Activities of Ondřej KOVAŘÍK related to 2023/0210(COD)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on payment services in the internal market and amending Regulation (EU) No 1093/2010
Amendments (90)
Amendment 99 #
Proposal for a regulation
Recital 29
Recital 29
(29) Regulation (EU) 2023/1114 of 31 May 2023 on markets in crypto-assets lays down that electronic-money tokens shall be deemed to be electronic money. Electronic money tokens are therefore included, as for the purposes of that regulation. To avoid duplicative requirements it is important that the provisions under this Regulation clearly set out where electronic -money, in the definit tokens should be subject to the provisions of funds in this Regulation.
Amendment 103 #
Proposal for a regulation
Recital 45
Recital 45
(45) To be able to make an informed choice payment service users should be able to compare Automatic Teller Machine (ATM) charges with those of other providers. TAs a general principle, domestic ATMs which are not considered as ATM deployers not servicing payment accounts should not charge any fees for withdrawals of cash to consumers. In addition, to increase the transparency of ATM charges for the payment service user payment service providers should provide payment service users with information on all applicable charges for domesticat the initiation of a transaction for Union ATM withdrawals in different situations, depending on the ATM from which the payment service users withdraw cash.
Amendment 104 #
Proposal for a regulation
Recital 50
Recital 50
(50) To achieve comparability, the estimated currency conversion charges for credit transfers and remittances carried out within the Union and from the Union to a third country should be expressed in the same way, namely as a percentage mark-up over the latest available euroapplicable foreign exchange reference rates issued by the European Crelevant central Bbank (ECB), and the resultant currency conversion charge shown as a monetary amount in the currency used by the customer to initiate the currency conversion. When reference is made to ‘charges’ in this Regulation, it should also cover, where applicable, ‘currency conversion’ charges.
Amendment 106 #
Proposal for a regulation
Recital 52
Recital 52
(52) A surcharge is a charge by merchants to consumers that is added on top of the requested price for goods and services when a certain payment method is used by the consumer. One of the reasons for surcharging is to direct consumers to cheaper or more efficient payment instruments, hence fostering competition between alternative payment methods. Under the regime introduced by Directive (EU) 2015/2366, payees were prevented from requesting charges for the use of payment instruments for which interchange fees are regulated under Chapter II of Regulation (EU) 2015/751, i.e. for consumer debit and credit cards issued under four-party card schemes, and for those payment services to which Regulation (EU) No 260/2012 of the European Parliament and of the Council45 applies, i.e. credit transfer and direct debit transactions denominated in euro within the Union. Member States were allowed under Directive (EU) 2015/2366 to further prohibit or limit the right of the payee to request charges, taking into account the need to encourage competition and promote the use of efficient payment instruments. It is necessary to harmonise this approach to foster a level playing field in the Union, and therefore to enact a full ban on surcharging across the Union. __________________ 45 Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 (OJ L 94, 30.3.2012, p. 22).
Amendment 109 #
Proposal for a regulation
Recital 53
Recital 53
(53) Evidence gathered during the review of Directive (EU) 2015/2366 shows that the current rules on charges are appropriate and had a positive impact. There is no compellingThere is a need for further alignment of charging practices between Member States, as the existing surcharging ban already applies to a very large share ofdoes not apply uniformly to all payments in the Union. It is estimated that 95% of card payments are subject to the existing surcharging ban. In addition, wWhen a surcharge is applied, it is capped at the actual cost incurred by the merchant. However, iIn its review of Directive (EU) 2015/2366, the Commission identified different interpretations concerning the payment instruments covered by the surcharging ban. It is therefore necessary to explicitly extend the surcharging ban to all payment instruments, including credit transfers and direct debits, and not just to those covered by Regulation (EU) No 260/2012, as was the case under Directive (EU) 2015/2366.
Amendment 111 #
Proposal for a regulation
Recital 57
Recital 57
(57) To guarantee a high level of security in data access and exchange, access to payment accounts and the data therein should, barring specific circumstances, be provided to account information and payment initiation service providers via an interface designed and dedicated for ‘open banking’ purposes, such as an API. To that end, the account servicing payment service provider should set up a secure communication with account information and payment initiation service providers. To avoid any uncertainty as to who is accessing the payment service user’s data, the dedicated interface should enable account information and payment initiation service providers to identify themselves to the account servicing payment service provider, and to rely on all the authentication procedures provided by the account servicing payment service provider to the payment service user. Account information and payment initiation service providers should as a general rule use the interface dedicated for their access and therefore should not use the customer interface of an account servicing payment service provider for the purpose of data access, except in cases of failure or unavailability of the dedicated interface in the conditions laid down in this Regulation. In such circumstances their business continuity would be endangered by their incapacity to access the data for which they have been granted a permission. It is indispensable that account information and payment initiation service providers be at all times able to access the data indispensable for them to service their clients.
