Activities of Eugen JURZYCA related to 2023/0210(COD)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on payment services in the internal market and amending Regulation (EU) No 1093/2010
Amendments (57)
Amendment 96 #
Proposal for a regulation
Recital 28
Recital 28
(28) The definition of funds should cover all forms of central bank money issued for retail use, includingnamely banknotes and coins, and any possible future central bank digital currency, e- money and commercial bank money. Central bank money issued for use between the central bank and commercial banks, i.e. for wholesale use, should not be covered.
Amendment 110 #
Proposal for a regulation
Recital 54
Recital 54
(54) Account information services and payment initiation services, often collectively known as ‘open banking services’, are payment services involving access to the data of a payment service user by payment service providers which do not hold the account holder’s funds nor service a payment account. Account information services allow the aggregation of a user’s data, at the request of the payment service user, with different account servicing payment service providers in one single place. Payment initiation services may allow the initiation of a payment from the user’s account, such as a credit transfer or a direct debit, in a convenient way for the user and the payee without the use of an instrument such as a payment card.
Amendment 112 #
Proposal for a regulation
Recital 64
Recital 64
(64) For the provision of payment initiation services, the account servicing payment service provider should provide the payment initiation service provider with all information accessible to it regarding the execution of the payment transaction immediatelybefore and after the payment order has been receivinitiated. Sometimes more information becomes available to the account servicing payment service provider after it has received the payment order, but before it has executed the payment transaction. Where relevant for the payment order and the execution of the payment transaction, the account servicing payment service provider should provide that information to the payment initiation service provider. The payment initiation service provider should benefit from the information necessary to assess the risks of non-execution of the initiated transaction. That information is indispensable to enable the payment initiation service provider to offer to a payee on behalf of whom it initiates the transaction a service whose quality can compete with other means of electronic payments available to the payee, including payment cards.
Amendment 123 #
Proposal for a regulation
Recital 81
Recital 81
(81) Given their obligations to safeguard the security of their services in accordance with Directive 2002/58/EC of the European Parliament and of the Council49 , electronic communications services providers have the capacity to contribute to the collective fight against ‘spoofing’ fraud. Therefore, and without prejudice to the obligations laid down in national law implementing that Directive, electronic communications services providers should cooperate with payment service providers with a view to preventing further occurrences of that type of fraud, including by acting promptly to ensure that appropriate organizational and technical measures are in place to safeguard the security and confidentiality of communications in accordance with Directive 2002/58/EC. Any claim by a payment service provider against other providers, such as electronic communications services providers, for financial damage caused in the context of this type of fraud should be made in accordance with national law. Electronic communications services providers cannot be held liable for payment fraud committed by the third party. __________________ 49 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (OJ L 201, 31.7.2002, p.37).
Amendment 127 #
Proposal for a regulation
Recital 82
Recital 82
(82) To assess possible negligence or gross negligence on the part of the payment service user, account should be taken of all circumstances. The evidence and degree of alleged negligence should generally be evaluated according to national law. However, while the concept of negligence implies a breach of a duty of care, ‘gross negligence’ should mean more than mere negligence, involving conduct exhibiting a significant degree of carelessness; for example, keeping the credentials used to authorise a payment transaction beside the payment instrument in a format that is open and easily detectable by third parties, unsafe manipulation with security codes, debit card or a device used to provide the access to banking, persuading the bank to lift the blockade placed after a fraud alert acting on guidance from an unfamiliar third party, transferring money to foreign accounts under suspicious circumstances or opening one or more crypto wallets acting on guidance from an unfamiliar third party. The fact that a consumer has already received a refund from a payment service provider after having fallen victim of bank employee impersonation fraud and is introducing another refund claim to the same payment service provider after having been again victim of the same type of fraud could be considered as ‘gross negligence’ as that might indicate a high level of carelessness from the user who should have been more vigilant after having already be victim of the same fraudulent modus operandi.
Amendment 139 #
Proposal for a regulation
Recital 109
Recital 109
(109) As the payment service provider that should apply strong customer authentication is the payment service provider that issues the personalised security credentials, payment transactions that are not initiated by the payer but by the payee only should not be subject to strong customer authentication to the extent that those transactions are initiated without any interaction or involvement of the payer. The regulatory approach to MITs and direct debits, both being transactions initiated by the payee, should be aligned and benefit from the same consumer protection measures, including refunds.
