SEPA Application Programming Interfaces Access Scheme’ that was launched in 2019 under the auspices of the Euro Retail Payments Board.

Going forward, the experience gathered from the full implementation of PSD2 will inform the Commission’s work on a broader framework for open finance, as set out in the Digital Finance Strategy.

2.Ensuring a high level of security for retail payments in Europe

PSD2 requires all payment service providers to apply strong customer authentication (SCA) whenever a user initiates an electronic payment or accesses their online banking interface. Payment service providers across the EU have developed authentication solutions based on the use of two or more elements categorised as ‘knowledge’ (something only the user knows), ‘possession’ (something only the user possesses) and ‘inherence’ (something the user is, e.g. biometrics).

Looking to the future, strong customer authentication must become the norm when paying online, e.g. in e-commerce or online travel booking. Payment service providers’ authenticating solutions compliant with strong customer authentication must provide users with a seamless and accessible experience to access their payment accounts online and to facilitate the completion of transactions. They should rely on the most secure authenticating factors, moving away, where possible, from transmittable elements (e.g. static passwords) and from older technologies and communication channels that are prone to attacks (e.g. SMS text messages).

As new types of fraud keep appearing, strong customer authentication alone may not be enough to ensure that payment service users remain fully protected. Payment service providers should always be at the cutting edge of fraud detection and prevention. PSD2 is widely acknowledged to have enabled the EU and companies operating in the EU to become world leaders in terms of operational risk, IT security and major incident reporting, partly thanks to the European Banking Authority’s Guidelines 43 .

For payments posing a higher fraud risk, the Commission will assess whether requiring a match between the beneficiary name and IBAN may be effective in preventing frauds, such as ‘social engineering’ where people are manipulated into performing actions or divulging confidential information.

To counter phishing, it will be of key importance that EU PSP’s adopt internationally recognized controls, such as Domain-based Message Authentication, Reporting and Conformance (DMARC) 44 .

While protecting users against payment fraud is vital to preserve trust in payment systems and in digital payments more generally, it is equally important that payment service providers do their utmost to protect themselves against cyber-attacks, as well as against any other man-made and natural risks.

It is equally important to ensure that the authentication approaches chosen by PSPs that rely exclusively on advanced technological devices do not lead to the exclusion of categories of customers, such as older persons.

3.Fostering consumer protection

The retail payments acquis aims to ensure that EU payment service users enjoy transparency and security when paying digitally. However, the payments market continues to evolve rapidly, and further safeguards to protect consumers may be needed in the future.

In addition to the initiatives announced in this Communication, which will improve consumer protection in payments, the Commission considers that the increased use of digital payments calls for further reflection on payments transparency, as well as on the features of increasingly popular types of payments, such as contactless.

Contactless payments

At the outbreak of the Covid-19 crisis, following the European Banking Authority’s Recommendation, 46 the banking and payment communities in most EU countries increased the maximum value for contactless payments to the €50 limit under the PSD2 regulatory technical standards 47 . Following this, the number of contactless payments increased significantly.

Having made greater use of contactless payments, in particular for health reasons, it is likely that in future consumers will retain this habit. That would be a positive development. However the Commission does not consider it appropriate, at least at this stage, to raise the legal maximum (per transaction and cumulative) amounts of contactless payments without strong customer authentication. In the absence of strong customer authentication, there is a risk that an increase in contactless payments might be accompanied by a parallel increase in fraud. The impact of any increase to the limits would therefore have to be carefully assessed before any decision could be taken.

In the meantime, the Commission will examine, with both stakeholders and Member States, the technical conditions that could enable consumers to set their own individual contactless limit (subject to the €50 maximum). The only choice that most consumers have today is to whether to activate or disable contactless payments. As there is no strong customer authentication for contactless payments, consumers are in any event protected for the full amount.

Enhancing the transparency of transaction statements

As the payments chain of actors involved in a single transaction becomes longer and more complex, payment service users may find it increasingly difficult to identify to whom, where and when they made a payment. This can lead to confusion, e.g. for instance where the name and place of the payment beneficiary in the transaction statement is not the commercial name of the company. This may in turn make it more difficult for consumers to spot fraudulent transactions.

The Euro Retail Payments Board is currently tackling this issue with a view to identifying solutions that allow users to more easily monitor their transactions.

The Commission supports the Euro Retail Payments Board’s ongoing work on enhancing transparency for retail payments users and will take account, in the context of the PSD2 review, of any recommendations that the Euro Retail Payments Board makes in this area. 