Amendment 114 #
Proposal for a regulation
Recital 70
Recital 70
(70) Security of credit transfers is fundamental for increasing the confidence of payment service users in such services and ensuring their use. Payers intending to send a credit transfer to a given payee may, as a result of fraud or error, provide a unique identifier which does not correspond to an account held by that payee. To contribute to the reduction of fraud and errors, payment service users should benefit from a service which would verify whether there is any discrepancy between the unique identifier of the payee and the name, ofr other identifier such as a fiscal number, a European unique identifier as referred to in Article 16(1), second subparagraph, of Directive (EU) 2017/1132, or an LEI, that unambiguously identify the payee, provided by the payer and, should any such discrepancies be detected, notify the payer thereof. Such services, in the countries where they exist, have had a substantial positive impact on the level of fraud and errors. Given the importance of that service for the prevention of fraud and errors, such service should be available free of charge to consumers. To avoid undue frictions or delays in the processing of the transaction, the payment service provider of the payer should provide such notification within no more than a few seconds from the moment the payer has entered the payee information. To enable the payer to decide whether to proceed with the intended transaction, the payment service provider of the payer should provide such notification before the payer authorises the transaction. Certain credit transfer initiation solutions may be available to payers allowing them to place a payment order without inserting themselves the unique identifier. Instead, such data elements are provided by the provider of that initiation solution. In such cases, there is no need for a service verifying the match between the unique identifier and the name of the payee since the risk of fraud or errors is significantly reduced.
Amendment 115 #
Proposal for a regulation
Recital 71
Recital 71
(71) Regulation (EU) XXX amending Regulation (EU) No 260/2012 provides for a service verifying the match between the unique identifier and the name or other identifier of the payee to be offered to users of instant credit transfers in euro. To achieve a coherent framework for all credit transfers whilst avoiding any undue overlap, the verification service referred to in the present Regulation should only apply to credit transfers which are not covered by Regulation (EU) XXX amending Regulation (EU) No 260/2012.
Amendment 117 #
Proposal for a regulation
Recital 78
Recital 78
(78) Liability provisions in the case of authorised credit transfers where there was an incorrect application or malfunctioning of the service detecting discrepancies between the name or other identifier and unique identifier of a payee would create the right incentives for payment service providers to provide a fully functioning service, with the aim of reducing the risk of ill-informed payment authorisations. If the payer decided to make use of such a service, the payment service provider of the payer should be held liable for the full amount of the credit transfer in cases where that payment service provider failed, whereas it should have done so if properly functioning, to notify the payer of a discrepancy between the unique identifier and the name of the payee provided by the payer and such failure caused a financial damage to the payer. Where the liability of the payment service provider of the payer is attributable to the payment service provider of the payee, the payment service provider of the payee should compensate the payment service provider of the payer for the financial damage incurred.
Amendment 119 #
Proposal for a regulation
Recital 79
Recital 79
(79) Consumers should be adequately protected in the context of certain fraudulent payment transactions that they have authorised without knowing these transactions were fraudulent. The number of ‘social engineering’ cases where consumers are misled into authorising a payment transaction to a fraudster has significantly increased in recent years. ‘Spoofing’ cases where fraudsters pretend to be employees of a customer's payment service provider, or a relevant entity which could reasonably be linked to a trusted source of the customer, such as a central bank or government authority, and misuse the payment service provider's name, mail address or telephone number to gain the customers’ trust and trick them into carrying-out some actions, are unfortunately becoming more widespread in the Union. Those new types of ‘spoofing’ fraud are blurring the difference that existed in Directive (EU) 2015/2366 between authorised and unauthorised transactions. Means through which the consent may be assumed to be granted are also becoming more complex to identify, as fraudsters can take control of the whole consent and authentication process including of the strong customer authentication completion. The conditions under which the customer authorised a transaction by giving his or her permission to it should be taken into due consideration, including by courts, to qualify a transaction as being authorised or unauthorised. A transaction may indeed have been authorised in circumstances where such authorisation was granted on manipulated premises affecting the integrity of the permission. It is therefore no longer possible, as was the case in Directive (EU) 2015/2366, to limit refunds to unauthorised transactions only. It would however be disproportionate and financially very costly to payment services providers to open every fraudulent transaction, authorised or unauthorised, to a systematic refund right. It might also cause moral hazard and a reduction in the customer’s vigilance.
Amendment 122 #
Proposal for a regulation
Recital 81
Recital 81
(81) Given their obligations to safeguard the security of their services in accordance with Directive 2002/58/EC of the European Parliament and of the Council49 , electronic communications services providers have the capacity to contribute to the collective fight against ‘spoofing’ fraud. Therefore, and without prejudice to the obligations laid down in national law implementing that Directive, electronic communications services providers should also, where relevant, have the same level of liability as payment service providers, and cooperate with payment service providers with a view to preventing further occurrences of that type of fraud, including by acting promptly to ensure that appropriate organizational and technical measures are in place to safeguard the security and confidentiality of communications in accordance with Directive 2002/58/EC. Any claim by a payment service providerfor fraud against other providers, such as electronic communications services providers or online platforms, for financial damage caused in the context of this type of fraud should be made in accordance with national lawthis Regulation. __________________ 49 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (OJ L 201, 31.7.2002, p.37).