Amendment 143 #
Proposal for a regulation
Recital 119
Recital 119
(119) Operators of digital pass-through wallets that verify the elements of SCA when tokenised instruments stored in the digital wallets are used for payments should be required to enter into outsourcing agreements with the payers’ payment service providers to allow them to continue to perform such verifications, but also requiring them to comply with key security requirements. The payer’s payment service providers should, under such agreements, retain full liability for any failure by operators of digital pass- through wallets to apply SCA and have the right to audit and control the wallet operator’s security provisions. An outsourcing agreement is not needed if the payer’s payment service provider remains in control of strong customer authentication.
Amendment 145 #
Proposal for a regulation
Recital 120
Recital 120
(120) Where technical service providers or operators of payment schemes provide services to payees or to the payment service providers of payees or of payers, they should support the application of strong customer authentication within the remit of their role in the initiation or execution of payment transactions. Given the role that they play in ensuring that key security requirements concerning retail payments are properly implemented, including by providing appropriate IT solutions, technical service providers and operators of payment schemes should be held liable for the financial damages caused to payees or to the payment service providers of the payees or of the payers in case they fail to support the application of outsourced strong customer authentication.
Amendment 179 #
Proposal for a regulation
Article 3 – paragraph 1 – point 30
Article 3 – paragraph 1 – point 30
(30) ‘funds’ means central bank money issued for retail usebank notes and coins, scriptural money and electronic money;
Amendment 188 #
Proposal for a regulation
Article 3 – paragraph 1 – point 51
Article 3 – paragraph 1 – point 51
(51) ‘distributor’ means a natural or legal person that distributes or redeems electronic money on behalf of and engaged by a payment institution;
Amendment 189 #
Proposal for a regulation
Article 3 – paragraph 1 – point 52
Article 3 – paragraph 1 – point 52
(52) ‘electronic money services’ means the issuance of electronic money, the maintenance of payment accounts storing electronic money units, and the transfer of electronic money units;
Amendment 198 #
Proposal for a regulation
Article 3 – paragraph 1 – point 55 a (new)
Article 3 – paragraph 1 – point 55 a (new)
(55 a) 'authorisation' means the consent granted by a payer to their payment services provider for executing a payment transaction via the agreed process and form.
Amendment 246 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
Amendment 301 #
Proposal for a regulation
Article 37 – paragraph 3
Article 37 – paragraph 3
3. Account servicing payment service providers shall provide payment initiation service providers with at least the same information on the initiation and execution of the payment transaction provided or made available to the payment service user when the transaction is initiated directly by the payment service user. That information shall be provided immediately after receipt of the payment order and on an ongoing basis until the payment is finalexecuted or rejected.
Amendment 313 #
Proposal for a regulation
Article 40 – paragraph 2
Article 40 – paragraph 2
For the purposes of point (b), where some or all of the information referred to in that point is unavailable immediately after receipt of the payment order, the account servicing payment service provider shall ensure that any information, including any payment status update, about the execution of the payment order is made available to the payment initiation service provider immediately after that information becomes available to the account servicing payment service provider.
Amendment 316 #
Proposal for a regulation
Article 43 – paragraph 2 – point c
Article 43 – paragraph 2 – point c
Amendment 318 #
Proposal for a regulation
Article 43 – paragraph 2 – point d a (new)
Article 43 – paragraph 2 – point d a (new)
(d a) be consistent with the Financial Data Access Regulation’s dashboards and allow data holders to manage data permissions stemming from both FIDA and this Regulation through a single dashboard.
Amendment 346 #
Proposal for a regulation
Article 50 – paragraph 1 – subparagraph 1 (new)
Article 50 – paragraph 1 – subparagraph 1 (new)
When a credit transfer is intended for a legal entity payee, the payer's payment service provider should permit the utilization of data elements beyond the name. This may include utilizing the ISO 17442 Legal Entity Identifier, where available, to enhance security in the identification matching process.