4.Future-proof supervision and oversight of the payments ecosystem

As highlighted in the digital finance strategy, the financial ecosystem is becoming increasingly complex with a more fragmented value chain. The payments chain involves many players (some regulated, others not) and increasing levels of complexity and inter-dependency. While regulation must guarantee a level playing field, promote fair competition and low barriers to entry and spur innovation, it must also uphold users’ rights and protect the overall ecosystem from financial and operational risks. To achieve these objectives, the regulatory perimeter needs to be well balanced.

While PSD2 implementation is still in its infancy, the E-money Directive (EMD2) 48 has been in force for over a decade, so there is sufficient experience to draw lessons from its implementation. After the adoption of PSD2, the two regimes converged, but remained separate. The differences between the services provided by payment institutions and e-money institutions no longer seem to justify a distinct authorisation and supervision regime and could therefore be brought under a single framework. As the respective scopes of PSD2 and EMD2 exclude certain services and instruments, it is also important to ensure that any exemptions granted to businesses posing low risks remain justified.

Need for a level playing-field between payment service providers

In a world increasingly dominated by digital platforms, large technology providers are taking advantage of their vast customer base to offer front-end solutions to end-users. Their entry into finance may consolidate the network effects and their market power. As highlighted in the digital finance strategy, several initiatives have emerged involving crypto-asset service providers using distributed ledger technologies. These actors may provide payment services that compete with those offered by regulated players (e.g. payment service providers, payment systems and payment schemes). They must therefore be regulated on the same basis in order to ensure a full level-playing field (‘same business, same risks, same rules’). On the one hand, they may broaden the range of available payment services and contribute to an innovative market. On the other hand, they could, if not properly regulated, supervised or overseen, pose a threat to monetary sovereignty and financial stability.

Over the years, competition issues observed in the payments sector related to access to data and information exchanges between competitors, as well as increased risks of foreclosure and abuse of dominance. Such risks may increase further through digitization. For example, newly emerging digital financial services platforms may quickly acquire dominant positions or market power. Large technology providers can use their customer data and network effect advantages to enter the payments sector, leveraging their market power from social media or search services. As part of its competition policy enforcement in digital markets, the Commission is closely monitoring digital developments in financial services and enforcing EU competition law, where necessary, to promote competition and to prevent entry barriers in these markets.

Supervision and oversight of the payments ecosystem

Supervision and oversight of the relevant actors in the payments chain has become increasingly complex, taking into account the emergence of many new business models and group structures. The potential supervisory implications became apparent in a recent case involving a technology company providing payment-related services.

Payments conglomerates may include both regulated and unregulated entities. Problems encountered by unregulated entities providing technical services to support some of the Group’s affiliates could potentially have a spill-over effect. Recent experience has demonstrated that the bankruptcy of an unregulated entity can have tangible consequences for other regulated subsidiaries (e.g. freezing of the institutions’ services by the national competent authority).

PSD2 does not currently cover services provided by “technical service providers” that support the provision of payment services without entering into possession of funds at any time. 49 As payment services increasingly rely on the provision of ancillary services by or on outsourcing arrangements with unregulated entities, the Commission considers it indispensable to assess, in the context of the PSD2 review, whether some of these services and providers should be brought into the regulated sphere and be made subject to supervision 50 .

Players in the payments chain may be under the supervision or oversight of different entities. The ECB and national central banks play a central role in the oversight of payment systems, schemes, instruments and their service providers. This complements the role of national and European supervisors in supervising payment service providers. It is important that supervisory and oversight frameworks are coherently structured, taking into account the dependencies between payment service providers, payment systems and payment schemes.

C.Pillar 3: Efficient and interoperable retail payment systems and other support infrastructures

1.Interoperable payment systems and infrastructures

Not all payment service providers that have signed up to the SEPA Instant Credit Transfer (SCT Inst.) Scheme, and are reachable domestically, are also reachable cross-border. This is both a violation of the SCT Inst. scheme rules and of Article 3(1) of the SEPA Regulation. This is due in part to the lack of interoperability between clearing and settlement mechanisms. Payment service providers have to connect to several (national and/or European) clearing and settlement mechanisms and set aside and monitor multiple liquidity pools. This is neither ideal nor effective, since even with multiple connections they cannot achieve full, pan-European reachability for SCT Inst. It is also costly due to the liquidity split between clearing and settlement mechanisms.

The operators of retail payment systems should therefore ensure efficient interoperability between the systems. In 2019, the ECB announced that in the absence of satisfactory private solutions for interoperability issues, the Eurosystem would look at appropriate solutions 51 . On 24 July 2020, it announced its decision to put in place measures ensuring pan-European reach for euro instant payments by the end of 2021 52 . As a consequence, all payment service providers which have adhered to the SCT Inst. Scheme and are reachable in TARGET2 53 should also become reachable in a TARGET Instant Payment System (TIPS) 54 central bank money liquidity account, either as a participant or as reachable party (i.e. through the account of another payment service providers which is a participant).