Amendment 124 #
Proposal for a regulation
Recital 81 a (new)
Recital 81 a (new)
(81 a) Online platforms can also contribute to increasing instances of fraud. Therefore, and without prejudice to their obligations under Regulation (EU) 2022/2065, they should be held liable where fraud has arisen as a direct result of fraudsters using their platform to defraud consumers.
Amendment 128 #
Proposal for a regulation
Recital 82
Recital 82
(82) To assess possible negligence or gross negligence on the part of the payment service user, account should be taken of all circumstances. The evidence and degree of alleged negligence should generally be evaluated according to national law. However, while the concept of negligence implies a breach of a duty of care, ‘gross negligence’ should mean more than mere negligence, involving conduct exhibiting a significant degree of carelessness; for example, keeping the credentials used to authorise a payment transaction beside the payment instrument in a format that is open and easily detectable by third parties. The fact that a consumer has already received a refund from a payment service provider after having fallen victim of a trusted institution employee impersonation fraud, for example bank employee impersonation fraud, and is introducing another refund claim to the same payment service provider after having been again victim of the same type of fraud could be considered as ‘gross negligence’ as that might indicate a high level of carelessness from the user who should have been more vigilant after having already be victim of the same fraudulent modus operandi.
Amendment 129 #
Proposal for a regulation
Recital 82 a (new)
Recital 82 a (new)
(82 a) Considering the difference in interpretation across the Union of the term 'gross negligence', the EBA should issue guidelines for Member States on how to define the term.
Amendment 130 #
Proposal for a regulation
Recital 98
Recital 98
(98) As acknowledged in the Communication from the Commission on a Retail Payments Strategy for the EU, the good functioning of EU payments markets is of substantial public interest. Therefore, when it is necessary in the context of this Regulation for the provision of payment services and for the compliance with this Regulation, payment service providers and payment system operators should be able to process special categories of personal data as defined in Article 9(1) of Regulation (EU) 2016/679 and Article 10(1) of Regulation (EU) 2018/1725. Where special categories of personal data are processed, payment service providers and payment system operators should implement appropriate technical and organisational measures to safeguard the fundamental rights and freedoms of natural persons. Those measures should include technical limitations on the re-use of data and the use of state-of-the-art security and privacy-preserving measures, including, but not limited to, pseudonymisation, or encryption to ensure compliance with the principles of purpose limitation, data minimisation and storage limitation, as laid down in Regulation (EU) 2016/679. The payment service providers and payment systems should also implement specific organisation measures, including training on processing such data, limiting access to special categories of data and recording such access.
Amendment 135 #
Proposal for a regulation
Recital 104
Recital 104
Amendment 137 #
Proposal for a regulation
Recital 107 a (new)
Recital 107 a (new)
(107 a)In order for consumers to benefit from continued strong SCA, and that it remains an effective tool in the fight against fraud in electronic payments, it is appropriate that the application of SCA be risk-based and outcome-focused. In turn, the rules on SCA should provide sufficient flexibility for innovation within the payments sector, including in the development of new SCA solutions.
Amendment 140 #
Proposal for a regulation
Recital 109 a (new)
Recital 109 a (new)
(109 a)In the context of business to business (B2B) or business to government (B2G) payments, SCA should be appropriate to the risk level of such transactions, taking into account in particular the already existing controls and checks that exist among these operators. In order to reduce administrative burden, SCA should not be required for every transaction in these scenarios, and should be adapted to a risk-based approach.
Amendment 141 #
Proposal for a regulation
Recital 115
Recital 115
(115) Under the exemption from SCA under Article 18 of Delegated Regulation (EU) 2018/389, payment service providers were allowed not to apply SCA where the payer initiated a remote electronic payment transaction identified by the payment service provider as posing a low level of risk evaluated on the basis of transaction monitoring mechanisms. Feedback from the market showed however that, in order to have more payment service providers implementing transaction risk analysis, it is necessary to adopt appropriate rules on the scope of transaction risk analysis, introducing clear audit requirements, providing more detail and better definitions on risk monitoring requirements and data to share, and to assess the potential benefits of allowing payment service providers to report fraudulent transactions for which they are solely liable. The EBA should develop draft Regulatory Technical Standards laying down rules on transaction risk analysis. In order to increase the use of this exemption, the draft RTS should consider additional thresholds for the transaction risk analysis exemption. Furthermore, they should consider whether it is necessary to clarify whether payment service providers should count liability only towards the payer in their fraud rates.
Amendment 146 #
Proposal for a regulation
Recital 140
Recital 140
(140) The EBA should, in line with Article 9(5) of Regulation (EU) No 1093/2010, be granted product intervention powers to be able to temporarily prohibit or restrict in the Union certain type or a specific feature of a payment service or an electronic money service which is identified as potentially causing harm to consumers, threatening the orderly functioning and integrity of financial markets. Regulation (EU) No 1093/2010 should therefore be amended accordingly. Before exerting this power, the EBA should ensure that it has consulted with payment service providers or third-party providers.