Amendment 364 #
Proposal for a regulation
Article 55 – title
Article 55 – title
Evidence on authorisentication and execution of payment transactions
Amendment 366 #
Proposal for a regulation
Article 55 – paragraph 1 – subparagraph 1
Article 55 – paragraph 1 – subparagraph 1
Where a payment service user denies having authorised an executed payment transaction or claims that the payment transaction was not correctly executed, the burden shall be on the payment service provider to prove that the payment transaction was authorisefollowed required authentication and, accurately recorded, entered in the accounts and not affected by a technical breakdown or some other deficiency of the service provided by the payment service provider. Until other evidence is collected and properly assessed, the payment service provider is entitled to treat the transaction as authorised and correctly executed.
Amendment 368 #
Proposal for a regulation
Article 55 – paragraph 1 – subparagraph 2
Article 55 – paragraph 1 – subparagraph 2
If the payment transaction is initiated through a payment initiation service provider, the burden shall be on the payment initiation service provider to prove that within its sphere of competence, the payment transaction followed required authentication and was authorisenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the payment service of which it is in charge. Until other evidence is collected and properly assessed, the payment service provider is entitled to treat the transaction as authorised and correctly executed.
Amendment 372 #
Proposal for a regulation
Article 55 – paragraph 2
Article 55 – paragraph 2
2. Where a payment service user denies having authorised an executed payment transaction, the use of a payment instrument recorded by the payment service provider, including the payment initiation service provider as appropriate, shall in itself not necessarily be sufficient to prove either that the payment transaction was authorisenticated by the payer or that the payer acted fraudulently or failed with intent or gross negligence to fulfil one or more of the obligations under Article 52. The payment service provider, including, where appropriate, the payment initiation service provider, shall provide supporting evidence to prove fraud or gross negligence on part of the payment service user.
Amendment 389 #
Proposal for a regulation
Article 58 – paragraph 1
Article 58 – paragraph 1
Technical service providers and operators of payment schemes that either provide services to the payee, or torelating to strong customer authentication under an outsourcing agreement with the payment service provider of the payee or of the payer, shall be liable for anydirect financial damage caused to the payee, to the payment service provider of the payee or of the payer for, and proportionate to, their failure, within the remit of their contractual relationship, and not exceeding the amount of the transaction in question, to provide the services that are necessary to enable the applicationcarrying out of strong customer authentication.
Amendment 396 #
Proposal for a regulation
Article 59 – paragraph 1
Article 59 – paragraph 1
1. Where a payment services user who is a consumer was manipulated by a third party pretending to be an employee of the consumer’s payment service provider using the name orand e-mail address or name and telephone number of that payment service provider unlawfully and that manipulation gave rise to subsequent fraudulent authorised payment transactions, the payment service provider shall refund the consumer the full amount of the fraudulent authorised payment transaction under the condition that the consumer has, without any delay, submitted reasonable documentation to prove the occurrence of the fraud, reported the fraud to the police and notified its payment service provider.
Amendment 407 #
Proposal for a regulation
Article 59 – paragraph 2 – introductory part
Article 59 – paragraph 2 – introductory part
2. Within 10 business days after noting or being notified of the fraudulent authorised payment transaction and having received the detailed police report, the payment service provider shall do either of the following:
Amendment 413 #
Proposal for a regulation
Article 59 – paragraph 3
Article 59 – paragraph 3
3. Paragraph 1 shall not apply if the consumer has acted fraudulently or with gross negligence or refuses to comply with the PSP’s investigation, providing relevant information on how the impersonation fraud happened.
Amendment 414 #
Proposal for a regulation
Article 59 – paragraph 3 a (new)
Article 59 – paragraph 3 a (new)
3 a. The liability of the payment service provider referred to in paragraph 1 may be mitigated by the following: (a) fraud through unconventional channels that differ from the PSP´s usual practices; (b) educational efforts to raise consumer awareness of specific fraud; (c) online tools for validating consumer communications.
Amendment 415 #
Proposal for a regulation
Article 59 – paragraph 4
Article 59 – paragraph 4
4. The burden shall be on the payment service provider of the consumer to prove that the consumer acted fraudulently or with gross negligence. By 12 months after the date of entry into force of this Regulation, the EBA shall issue guidelines specifying the notion of gross negligence.