The Commission fully supports these proposed measures, which are necessary to ensure euro-area-wide reachability of instant payments, help payment service providers to comply with the SEPA Regulation, remove liquidity traps, and bring benefits to all clearing and settlement mechanisms competing in the provision of instant payment services, which will no longer have to depend on reaching bilateral agreements to set up links.

The Commission considers that extending the availability of these cross-border infrastructures from euro to other EU currencies is important to ensure pan-European instant payments. It therefore expects that the first cooperation agreement to allow settlement of instant payments in non-euro (Swedish krona) in the TARGET Instant Payment System, which was concluded on 3 April 2020, will pave the way for solutions that facilitate cross-currency instant payments.

2.An open and accessible payments ecosystem

Access to payment systems is essential for effective competition and innovation in the payment systems market. As payment and e-money institutions compete with banks to provide payment services and contribute to innovation in the payments market, it is important to guarantee that all players have fair, open and transparent access to payment systems.

While the revised Payment Services Directive (PSD2) requires objective and non-discriminatory access to payment systems for authorised payment service providers, the Settlement Finality Directive (SFD) 55 makes access dependent on statutory criteria. This has prevented e-money institutions and payment institutions from gaining direct access to payment systems designated under the SFD.

PSD2 requires Member States to ensure that direct participants (i.e. mostly banks) in an SFD-designated payment system allow indirect access by non-bank payment service providers in an objective, proportionate and non-discriminatory manner. However, indirect access via banks may not be the best option for many non-bank payment service providers, as this makes them dependent on those banks.

The Commission is aware that some national central banks have allowed payment and e-money institutions direct or indirect participation, subject to certain criteria. This has led to level playing field issues and further fragmented the payments market. As indirect access is the only option in systems like the TARGET Instant Payment System, it can create unintended effects and operational challenges, also in relation to compliance with requirements on anti-money laundering and combating the financing of terrorism. In turn, this may distort the level playing-field between banks and non-bank payment service providers.

3.Access to necessary technical infrastructures

The Commission believes that European payment service providers should be able to develop and offer to all European users, without undue restrictions, innovative payment solutions using all relevant technical infrastructures, under fair, reasonable and non-discriminatory terms and access conditions.

The Commission is aware of a variety of situations in which some operators might restrict or block access to necessary technical infrastructures. These may include a range of software and hardware elements that are necessary if innovative payment solutions are to be developed and offered, e.g. the non-public layers embedded in mobile device operating systems (including Near Field Communication antennae), biometric identity readers such as fingerprint or face recognition scanners, app stores, point of sale kernels 56 , SIM cards, etc. 57

The most commonly reported issue relates to some mobile device manufacturers restricting third party access to the Near Field Communication technology embedded in smart mobile devices. The Commission has recently launched competition proceedings to examine the conditions for access by third parties to the Near Field Communication technology of one mobile device manufacturer. 58  

Some European card schemes report that they have difficulties in accessing the contactless kernel in the point of sale terminals, which, for cross-border payments in Europe, is deployed by international card schemes. The European Card Payment Cooperation 59 is developing a proprietary kernel, but its rollout throughout the payment chain would, according to the industry, will take several years.

These restrictions could result in significant vulnerabilities for the European payments ecosystem, hindering competition, innovation and the emergence of pan-European payment solutions. At the same time, unilateral intervention at Member State level could lead to market fragmentation and distort the level playing field.

D.Pillar 4: Efficient international payments, including remittances

In Europe, regulation and industry efforts to achieve SEPA have drastically reduced the costs of transferring money over the last decade. However, payments across the EU’s external borders are slower, more costly, more opaque and more complex.

Global remittances have expanded almost six-fold since 2000, reaching an estimated USD 714 billion in 2019 62 . This rapid growth has been largely driven by flows to low and middle income countries, which account for three quarters of the total. Together, the EU, the United States and Saudi Arabia are by far the main source of remittance flows to low and middle income countries, accounting for about two thirds of the total.

For low and middle-income countries, remittance inflows are of high macroeconomic relevance, representing for many over 10% of their GDP. They also provide an essential financing lifeline for many recipient families and often act as an informal social safety net, enabling 800 million family members (for whom remittances represent on average about 75% of their income) to pay for food and for healthcare, education and other basic needs. As measured by the World Bank’s Remittance Prices Worldwide database, the global average cost of remittances is still close to 7%, whereas the international community has committed to reducing those costs to less than 3% by 2030. As a consequence of the Covid-19 pandemic, remittances are projected to fall by about 20% in 2020, as migrants face job losses and uncertainty.

