Deadline Set for Banks To Meet New Payment Standards in Europe
Saturday, December 2, 2017
bank, psd2, ec

Related Practices & Jurisdictions
Print Mail Download i

The Payment Services Directive (PSD2) becomes effective in January 2018, and its regulatory technical standards (RTS) on strong customer authentication and common and secure open standards of communications are scheduled to be published in September 2019 in the Official Journal of the European Union. But the requirements of the RTS will now be considered actionable by European banks and service providers 18 months after the RTS are published. 

Under PSD2, simply providing a password or details shown on a credit card, will no longer suffice when making a payment in most situations. In certain cases, a code that is only valid for a given transaction will be needed, together with two independent elements—which could be a physical item, for example a mobile phone, as well as a password or a biometric feature, such as fingerprints—before making a payment.

Payment service providers may be exempted if they have developed ways of assessing the risks of transactions and can identify fraudulent transactions. Exemptions may also apply to contactless payments, transactions for small amounts and certain types of payments such as urban transport fares or parking fees.

The practice of third-party access without identification to payment account information, known as “screen scraping,” will also be banned under the new rules and replaced by new interfaces to be provided by banks. Payment service providers, including banks, will have to define transparent key performance indicators and service-level targets for such interfaces, and they will be expected to be “at least as stringent as those for the interface used for their payment service users.” The European Commission (EC) has stated that all communication interfaces, whether dedicated or not, will be subject to a “prototype” test for three months and a “live” test in market conditions for a further three months.

The EC is promoting the establishment of a market group—composed of representatives from banks, payment initiation and account information service providers—and payment service users to review the quality of bank interfaces for customer data sharing. Banks that fail to satisfy those requirements will have to provide contingency measures for third parties to gain unrestricted rights to “screen scrape” the bank account as provided for in PSD2. This compromise amendment has been welcomed by start-up campaigning groups.

The European Parliament and the Council now have three months to scrutinize the RTS before they become applicable under PSD2.

©2024 Katten Muchin Rosenman LLP

Current Legal Analysis

More from Katten

100% Pure, Natural False Advertising Litigation
by: Michael R. Justus
Court Dismisses Textile Greenwashing Class Action Against Nike
by: Christopher A. Cole
Supreme Court Rejects 'Pure Omissions' Liability Under Rule 10b-5
by: Sarah Eichenberger
Challenges to Advance Notice Bylaws Are Spiking
by: Jonathan Rotenberg
Q&A – FTC Rule Banning Non-Competes With Workers
by: Mark T. Ciani , Julie L. Gottshall
SEC Stays Climate Disclosure Regulations in Response to Consolidated Eighth Circuit Challenges
by: Farzad F. Damania , Ryan A. Lilley
UK HMT Publishes Policy Paper on its Approach to Designation of Critical Third Parties
by: Nathaniel W. Lalone , Ciara McBrien
UK FCA Publishes Guidance on Social Media Financial Promotions
by: Neil Robson , Carolyn H. Jackson
FCA Proposes ‘New’ Option for Investment Research Payments – Back to Bundled Payments?
by: Neil Robson , Sara Portillo
Tennessee Expands Right-of-Publicity Statute to Cover AI-Generated Deepfakes
by: Amelia E. Bruckner

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins