www.payment-services-directive-3.com Open in urlscan Pro
217.26.53.20  Public Scan

URL: https://www.payment-services-directive-3.com/
Submission: On July 22 via automatic, source certstream-suspicious — Scanned from CH

Form analysis 0 forms found in the DOM

Text Content

Toggle navigation
 * Index
 * PSD1
 * PSD2
 * PSD3
 * PSR
 * EFDS
 * FiDA
 * FISP
 * Links
 * DORA
 * Cyber Risk GmbH
 * Impressum




PAYMENT SERVICES DIRECTIVE 3 (PSD3), PAYMENT SERVICES REGULATION (PSR)


What is the Payment Services Directive 3 (PSD3) and the Payment Services
Regulation (PSR)?

On June 28, 2023, the European Commission published the proposal for a Third
Payment Services Directive (PSD3), and the proposal for the Payment Services
Regulation (PSR), to bring payments and the wider financial sector into the
digital age.

The new rules will improve consumer protection and competition in electronic
payments, and will empower consumers to share their data in a secure way so that
they can get a wider range of better and cheaper financial products and
services.

The payment services market has changed significantly in recent years.
Electronic payments in the EU have been constantly growing, reaching €240
trillion in value in 2021 (compared with €184.2 trillion in 2017). This trend
was accelerated by the COVID-19 pandemic.

New providers, enabled by digital technologies, have entered the market, in
particular providing ‘open banking' services – i.e. securely sharing financial
data between banks and financial technology firms (‘fintechs'). More
sophisticated types of fraud have also emerged, putting consumers at risk and
affecting trust.

In response to these developments, the Payment Services Directive 3 (PSD3) and
the Payment Services Regulation (PSR) make the EU's financial sector capable of
adapting to the ongoing digital transformation, and the risks and opportunities
it presents.

The proposed measures:

1. Combat and mitigate payment fraud, by enabling payment service providers to
share fraud-related information between themselves, increasing consumers'
awareness, strengthening customer authentication rules, extending refund rights
of consumers who fall victim to fraud and making a system for checking alignment
of payees' IBAN numbers with their account names mandatory for all credit
transfers.

2. Improve consumer rights, in cases for example where their funds are
temporarily blocked, improve transparency on their account statements and
provide more transparent information on ATM charges.

3. Further level the playing field between banks and non-banks, in particular by
allowing non-bank payment service providers access to all EU payment systems,
with appropriate safeguards, and securing those providers' rights to a bank
account.

4. Improve the functioning of open banking, by removing remaining obstacles to
providing open banking services and improving customers' control over their
payment data, enabling new innovative services to enter the market.

5. Improve the availability of cash in shops and via ATMs, by allowing retailers
to provide cash services to customers without requiring a purchase and
clarifying the rules for independent ATM operators.

6. Strengthen harmonisation and enforcement, by enacting most payment rules in a
directly applicable regulation and reinforcing provisions on implementation and
penalties.

The proposed measures ensure consumers can safely and securely make electronic
payments and transactions in the EU, domestically or cross-border, in euro and
non-euro. Whilst safeguarding the rights of customers, it also aims to provide
greater choice of payment service providers on the market.

--------------------------------------------------------------------------------

Understanding the Payment Services Directive 3 (PSD3).

The first Payment Services Directive (PSD1), adopted in 2007, established a
harmonised legal framework for the creation of an integrated EU payments market.

The second Payment Services Directive (PSD2), adopted in 2015, sets out the
rules for all retail payments in the EU, euro and non-euro, domestic and
cross-border. PSD2 addressed barriers to new types of payment services and
improved the level of consumer protection and security.

PSD2 aimed to:

- ensure a level playing field between incumbent and new providers of card,
internet and mobile payments;

- increase the efficiency, transparency and choice of payment instruments for
payment service users (consumers and merchants);

- facilitate the provision of card, internet and mobile payment services across
borders within the EU;

- help innovative payment services to reach a broader market; and

- ensure a high-level protection for payment service users across all Member
States.

The Commission was required to evaluate the PSD2, in particular on charges,
scope, thresholds and access to payment systems. The evaluation took place in
2022, including advice from the European Banking Authority (EBA), a general and
targeted public consultation, and a report from an independent consultant.
Following the evaluation the Commission decided to propose amendments to PSD2,
accompanied by an impact assessment.

The evaluation found that there was an unlevel playing field between payment
service providers, due partly to the lack of direct access by non-bank Payment
Service Providers (PSPs) to certain key systems that are necessary to finalise
payments.

Open banking (i.e. the secure sharing of financial data between banks and
third-party service providers) was a major innovation of PSD2. In spite of the
emergence of many new non-bank providers on the market offering open banking
services, there has been mixed success in its uptake.

Obstacles to data access by account information service providers (services
which collect and consolidate information on the different bank accounts of a
consumer in a single place) and payment initiation service providers (services
which establish a payment link between the payer and the online merchant) still
remain. While cross-border provision of payment services is increasing, many
payment systems (especially debit card systems) remain largely national.

The amendments represent an evolution of the EU payments framework, and will
improve the functioning of EU payment markets by:

- strengthening measures to combat payment fraud;

- allowing non-bank payment service providers (PSPs) access to all EU payment
systems, with appropriate safeguards, and giving them a right to have a bank
account;

- improving the functioning of open banking, especially as regards the
performance of data interfaces, removing obstacles to open banking services and
consumer control over their data access permissions;

- reinforcing the enforcement powers of national competent authorities and
facilitating implementation of the rules clarifying various elements;

- further improving consumer information and rights;

- improving the availability of cash;

- merging the legal frameworks applicable to electronic money and to payment
services.