The Commission’s objective is for cross-border payments involving non-EU countries, including remittances, to become faster, more affordable, more accessible, more transparent and more convenient. This will also encourage greater use of the euro and strengthen its position as a global currency.

The main frictions affecting international cross-border payments were recently identified in the Financial Stability Board’s (FSB) Stage 1 report on cross-border payments 63 . Taken together, these frictions create barriers for payment intermediaries seeking to provide cross-border services, can increase prices for end-users, dampen investment in modernising cross-border payment processes and also affect remittances.

The Commission believes that a mix of actions at global and jurisdiction-specific level is required. In line with the findings of the Committee on Payments and Market Infrastructures (CPMI) 64 , these can be broken down into EU-specific actions and actions to facilitate remittances.

All these actions could support the international role of the euro by enhancing the ability of citizens and companies to use the euro as a currency for person-to-person transfers, investment, financing, and trade flows.

IV. Conclusion

This strategy identifies key priorities and objectives for retail payments in Europe over the four years to come, based on extensive input from all stakeholders and taking in full consideration the outcome of the public consultation.

To achieve these objectives, the Commission is committing to a number of important actions. The Commission encourages all stakeholders, at national and EU level, to engage actively in the implementation of this strategy.

(1)

Commission’s Communication “Towards a stronger international role of the euro” from December 2018. https://ec.europa.eu/info/sites/info/files/com-2018-796-communication_en.pdf

(2)

According to the ECB, in 2018, cashless payments reached 91 billion transactions in the euro area and 112 billion in the EU while they were about 103 billion in 2017.

(3)

https://group.bnpparibas/en/press-release/major-eurozone-banks-start-implementation-phase-unified-payment-scheme-solution-european-payment-initiative-epi  

(4)

  https://ec.europa.eu/info/news/200702-european-payments-initiative_en  

and https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200702~214c52c76b.en.html

(5)

Such as P27 in the Nordic countries

(6)

E.g. the European Mobile Payment Systems Association (EMPSA)

(7)

The Euro Retail Payments Board (ERPB) is a high-level body chaired by the ECB, bringing together the supply and demand side of the European payments industry

(8)

  https://www.ecb.europa.eu/press/key/date/2019/html/ecb.sp191126~5230672c11.en.html

(9)

See footnote 1

(10)

  https://www.europeanpaymentscouncil.eu/what-we-do/sepa-instant-credit-transfer . For the euro area only the penetration rate currently amounts to 65.9%. The penetration rate of all SCT scheme participants is 56.1%.

(11)

Article 4(4) of Regulation (EU) No 260/2012

(12)

Mobile-initiated end-user solutions and instant payment solutions at the point of interaction

(13)

This includes for example the development of the ‘SEPA Proxy look-up’ and the ‘Request-to-Pay’ schemes, as well as functionalities such as ‘e-invoice presentment’ and ‘e-receipts’

(14)

  https://www.europeanpaymentscouncil.eu/what-we-do/other-schemes/sepa-proxy-lookup-scheme

(15)

Encompassing both physical point of sale and e-commerce

(16)

Quick Response

(17)

See section 3 under the Third Pillar for more details

(18)

  https://www.europeanpaymentscouncil.eu/what-we-do/other-sepa-payments/sepa-goes-mobile/ad-hoc-multi-stakeholder-group-mobile-initiated

(19)

See Section 1 of the Third Pillar of this Communication for more details

(20)

Such as the so-called ‘authorised push payments’ scams which, in the UK alone, resulted in £456 million (€504 million) of losses in 2019.

(21)

Directive (EU) 2015/2366

(22)

See Section 1 under Pillar 2

(23)

Directive 2014/59/EU

(24)

CPACE is being developed as a result of some European card schemes having difficulties in accessing the contactless kernel developed by international card schemes - see section 3 of pillar 3.

(25)

 E.g. inspired by initiatives contained in the Small Retailers Guide https://op.europa.eu/en/publication-detail/-/publication/d606c517-4445-11e8-a9f4-01aa75ed71a1/language-en

(26)

  https://ec.europa.eu/digital-single-market/en/digital-innovation-hubs

(27)

Verein für Konsumenteninformation v Deutsche Bahn (C-28/18, EU:C:2019:673 (5 Sept. 2019)

(28)

Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

(29)

Regulation (EU) 2018/1724 establishing a single digital gateway to provide information, procedures, assistance and problem solving services.