Amendment 149 #
Proposal for a regulation
Article 2 – paragraph 2 – point h a (new)
Article 2 – paragraph 2 – point h a (new)
(h a) payment transactions using electronic money tokens as defined in Article 3 of Regulation (EU) 2023/1114, where the payment service provider has already been authorised as a crypto-asset service provider in a Member State of the European Union for those services under Title V of that Regulation.
Amendment 178 #
Proposal for a regulation
Article 3 – paragraph 1 – point 30
Article 3 – paragraph 1 – point 30
(30) ‘funds’ means central bank money issued for retail use, scriptural money and electronic money tokens;
Amendment 186 #
Proposal for a regulation
Article 3 – paragraph 1 – point 39
Article 3 – paragraph 1 – point 39
(39) ‘unique identifier’ means a combination of letters, numbers or symbols specified by the payment service provider, or a uniquely linked proxy thereof, to the payment service user and to be provided by the payment service user to identify unambiguously another payment service user or the payment account of that other payment service user for a payment transaction;
Amendment 191 #
Proposal for a regulation
Article 3 – paragraph 1 – point 52
Article 3 – paragraph 1 – point 52
(52) ‘electronic money services’ means the issuance of electronic money tokens, the maintenance of payment accounts storing electronic money units, and the transfer of electronic money units;
Amendment 195 #
Proposal for a regulation
Article 3 – paragraph 1 – point 55
Article 3 – paragraph 1 – point 55
(55) ‘payment institution providing electronic money services’ means a payment institution which provides the services of issuance of electronic money tokens, maintenance of payment accounts storing electronic money units, and transfer of electronic money units, whether or not it also provides any of the services referred to in Annex I.
Amendment 203 #
Proposal for a regulation
Article 5 – paragraph 2
Article 5 – paragraph 2
2. Where a currency conversion service is offered prior to the initiation of the payment transaction and where that currency conversion service is offered at an ATM, at the point of sale or by the payee, the party offering the currency conversion service to the payer shall disclose to the payer all charges and the exchange rate to be used for converting the payment transaction prior to the authorisation of the payment transaction by the payer.
Amendment 209 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
Natural or legal persons providing cash withdrawal services as referred to in Article 38 of Directive (EU) [PSD3] shall provide or make available to their customers information on any charges before the customer carries out theat the moment of initiatiation of the provision of withdrawal services as well as upon receipt of the cash when the transaction is completed.
Amendment 211 #
Proposal for a regulation
Article 10 – paragraph 1 – introductory part
Article 10 – paragraph 1 – introductory part
In cases of payment instruments which, according to the relevant framework contract, concern only individual payment transactions that do not exceed EUR 5100 or that either have a spending limit of EUR 20250 or store funds that do not exceed EUR 2050 at any time:
Amendment 215 #
Proposal for a regulation
Article 13 – paragraph 1 – introductory part
Article 13 – paragraph 1 – introductory part
1. Payment service providers shall provide or make available to payment service users at least the following information and conditions:
Amendment 217 #
Proposal for a regulation
Article 13 – paragraph 1 – point f
Article 13 – paragraph 1 – point f
(f) where applicable, the estimated charges for currency conversion in relation to credit transfers and money remittance transactions, expressed as a percentage mark-up over the latest available applicable foreign exchange reference rate issued by the relevant central bank. These charges shall be displayed no later than the moment the payer authorises the payment transaction;
Amendment 223 #
Proposal for a regulation
Article 20 – paragraph 1 – point c – point ii – introductory part
Article 20 – paragraph 1 – point c – point ii – introductory part
(ii) all charges, if any, for domestic,Union automated teller machines (ATMs) withdrawals payable by payment service users to their payment service provider at an ATM of:
Amendment 224 #
Proposal for a regulation
Article 20 – paragraph 1 – point c – point ii – point 2
Article 20 – paragraph 1 – point c – point ii – point 2
Amendment 225 #
Proposal for a regulation
Article 20 – paragraph 1 – point c – point v
Article 20 – paragraph 1 – point c – point v
(v) where applicable, the estimated charges for currency conversion services in relation to a credit transfer expressed as a total amount and a percentage mark-up over the latest available applicable foreign exchange reference rate issued by the relevant central bank. These charges shall be clearly displayed before the final execution of the transaction by the payer and shall be displayed in the home currency of the payer in addition to the percentage mark-up;
Amendment 235 #
Proposal for a regulation
Article 24 – paragraph 1 – point b
Article 24 – paragraph 1 – point b
(b) the charges payable by the payer expressed in the currency of the payment and if applicable the percentage mark up on any applicable exchange rates as compared to the mid-market rate of the central bank of issue;
Amendment 236 #
Proposal for a regulation
Article 24 – paragraph 1 – point c
Article 24 – paragraph 1 – point c
(c) where applicable, a breakdown of the amounts of any charges before the payer executes the payment.
Amendment 243 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
3. The payee shall not request charges for the use of any payment instruments, including those for which interchange fees are regulated under Chapter II of Regulation (EU) 2015/751 and for credit transfers, including instant credit transfers, and direct debit transactions within the Union.