Amendment 419 #
Proposal for a regulation
Article 59 – paragraph 5
Article 59 – paragraph 5
5. Where informed by a payment service provider of the occurrence of the type of fraud as referred to in paragraph 1, electronic communications services providers shall cooperate closely with payment service providers and act swiftly to ensure that appropriate organizational and technical measures are in place to safeguard the security and confidentiality of communications in accordance with Directive 2002/58/EC, including with regard to calling line identification and electronic mail address. Providers of electronic communication services shall not be held accountable for payment frauds committed by third parties.
Amendment 432 #
Proposal for a regulation
Article 62 – paragraph 1 – subparagraph 4
Article 62 – paragraph 1 – subparagraph 4
Without prejudice to paragraph 3 of this Article, in addition to the right referred to in the first subparagraph of this paragraph, for authorised payment transactions which were initiated by a payee, including direct debits as referred to in Article 1 of Regulation (EU) No 260/2012, the payer shall have an unconditional right to a refund within the time limits laid down in Article 63 of this Regulation. Merchant Initiated Transactions (MITs) shall not fall within the scope of this unconditional right.
Amendment 454 #
Proposal for a regulation
Article 83 – title
Article 83 – title
Amendment 455 #
Proposal for a regulation
Article 83 – paragraph 1 – introductory part
Article 83 – paragraph 1 – introductory part
1. Payment service providers shall have tfransactionud monitoring mechanisms in place that:
Amendment 461 #
Proposal for a regulation
Article 83 – paragraph 2 – subparagraph 1 – introductory part
Article 83 – paragraph 2 – subparagraph 1 – introductory part
Transaction monitoring mechanisms shall be based on the analysis of previous payment transactions and access to payment accounts online. Processing shall be limited toinclude the following data required for the purposes referred to in paragraph 1:
Amendment 465 #
Proposal for a regulation
Article 83 – paragraph 2 – subparagraph 1 a (new)
Article 83 – paragraph 2 – subparagraph 1 a (new)
Payees’ payments service providers shall provide the data required for the purposes referred to in paragraph 1 to the payment service providers involved in the transaction.
Amendment 467 #
Proposal for a regulation
Article 83 – paragraph 2 – subparagraph 2 a (new)
Article 83 – paragraph 2 – subparagraph 2 a (new)
Payment service providers may process the data listed in the first subparagraph of Article 83(2) for strong customer authentication as an element of ‘inherence’ pursuant to Article 3, point (35).
Amendment 497 #
Proposal for a regulation
Article 85 – paragraph 1 – point b
Article 85 – paragraph 1 – point b
Amendment 499 #
Proposal for a regulation
Article 85 – paragraph 1 a (new)
Article 85 – paragraph 1 a (new)
1 a. A requirement of strong customer authentication does not apply in cases of technical failure during which a payment provider shall apply the best effort to authenticate the payer and shall apply strong customer authentication immediately after solving the technical failure.
Amendment 502 #
Proposal for a regulation
Article 85 – paragraph 4
Article 85 – paragraph 4
Amendment 503 #
Proposal for a regulation
Article 85 – paragraph 5
Article 85 – paragraph 5
5. Where the mandate of the payer to the payee to place payment orders for transactions referred to in paragraph 3 is provided through a remote channel with the involvement of the payment service provider, the setting up of such a mandate shall be subject to strong customer authentication.
Amendment 504 #
Proposal for a regulation
Article 85 – paragraph 6
Article 85 – paragraph 6
6. For direct debits as referred to in Article 1 of Regulation (EU) No 260/2012, where the mandate given by the payer to the payee to initiate one or several direct debit transactions is provided through a remote channel with the direct involvement of a payment service provider in the setting up of such a mandate, strong customer authentication shall be applied.
Amendment 514 #
Proposal for a regulation
Article 85 – paragraph 12
Article 85 – paragraph 12
12. The two or more elements referred to in Article 3, point (35), on which strong customer authentication shall be based do not necessarily need to belong to different categories, as long as their independence is fully preserved. However, payment service providers shall not use two elements categorised as knowledge.