(30)

In 2018, the total number of non-cash payments in the Euro Area, comprising all types of payment services, increased by 7,9% compared with the previous year.

(31)

  https://www.ecb.europa.eu/pub/pdf/scpops/ecb.op201.en.pdf

(32)

According to the Riksbank, the proportion of those who paid for their most recent purchase in cash decreased from 39% in 2010 to 13% in 2018.

(33)

“Central Banks and payments in the digital era”, BIS, June 2020 https://www.bis.org/publ/arpdf/ar2020e3.pdf

(34)

According to the ECB study on the “Use of cash by households in the euro area” (ECB occasional paper no 201/November 2017) on average 5-6% of the surveyed participants in the euro area reported that it was (very) difficult to find an ATM or bank when needed.

(35)

On viral transmission see for instance https://www.ecb.europa.eu/press/blog/date/2020/html/ecb.blog200428~328d7ca065.en.html

(36)

BEUC, “Cash versus cashless: consumers need a right to use cash to use cash”, https://www.beuc.eu/publications/beuc-x-2019-052_cash_versus_cashless.pdf

(37)

World Bank, Global Findex 2017

(38)

For more information, see the Report from the Commission to the European Parliament and the Council on restrictions on payments in cash, COM(2018) 483 final.

(39)

For example. see the EBA Guidelines on the exemption from the fall back mechanism under the RTS on SCA and CSC: https://eba.europa.eu/eba-publishes-final-guidelines-on-the-exemption-from-the-fall-back-mechanism-under-the-rts-on-sca-and-csc  

(40)

 E.g. the EBA Opinion on obstacles to the provision of third party provider services under the Payment Services Directive: https://eba.europa.eu/eba-publishes-opinion-obstacles-provision-third-party-provider-services-under-payment-services   

(41)

 See https://eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/eba-working-group-on-apis-under-psd2

(42)

https://ec.europa.eu/info/sites/info/files/business_economy_euro/banking_and_finance/documents/190726-joint-statement-psd2_en.pdf  

(43)

  https://eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-major-incidents-reporting-under-psd2  

(44)

See https://dmarc.org/ . DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it is not.

(45)

Which is currently being reviewed in order to enhance the protection and resilience of critical infrastructures against non-cyber related threats.

(46)

  https://eba.europa.eu/eba-provides-clarity-banks-consumers-application-prudential-framework-light-covid-19-measures  

(47)

COMMISSION DELEGATED REGULATION (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication

(48)

Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7).

(49)

Article 3(j)

(50)

This assessment shall take into account, inter alia, the EBA guidelines on outsourcing (EBA/GL/2019/02), which apply to all regulated payment service providers.

(51)

Speech by B. Cœuré of 29 November 2019

https://www.ecb.europa.eu/press/key/date/2019/html/ecb.sp191126~5230672c11.en.html

(52)

  https://www.ecb.europa.eu/paym/intro/news/html/ecb.mipnews200724.en.html

(53)

TARGET2 is the real-time gross settlement (RTGS) system owned and operated by the Eurosystem.

(54)

TARGET Instant Payment Settlement (TIPS) is a market infrastructure service launched by the Eurosystem in November 2018. It enables payment service providers to offer fund transfers to their customers in real time and around the clock, every day of the year.

(55)

Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality in payment and securities settlement systems.

(56)

A kernel is a set of functions that provides the processing logic and data that is required to perform a contact or contactless transaction in the payment application of a point of sale terminal.

(57)

As identified by respondents to the public consultation preceding this strategy

(58)

Case AT.40452

(59)

  http://www.europeancardpaymentcooperation.eu/

(60)

 The Commission is currently reviewing the rules applicable to horizontal and vertical agreements, as well as the Market Definition Notice. Moreover, in June 2020 the Commission launched a public consultation in order to assess whether a New Competition Tool may be required in order to address structural competition problems that current competition rules cannot tackle in the most efficient manner. More information on these review processes can be found in the website for the Directorate General for Competition: https://ec.europa.eu/competition/consultations/open.html

(61)

  https://ec.europa.eu/digital-single-market/en/digital-services-act-package  

(62)

“Covid-19 Crisis through a migration lens”, Migration and Development Brief 32, Knomad, World Bank, April 2020

(63)

 Ibid

(64)

https://www.bis.org/cpmi/publ/d193.pdf

(65)

RT1 is a pan-European instant payment system owned and operated by EBA Clearing.

(66)

The so-called ‘one-leg transactions’ are those transactions where either the payee’s or the payer’s payment service provider is located outside of the Union.