OPINION OF THE EUROPEAN CENTRAL BANK on a proposal for a directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC.
On 31 October 2013, the European Central Bank (ECB) received a request from the Council for an opinion on the proposal for a directive which aims to help further develop a Union-wide market for electronic payments.
The ECB strongly supports the objectives and the content of the proposed directive. In particular, it supports the proposal to extend the current list of payment services to include payment initiation services and account information services as a means to support innovation and competition in retail payments.
The ECB also welcomes the fact that: (a) harmonisation and improvement of operational and security requirements for payment service providers has been proposed; (b) the competent authorities’ enforcement powers are to be strengthened; and (c) certain provisions of the Payment Services Directive (PSD 2007).
The ECB makes the following observations:
Defined terms and expressions: the ECB suggests improving the defined terms and adding to the proposed Directive the definitions of ‘issuing of payment instruments’ and ‘acquiring of payment transactions’.
Scope: the proposed directive provides that, where only one of the payment service providers to a payments transaction is located within the Union, the provisions with regard to the credit value date and on transparency of conditions and information requirements for payment services shall apply to those parts of the transaction that are carried out in the Union.
To the extent possible, Title IV, which covers rights and obligations in relation to the provision and use of payment services, should also apply in such cases and should apply equally in respect of all currencies.
Safeguarding requirements: the ECB would propose that payment institutions should have an obligation to provide appropriate protection in the form of the safeguarding requirements for a payment service user’s funds, regardless of whether they are engaged in other business activities than payment services or not.
Single Authority: the ECB would welcome one single authority, which would be responsible for ensuring compliance with the directive. Furthermore, the ECB suggests that Europol be added as an additional authority with which the competent authorities for supervising payment services may exchange information.
Third party payment service providers (TPP): the ECB suggests, for security reasons, that TPPs should not be the cause for any waiver under Article 27 of the Directive.
Definition of “indirect participant”: the definition of ‘indirect participant’ in Directive 2009/44/EU does not currently cover payment institutions and, in order to ensure consistency and legal certainty, the ECB suggests amending the definition of ‘indirect participant’ in the Settlement Finality Directive to also cover payment service providers.
Authentication of clients: in order to combine security requirements and customer protection with the idea of open access to payment account services, the ECB suggests that customers are appropriately authenticated by relying on a strong customer authentication system. TPPs could ensure this through either redirecting the payer in a secure manner to their account servicing payment service provider or issuing their own personalised security features. Both options should form part of a standardised European interface for payment account access.
Furthermore, the ECB recommends that third party payment service providers should: (a) protect the personalised security features of payment service users they issue themselves; (b) authenticate themselves in an unequivocal manner vis-à-vis the account servicing payment service provider(s); (c) refrain from storing data obtained when accessing payment accounts, apart from information that identifies payments they initiate, such as reference number, payer’s and payee’s IBAN as well as the transaction amount; and (d) refrain from using data for any purposes other than those explicitly permitted by the payment service user.
Consumer protection: the consumer should have the right to instruct its account servicing payment service provider to establish specific positive or negative lists of TPPs.
Refunds: to comply with the provisions on the refund right, payment service providers would probably have to collect information about their customers’ purchases. The ECB suggests introducing, as a general rule, an unconditional refund right for a period of eight weeks for all consumer direct debits. For listed goods or services meant for immediate consumption, debtors and creditors could separately and explicitly agree that no refund rights should apply. The Commission could establish such a list by means of a delegated act.
Financial compensation: the financial compensation to be paid by the TPPs to the account servicing payment service provider in respect of unauthorised payment transactions does not correspond to compensation for non-execution, defective or late execution. The ECB would therefore suggest aligning these provisions with each other to ensure similar rules for compensation.
Security measures and reporting requirements: the EBA shall coordinate the sharing of information in the area of operational and security risks associated with payment services with the competent authorities under this Directive, the ECB, the competent authorities under the NIS Directive, and where relevant, with ENISA. Reporting requirements as regards operational and security risks should be defined and assessed by prudential supervisors and central banks.
The EBA should also develop guidelines addressed to competent authorities on complaint procedures that will assist in harmonising procedures.
Access and use of payment account information: separate provisions are provided on access and use of payment account information by TPPs and by third party payment instrument issuers, i.e. when a payment card is issued by a TPP. These services are not essentially different, so the ECB would suggest merging these provisions since the former regime on access and use of payment account information by the TPP could also apply mutatis mutandis to third party payment instrument issuers.