Amendment 247 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
4. Member States mayshall extend the prohibition or limit the right of the payee to request charges for the use of all payment instruments other than the ones referred to in paragraph 3, taking into account the need to encourage competition and promote the use of efficient payment instruments.
Amendment 249 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
5. Without prejudice to paragraphs 3 and 4 and for instruments not covered in those paragraphs, the payment service provider shall not prevent the payee from requesting from the payer a charge, offering himoffering the payer a reduction or otherwise steering the payer towards the use of a given payment instrument. Any charges applied shall not exceed the direct costs borne by the payee for the use of the specific payment instrument.
Amendment 252 #
Proposal for a regulation
Article 29 – paragraph 1 – introductory part
Article 29 – paragraph 1 – introductory part
1. In the case of payment instruments which, according to the framework contract, solely concern individual payment transactions not exceeding EUR 5100 or which either have a spending limit of EUR 2050, or store funds which do not exceed EUR 2050 at any time, payment service providers may agree with their payment service users that:
Amendment 280 #
Proposal for a regulation
Article 35 – title
Article 35 – title
Provision of dedicated access interfaces
Amendment 281 #
Proposal for a regulation
Article 35 – paragraph 1
Article 35 – paragraph 1
1. Account servicing payment service providers that offer to a payer a payment account that is accessible online shall have in place at least one dedicatedmachine to machine interface for the purpose of data exchange with account information and payment initiation service providers.
Amendment 282 #
Proposal for a regulation
Article 35 – paragraph 2
Article 35 – paragraph 2
2. Without prejudice to Articles 38 and 39, account servicing payment service providers that offer to a payer a payment account that is accessible online and have put in place a dedicatedn interface as referred to in paragraph 1 of this Article, shall not be obliged to also maintain permanently another interface as fall-back for the purpose of data exchange with account information and payment initiation service providers, but shall always permit access to interfaces which allow business continuity for those providers.
Amendment 283 #
Proposal for a regulation
Article 35 – paragraph 3
Article 35 – paragraph 3
3. Account servicing payment service providers shall ensure that their dedicated interfaces referred to in paragraph 1 use standards of communication which are issued by European or international standardisation organisations including the European Committee for Standardization (CEN) or the International Organization for Standardization (ISO). Account servicing payment service providers shall also ensure that the technical specifications of any of the dedicated interfaces referred to in paragraph 1 are documented specifying a set of routines, protocols and tools needed by payment initiation service providers and account information service providers for allowing their software and applications to interoperate with the systems of the account servicing payment service provider. Account servicing payment service providers shall make the documentation on technical specifications of their dedicated interfaces referred to in paragraph 1 available, at no charge and without delay, upon request by authorised payment initiation service providers, account information service providers or by payment service providers that have applied to their competent authorities for the relevant authorisation and shall make a summary of that documentation publicly available on their website.
Amendment 285 #
Proposal for a regulation
Article 36 – title
Article 36 – title
Requirements regarding dedicated data access interfaces
Amendment 288 #
Proposal for a regulation
Article 36 – paragraph 1 – point c
Article 36 – paragraph 1 – point c
(c) the response time of the dedicated interface to account information service providers’ and payment initiation service providers’ access requests shall not be longer than the response time of all of the interfaces that the account servicing payment service provider makes available to its payment service users for directly accessing their payment account online.
Amendment 289 #
Proposal for a regulation
Article 36 – paragraph 2 – introductory part
Article 36 – paragraph 2 – introductory part
2. Account servicing payment service providers shall ensure that the dedicated interface referred to in Article 35(1) allows both account information service providers and payment initiation service providers to:
Amendment 290 #
Proposal for a regulation
Article 36 – paragraph 2 – point d
Article 36 – paragraph 2 – point d
(d) see, prior to initiation of the payment in the case of payment initiation service providers, at least, the unique identifier of the account, the associated names or other identifiers of the account holder and the currencies and the account balance as available to the payment service user.
Amendment 291 #
Proposal for a regulation
Article 36 – paragraph 3
Article 36 – paragraph 3
3. Account servicing payment service providers shall allow account information service providers to communicate securely, via the dedicated interface, to request and receive information on one or more designated payment accounts and associated payment transactions.
Amendment 292 #
Proposal for a regulation
Article 36 – paragraph 4 – point h a (new)
Article 36 – paragraph 4 – point h a (new)
(h a) in the case where the account servicing payment service provider offers multiple authentication options, have the choice to decide which authentication method should be presented to the payer, taking into account the least cumbersome choice for the payer.
Amendment 294 #
Proposal for a regulation
Article 36 – paragraph 5 – subparagraph 1 – point b
Article 36 – paragraph 5 – subparagraph 1 – point b
(b) the confirmation from the account servicing payment service provider as soon as possible, and not longer than 20 seconds after the authorisation by the payer, that the payment has been or will be executed on the basis of the information available to the account servicing payment service provider, taking into account any pre-existing payment orders that might affect the full execution of the payment order being placed.