Amendment 521 #
Proposal for a regulation
Article 86 – paragraph 3
Article 86 – paragraph 3
Amendment 522 #
Proposal for a regulation
Article 86 – paragraph 4
Article 86 – paragraph 4
Amendment 525 #
Proposal for a regulation
Article 87 – paragraph 1
Article 87 – paragraph 1
A payer payment service provider shall enter into an outsourcing agreement with its technical service provider in case that technical service provider is providing and verifying the elements of strong customer authentication and the payer payment service provider is not in control of strong customer authentication. A payer’s payment service provider shall, under such agreement, retain full liability for any failure to apply strong customer authentication and have the right to audit and control security provisions.
Amendment 528 #
Proposal for a regulation
Article 87 – paragraph 1 a (new)
Article 87 – paragraph 1 a (new)
A payer payment service provider’s outsourcing of strong customer authentication pursuant to paragraph 1 is not outsourcing of a payer payment service provider’s critical or important functions.
Amendment 529 #
Proposal for a regulation
Article 87 – paragraph 1 b (new)
Article 87 – paragraph 1 b (new)
A payer payment service provider is allowed to enter into multilateral or scalable outsourcing agreements for authorising technical service providers to provide and verify the elements of strong customer authentication pursuant to paragraph 1.
Amendment 530 #
Proposal for a regulation
Article 87 – paragraph 1 c (new)
Article 87 – paragraph 1 c (new)
Paragraph 1 does not apply to technical services for strong customer authentication that are provided by operators of payment schemes.
Amendment 539 #
Proposal for a regulation
Article 89 – paragraph 2 – subparagraph 1 – point e a (new)
Article 89 – paragraph 2 – subparagraph 1 – point e a (new)
(e a) the need for balance between fraud risk versus the consumer experience with regards to low value transactions.
Amendment 549 #
Proposal for a regulation
Article 97 – paragraph 2 – point a – point i
Article 97 – paragraph 2 – point a – point i
(i) in the case of a legal person, a maximum administrative fine of at least 104% of its total annual turnover as defined under paragraph 3;
Amendment 556 #
Proposal for a regulation
Article 108 – paragraph 1 – subparagraph 1 – introductory part
Article 108 – paragraph 1 – subparagraph 1 – introductory part
The Commission shall, by 57 years after the date of application of this Regulation, submit to the European Parliament, the Council, the ECB and the European Economic and Social Committee, a report on the application and impact of this Regulation, and in particular on:
Amendment 557 #
Proposal for a regulation
Article 108 – paragraph 1 – subparagraph 1 – point d a (new)
Article 108 – paragraph 1 – subparagraph 1 – point d a (new)
(d a) the number and the amount of administrative penalties and administrative measures imposed according to or in relation to this Regulation, categorised by Member State;
Amendment 558 #
Proposal for a regulation
Article 108 – paragraph 1 – subparagraph 1 – point d b (new)
Article 108 – paragraph 1 – subparagraph 1 – point d b (new)
(d b) the quality of cooperation between national competent authorities and EBA;
Amendment 559 #
Proposal for a regulation
Article 108 – paragraph 1 – subparagraph 1 – point d c (new)
Article 108 – paragraph 1 – subparagraph 1 – point d c (new)
(d c) the costs of complying with this Regulation for payment service providers and technical service providers as a percentage of operational costs;
Amendment 560 #
Proposal for a regulation
Article 108 – paragraph 1 – subparagraph 1 – point d d (new)
Article 108 – paragraph 1 – subparagraph 1 – point d d (new)
(d d) types and trends of fraudulent behaviour, and estimations and proportions of financial damage that behaviour represents on the market, quantified by Member States;
Amendment 562 #
Proposal for a regulation
Article 112 – paragraph 2
Article 112 – paragraph 2
It shall apply from [ OP please insert the date= 1836 months after the date of entry into force of this Regulation].
Amendment 566 #
Proposal for a regulation
Article 112 – paragraph 3
Article 112 – paragraph 3
However, Articles 50 and 57 shall apply from [ OP please insert the date= 2436 months after the date of entry into force of this Regulation].
Amendment 568 #
Proposal for a regulation
Annex II – paragraph 1
Annex II – paragraph 1
Issuance of electronic money, maintenance of payment accounts storing electronic money units and transfer of electronic money units.