--------------------------------------------------------------------------------

Understanding the Payment Services Regulation (PSR).

The evaluation of the PSD2 identified problems regarding divergent
implementation and enforcement of the PSD2 which directly impact competition
between payment service providers, by creating different regulatory conditions
in different Member States, encouraging regulatory arbitrage.

There should be no room for ‘forum shopping’ where payment services providers
would choose, as ‘home country’, those Member States where the application of
Union rules on payment services is more advantageous for them and provide
cross-border services in other Member States which apply stricter interpretation
of the rules or apply more active enforcement policies to payment service
providers established there. That practice distorts competition.

The Union rules on payment services should therefore be further harmonised, by
incorporating rules governing the conduct of the payment services activity,
including the rights and obligations of the parties involved, in a Regulation.

Such rules, excluding the rules on authorisation and supervision of payment
institutions, which should remain in a Directive, should be clarified and more
detailed, thus minimising margins of interpretation.

To further improve access to cash, which is a priority of the Commission,
merchants should be allowed to offer, in physical shops, cash provision services
even in the absence of a purchase by a customer, without having to obtain a
payment service provider authorisation or being an agent of a payment
institution.

Those cash provision services should, however, be subject to the obligation to
disclose fees charged to the customer, if any. These services should be provided
by retailers on a voluntary basis and should depend on the availability of cash
by the retailer.

Fraud in credit transfers is inherently adaptive and comprises an open-ended
diversity of practices and techniques, including the stealing of authentication
credentials, invoice tampering, and social manipulation.

Therefore, to be able to prevent ever new types of fraud, transaction monitoring
should be constantly improved, making full use of technology such as artificial
intelligence. Often one payment service provider does not have the full picture
about all elements that could lead to timely fraud detection.

However, it can be made more effective with a greater amount of information on
potentially fraudulent activity stemming from other payment service providers.
Therefore, sharing of all relevant information between payment service providers
should be possible.

To better detect fraudulent payment transactions and protect their customers,
payment services providers should, for the purpose of transaction monitoring,
make use of payment fraud data shared by other payment services providers on a
multilateral basis such as dedicated IT platforms based on information sharing
arrangements.

To improve the protection of payers against fraud in credit transfers, payment
service providers should be able to rely on information as comprehensive and up
to date as possible, namely by collectively using information concerning unique
identifiers, manipulation techniques and other circumstances associated with
fraudulent credit transfers identified individually by each payment services
provider.


According to Article 1 (subject matter) of the proposed Payment Services
Regulation (PSR):

1. This Regulation lays down uniform requirements on the provision of payment
services and electronic money services, as regards:

(a) the transparency of conditions and information requirements for payment
services and electronic money services;

(b) the respective rights and obligations of payment and electronic money
service users, and of payment and electronic money service providers in relation
to the provision of payment services and electronic money services.

2. Unless specified otherwise, any reference to payment services shall be
understood in this Regulation as meaning payment and electronic money services.

3. Unless specified otherwise, any reference to payment service providers shall
be understood in this Regulation as meaning payment service providers and
electronic money service providers.


According to Article 2 (scope):

1. This Regulation applies to payment services provided within the Union by the
following categories of payment service providers:

(a) credit institutions, including branches thereof where such branches are
located in the Union, whether the head offices of those are located within the
Union or outside the Union;

(b) post office giro institutions which are entitled under national law to
provide payment services;

(c) payment institutions;

(d) the ECB and national central banks when not acting in their capacity as
monetary authority or other public authorities;

(e) Member States or their regional or local authorities when not acting in
their capacity as public authorities.


According to Article 31 (access to payment systems):

1. Payment system operators shall have in place objective non-discriminatory,
transparent and proportionate rules on access to a payment system by authorised
or registered payment service providers that are legal persons.

Payment system operators shall not inhibit access to a payment system more than
is necessary to safeguard against specific risks, including where applicable
settlement risk, operational risk, credit risk, liquidity risk and business risk
or more than is necessary to protect the financial and operational stability of
the payment system.

2. A payment system operator shall make publicly available its rules and
procedures for admission to participation to that payment system and the
criteria and methodology it uses for risk assessment of applicants for
participation.

3. Upon receiving an application for participation by a payment service
provider, a payment system operator shall assess the relevant risks of granting
the applicant payment service provider access to the system.

A payment system operator shall only refuse participation to an applicant
payment service provider where the applicant poses risks to the system, as
referred to in paragraph 1. The payment system operator shall notify that
applicant payment service provider in writing whether the request for
participation is granted or refused and shall provide full reasons for any
refusal.

4. Paragraphs 1, 2 and 3 shall not apply to payment systems composed exclusively
of payment service providers belonging to the same group.

5. Payment system operators shall not have in place any of the following
requirements:

(a) restrictive rules on effective membership in other payment systems;

(b) rules which discriminate between authorised payment service providers or
between registered payment service providers in relation to the rights,
obligations and entitlements of members;

(c) restrictions on the basis of institutional status.

6. A participant of a payment system that allows an authorised or registered
payment service provider that is not a participant of the payment system to pass
transfer orders through that payment system shall, when requested, give the same
possibility to other authorised or registered payment service providers in an
objective, proportionate, transparent and non-discriminatory manner. In case of
a rejection of such request, the participant of a payment system shall provide
any requesting payment service provider with full reasons for such rejection.

7. For payment systems that are not covered by Eurosystem oversight, pursuant to
Regulation (EU) No 795/2014, Member States shall designate a competent authority
responsible for oversight of payment systems to ensure enforcement of paragraphs
1 2, 3, 5 and 6 by payment systems governed by their national law.

--------------------------------------------------------------------------------


CYBER RISK GMBH, SOME OF OUR CLIENTS