Amendment 295 #
Proposal for a regulation
Article 36 – paragraph 5 – subparagraph 2 a (new)
Article 36 – paragraph 5 – subparagraph 2 a (new)
Where the account servicing payment service provider carries out any controls which may impact the execution of the payment, these controls shall take place prior to the confirmation of payment.
Amendment 306 #
Proposal for a regulation
Article 38
Article 38
Amendment 309 #
Proposal for a regulation
Article 39 – title
Article 39 – title
Derogation from having a dedicatedn interface for data access
Amendment 311 #
Proposal for a regulation
Article 39 – paragraph 2 – subparagraph 1
Article 39 – paragraph 2 – subparagraph 1
The EBA shall develop draft regulatory technical standards which shall specify the criteria on the basis of which, in accordance with paragraph 1, an account servicing payment service provider may be exempted from the obligation to have in place a dedicatedn interface and be allowed either to provide, as interface for secure data exchange with account information service providers and payment initiation service providers, the interface that it makes available to its payment user for accessing its payment accounts online or, where appropriate, not to have any interface at all for secure data exchange.
Amendment 323 #
Proposal for a regulation
Article 44 – paragraph 1 – subparagraph 1
Article 44 – paragraph 1 – subparagraph 1
Account servicing payment service providers shall ensure that their dedicated interface does not create obstacles to the provision of payment initiation and account information services and enables a straightforward and seamless consumer experience.
Amendment 324 #
Proposal for a regulation
Article 44 – paragraph 1 – subparagraph 2 – introductory part
Article 44 – paragraph 1 – subparagraph 2 – introductory part
Prohibited obstacles shall include, but are not limited to, the following:
Amendment 330 #
Proposal for a regulation
Article 44 – paragraph 1 – subparagraph 2 – point k
Article 44 – paragraph 1 – subparagraph 2 – point k
(k) imposing that the user be automatically redirected, at the stage of authentication, to the account servicing payment service provider’s web page address when this iauthentication as the sole method of carrying out the authentication of the payment services user that is supported by an account servicing payment service provider;
Amendment 331 #
Proposal for a regulation
Article 44 – paragraph 1 – subparagraph 2 – point l a (new)
Article 44 – paragraph 1 – subparagraph 2 – point l a (new)
(l a) restricting a payment initiation service provider from initiating payments from unique identifiers that are proxies for payment accounts, such as mobile phone numbers, including when such identifiers are otherwise solely made available by account servicing payment service providers to payers in a dedicated channel or system such as a mobile phone application.
Amendment 333 #
Proposal for a regulation
Article 44 – paragraph 2
Article 44 – paragraph 2
2. For the activities of payment initiation services and account information services the name and the account number or other identifier of the account owner shall not constitute sensitive payment data.
Amendment 344 #
Proposal for a regulation
Article 50 – title
Article 50 – title
Discrepancies between the name or other identifier and unique identifier of a payee in case of credit transfers
Amendment 345 #
Proposal for a regulation
Article 50 – paragraph 1
Article 50 – paragraph 1
1. In case of credit transfers, the payment service provider of the payee shall, free of charge, at the request of the payment service provider of the payer, verify whether or not the unique identifier and the name of the payeer other identifier that unambiguously identifies the payee, such as a fiscal number, a European unique identifier as referred to in Article 16(1), second subparagraph, of Directive (EU) 2017/1132, or an LEI as provided by the payer match, and shall communicate the outcome of this verification to the payment service provider of the payer. Where the unique identifier and the name ofr other identifier that unambiguously identifies the payee do not match, the payment service provider of the payer shall notify the payer of any such discrepancy detected and shall inform the payer of the degree of that discrepancy.
Amendment 347 #
Proposal for a regulation
Article 50 – paragraph 2
Article 50 – paragraph 2
2. The payment service providers shall provide the service referred to in paragraph 1 immediately after the payer provided to its payment service provider the unique identifier and the name or other identifier of the payee, and before the payer is offered the possibility to authorise the credit transfer.
Amendment 349 #
Proposal for a regulation
Article 50 – paragraph 7
Article 50 – paragraph 7
7. The matching service referred to in paragraph 1 shall not be required where the payer did not input himself the unique identifier and the name or other identifier of the payee.
Amendment 350 #
Proposal for a regulation
Article 50 – paragraph 8 a (new)
Article 50 – paragraph 8 a (new)
8 a. The EBA shall develop draft regulatory technical standards specifying the technical requirements of the system developed for the purpose of sharing information pursuant to paragraph 1 and 2, taking into account the different methods of identification used across the Union. When developing the draft regulatory technical standards referred to in the first subparagraph, the EBA shall consider various approaches to the methods of information sharing, including decentralised methods. The EBA shall submit the draft regulatory technical standards referred to in the first subparagraph to the Commission by [ OP please insert the date= one year after the date of entry into force of this Regulation]. Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.
Amendment 351 #
Proposal for a regulation
Article 50 a (new)
Article 50 a (new)
Article 50a Addressing location-based payment account identifier discrimination 1. When a payer makes a credit transfer to a payee holding a payment account located within the Union, the payer shall not be required to specify the Member State in which that payment account is located, provided that payment account is reachable. 2. When a payee accepts a credit transfer or uses a direct debit to collect funds from a payer holding a payment account located within the Union, the payee shall not be required to specify the Member State in which that payment account is located, provided that payment account is reachable.
Amendment 353 #
Proposal for a regulation
Article 51 – paragraph 1
Article 51 – paragraph 1
1. Where a specific payment instrument is used for the purposes of giving permission, the payer and the payer’s payment service provider may agree on fair and proportionate spending limits for payment transactions executed through that payment instrument. Payment service providers shall not unilaterally increase the spending limits agreed with their payment service users.
Amendment 394 #
Proposal for a regulation
Article 59 – paragraph 1
Article 59 – paragraph 1
1. Where a payment services user who is a consumer was manipulated by a third party pretending to be an employee of the consumer’s payment service provider or any other relevant entity of public or private nature using the name or e-mail address or telephone number of that payment service providerentity unlawfully and that manipulation gave rise to subsequent fraudulent authorised payment transactions, the payment service provider, electronic commications service provider or online platform, as applicable, shall refund the consumer the full amount of the fraudulent authorised payment transaction under the condition that the consumer has, without any delay, reported the fraud to the police and notified its payment service provider.
Amendment 416 #
Proposal for a regulation
Article 59 – paragraph 4
Article 59 – paragraph 4
4. The burden shall be on the payment service provider of, electronic communications service provider, or online platform used by the consumer to prove that the consumer acted fraudulently or with gross negligence.
Amendment 420 #
Proposal for a regulation
Article 59 – paragraph 5
Article 59 – paragraph 5
5. Where informed by a payment service provider of the occurrence of the type of fraud as referred to in paragraph 1, electronic communications services providers and online platforms shall cooperate closely with payment service providers and act swiftly to ensure that appropriate organizational and technical measures are in place to safeguard the security and confidentiality of communications in accordance with Directive 2002/58/EC, including with regard to calling line identification and electronic mail address.
Amendment 445 #
Proposal for a regulation
Article 80 – paragraph 1 – introductory part
Article 80 – paragraph 1 – introductory part
Payment systems and payment, payment service providers and technical service providers shall be allowed to process special categories of personal data as referred to in Article 9(1) of Regulation (EU) 2016/679 and Article 10(1) of Regulation (EU) 2018/1725 to the extent necessary for the provision of payment services andor in order to ensure the optimal performance of inherence-based strong customer authentication or for compliance with obligations under this Regulation, in the public interest of the well-functioning of the internal market for payment services, subject to appropriate safeguards for the fundamental rights and freedoms of natural persons, including the following:
Amendment 456 #
Proposal for a regulation
Article 83 – paragraph 1 – point a
Article 83 – paragraph 1 – point a
(a) support the risk-based application of strong customer authentication in accordance with Article 85;
Amendment 457 #
Proposal for a regulation
Article 83 – paragraph 1 – point b
Article 83 – paragraph 1 – point b
(b) exempt the application of strong customer authentication based on the criteria under Article 85(11), subject to specified and limited conditions based on the level of risk involved, the types and details of the data assessed by the payment service provider, including through the transaction monitoring mechanisms as outlined in paragraph 2 of this Article;
Amendment 459 #
Proposal for a regulation
Article 83 – paragraph 1 – point c
Article 83 – paragraph 1 – point c
(c) enable payment service providers to prevent and detect potentially fraudulent payment transactions, including transactions involving payment initiation services.
Amendment 462 #
Proposal for a regulation
Article 83 – paragraph 2 – subparagraph 1 – introductory part
Article 83 – paragraph 2 – subparagraph 1 – introductory part
Transaction monitoring mechanisms shall be based on the analysis of previous payment transactions and access to payment accounts online. Processing shall be limited toinclude, at a minimum, the following data required for the purposes referred to in paragraph 1:
Amendment 468 #
Proposal for a regulation
Article 83 – paragraph 3
Article 83 – paragraph 3
3. To the extent necessary to comply with paragraph 1, point (c), payment service providers may exchange the unique identifier, name, personal identification number, organisation number, modus operandi and other transaction information of a payee with other payment service providers who are subject to information sharing arrangements as referred to in paragraph 5, when the payment service provider has sufficient evidence to assume that there was a fraudulent payment transaction. Sufficient evidence for sharing unique identifiersnformation shall be assumed when at least two different payment services users who are customers of the same payment service provider have informed that a unique identifier of a payee was used to make a fraudulent credit transfer. Payment service providers shall not keep unique identifiersinformation obtained following the information exchange referred to in this paragraph and paragraph 5 for longer than it is necessary for the purposes laid down in paragraph 1, point (c).
Amendment 474 #
Proposal for a regulation
Article 83 – paragraph 3 a (new)
Article 83 – paragraph 3 a (new)
3 a. To the extent necessary to comply with paragraph 1, point (c), payment service providers may also exchange the information referred to in paragraph 3 with public authorities.
Amendment 479 #
Proposal for a regulation
Article 83 – paragraph 4
Article 83 – paragraph 4
4. The information sharing arrangements shall define details for participation and shall set out the details on operational elements, including the use of dedicated IT platforms if applicable. Before concluding such arrangements, payment service providers shall conduct jointly a data protection impact assessment as referred to in Article 35 of the Regulation (EU) 2016/679 and, where applicable, carry out prior consultation of the supervisory authority as referred to in Article 36 of that Regulation.
Amendment 483 #
Proposal for a regulation
Article 83 – paragraph 4 a (new)
Article 83 – paragraph 4 a (new)
4 a. The EBA shall set up a platform allowing payment service providers to exchange information on fraudulent unique identifiers with other payment service providers.
Amendment 493 #
Proposal for a regulation
Article 84 – paragraph 1
Article 84 – paragraph 1
1. Payment service providers shall alertregularly educate their customers via all appropriate means and media won fraud risks. When new forms of payment fraud emerge, taking into account the needs of their most vulnerable groups of customers, payment service providers shall use best effort to alert their customers by all appropriate means. Payment service providers shall give their customers clear indications on how to identify fraudulent attempts and warn them as to the necessary actions and precautions to be taken to avoid falling victim of fraudulent actions targeting them. Payment service providers shall inform their customers of where they can report fraudulent actions and rapidly obtain fraud- related information.
Amendment 496 #
Proposal for a regulation
Article 85 – paragraph 1 – introductory part
Article 85 – paragraph 1 – introductory part
1. A payment service provider shall apply strong customer authentication, on the basis of the risk assessment carried out under transaction monitoring mechanism as set out in Article 83, where the payer:
Amendment 506 #
Proposal for a regulation
Article 85 – paragraph 7
Article 85 – paragraph 7
7. Payment transactions for which payment orders are placed by the payer with modalities other than the use of electronic platforms or devices, such as paper-based payment orders, mail orders or telephone order-based mechanisms, shall not be subject to strong customer authentication, irrespective of whether or not the execution of the transaction is performed electronically, provided that security requirements and checks are carried out by the payment service provider of the payer allowing a form of authentication of the payment transaction.
Amendment 507 #
Proposal for a regulation
Article 85 – paragraph 11 – introductory part
Article 85 – paragraph 11 – introductory part
11. Any exemptions from the application of strong customer authentication to be designed by the EBA under Article 89 shall be based on one or more of the following criteria:the risk assessment performed under transaction monitoring mechanisms in accordance with Article 83 of this Regulation.
Amendment 508 #
Proposal for a regulation
Article 85 – paragraph 11 – point a
Article 85 – paragraph 11 – point a
Amendment 509 #
Proposal for a regulation
Article 85 – paragraph 11 – point b
Article 85 – paragraph 11 – point b
Amendment 510 #
Proposal for a regulation
Article 85 – paragraph 11 – point c
Article 85 – paragraph 11 – point c
Amendment 516 #
Proposal for a regulation
Article 85 – paragraph 12
Article 85 – paragraph 12
12. The two or more elements referred to in Article 3, point (35), on which strong customer authentication shall be based do not necessarily need to belong to different categories, as long as their independence is fully preserved authentication procedure ensures a high level of security.
Amendment 526 #
Proposal for a regulation
Article 87 – paragraph 1
Article 87 – paragraph 1
A payer payment service provider shall enter into an outsourcing agreement withcomply with the existing EBA guidelines on outsourcing arrangements (EBA/GL/2019/02) in case its technical service provider ins case that technical service provider is providing and verifyingrrying out strong customer authentication on an outsourced basis on behalf of the elepayments of strong customer authentication. A service provider. In such circumstances, a payer’s payment service provider shall, under such agreement, retain full liability for any failure to apply strong customer authentication and have the right to audit and control security provisions.
Amendment 531 #
Proposal for a regulation
Article 88 – paragraph 2
Article 88 – paragraph 2
2. Payment services providers shall not make the performance of strong customer authentication dependant on the exclusive use of a single means of authentication and shall not make the performance of strong customer authentication depend, explicitly or implicitly, on the possession of a smartphone. Payment services providers shall develop a diversity of means for application of strong customer authentication to cater for the specificvarious situation of all their customers, specifically those with disabilities, low digital skills, older persons and those who do not have access to digital channels or payment instruments.
Amendment 542 #
Proposal for a regulation
Article 89 – paragraph 2 – subparagraph 1 – point e a (new)
Article 89 – paragraph 2 – subparagraph 1 – point e a (new)
(e a) the different practical necessities of consumer payers and corporate payers.
Amendment 543 #
Proposal for a regulation
Article 89 – paragraph 2 – subparagraph 1 a (new)
Article 89 – paragraph 2 – subparagraph 1 a (new)
The EBA, before submitting its draft regulatory technical standards to the Commission, shall have an open consultation with public and private stakeholders in order to ensure that the most up to date advances in technology and payment processing, as well as the specificities of business to business and business to government transactions are taken into account in the draft regulatory technical standards.