14 Amendments of José Manuel GARCÍA-MARGALLO Y MARFIL related to 2023/0210(COD)
Amendment 126 #
Proposal for a regulation
Recital 82
Recital 82
(82) To assess possible negligence or gross negligence on the part of the payment service user, account should be taken of all circumstances. The evidence and degree of alleged negligence should generally be evaluated according to national law. However, while the concept of negligence implies a breach of a duty of care, ‘gross negligence’ should mean more than mere negligence, involving conduct exhibiting a significant degree of carelessness; for example, keeping the credentials used to authorise a payment transaction beside the payment instrument in a format that is open and easily detectable by third parties. The fact that a consumer has already received a refund from a payment service provider after having fallen victim of bank employee impersonation fraud and is introducing another refund claim to the same payment service provider after having been again victim of the same type of fraud could be considered as ‘gross negligence’ as that might indicate a high level of carelessness from the user who should have been more vigilant after having already be victim of the same fraudulent modus operandi.
Amendment 157 #
Proposal for a regulation
Article 2 – paragraph 2 – point j – point iii
Article 2 – paragraph 2 – point j – point iii
(iii) instruments valid only in a single Member State, which are provided at the request of an undertaking or a public sector entity and regulated by a national or regional public authority for specific social or tax purposes to acquire specific goods or services from suppliers having a commercial agreement with the issuer which cannot be converted into cash;
Amendment 357 #
Proposal for a regulation
Article 52 – paragraph 1 – point b
Article 52 – paragraph 1 – point b
(b) notify the payment service provider, or the entity specified by the payment service provider, without undue delay on becoming aware of the loss, theft, misappropriation or unauthorised use of the payment instrument and/or its personalised security credentials.
Amendment 395 #
Proposal for a regulation
Article 59 – paragraph 1
Article 59 – paragraph 1
1. Where a payment services user who is a consumer was manipulated by a third party pretending to be an employee of the consumer’s payment service provider using the name or e-mail address or telephone number of that payment service provider unlawfully and that manipulation gave rise to subsequent fraudulent authorised payment transactions, the payment service provider shall refund the consumer the full amount of the fraudulent authorised payment transaction under the condition that the consumer has, without any delay, submitted reasonable documentation to prove the occurrence of the impersonation fraud, reported the fraud to the police and notified its payment service provider.
Amendment 409 #
Proposal for a regulation
Article 59 – paragraph 2 – point b
Article 59 – paragraph 2 – point b
(b) where the payment service provider has reasonable grounds to suspect a fraud or a gross negligence by the consumer or where the payment service provider can demonstrate that the consumer has not observed obligations established in the framework contract or communicated in the form agreed within the framework contract, provide a justification for refusing the refund and indicate to the consumer the bodies to which the consumer may refer the matter in accordance with Articles 90, 91, 93, 94 and 95 if the consumer does not accept the reasons provided.
Amendment 421 #
Proposal for a regulation
Article 59 – paragraph 5
Article 59 – paragraph 5
5. Where informed by a payment service provider of the occurrence of theany type of fraud as referred to in paragraph 1, electronic communications services providers shall immediately cooperate closely with payment service providers and act swiftly to ensure that appropriate organizational and technical measures are in place to safeguard the security and confidentiality of communications in accordance with Directive 2002/58/EC, including with regard to calling line identification and electronic mail address.
Amendment 434 #
Proposal for a regulation
Article 65 – paragraph 1 – subparagraph 2
Article 65 – paragraph 1 – subparagraph 2
The payment service provider shall provide or make available the notification in an agreed manner at the earliest opportunity, and in any case within the periods specified in Article 69. Where the PSP refuses to execute the payment based on objective grounds to suspect a fraudulent payment transaction in accordance with Article 83(1), the notification shall take into account the information necessary for the payment service user to resolve the suspicious transaction.
Amendment 437 #
Proposal for a regulation
Article 65 – paragraph 1 – subparagraph 3
Article 65 – paragraph 1 – subparagraph 3
The framework contract may include a condition that the payment service provider may charge a reasonable fee for such a refusal if the refusal is objectively justified, but not in the case of a refusal due to a suspected fraudulent transaction.
Amendment 458 #
Proposal for a regulation
Article 83 – paragraph 1 – point c
Article 83 – paragraph 1 – point c
(c) enable all payment service providers to prevent and detect, detect and resolve potentially fraudulent payment transactions, including transactions involving payment initiation services.
Amendment 460 #
Proposal for a regulation
Article 83 – paragraph 2 – subparagraph 1 – introductory part
Article 83 – paragraph 2 – subparagraph 1 – introductory part
Transaction monitoring mechanisms shall be based on the analysis of previous payment transactions and access to payment accounts online as well as on the fraud data shared and observed fraud patterns. Processing shall be limited to the following data required for the purposes referred to in paragraph 1:
Amendment 464 #
Proposal for a regulation
Article 83 – paragraph 2 – subparagraph 1 a (new)
Article 83 – paragraph 2 – subparagraph 1 a (new)
When the monitoring mechanisms provide strong evidence to suspect a fraudulent transaction, or when a police report is notified by the user to the payment service provider, payment service providers shall have the right to block the execution of the payment order, or block and recover the related funds. That evidence should be understood as objectively justified reasons relating to the security of the payment transaction, the suspicion of unauthorised or fraudulent transactions.
Amendment 466 #
Proposal for a regulation
Article 83 – paragraph 2 – subparagraph 2 – introductory part
Article 83 – paragraph 2 – subparagraph 2 – introductory part
Payment service providers shall not store data referred to in this paragraph longer than necessary for the purposes set out in paragraph 1, and not, in any event, not later than 10 years after the termination of the customer relationship. Payment service providers shall ensure that the transaction monitoring mechanisms take into account, at a minimum, each of the following risk- based factors:
Amendment 472 #
Proposal for a regulation
Article 83 – paragraph 3
Article 83 – paragraph 3
3. To the extent necessary to comply with paragraph 1, point (c), payment service providers may exchange the unique identifier of a payee, law enforcement agents and public authorities may exchange fraud-relevant data with other payment service providers who are subject to information sharing arrangements as referred to in paragraph 5, when the payment service provider has sufficient evidence to assume that there was a fraudulent payment transaction. Sufficient evidence for sharing unique identifiersfraud-relevant data shall be assumed when at least two different payment services users who are customers of the same payment service provider have informed that a unique identifier of a payee was used to make a fraudulent credit transfer. Payment service providers shall not keep unique identifiersfraud-relevant data obtained following the information exchange referred to in this paragraph and paragraph 5 for longer than it is necessary for the purposes laid down in paragraph 1, point (c).
Amendment 490 #
Proposal for a regulation
Article 83 – paragraph 6
Article 83 – paragraph 6
6. The processing of personal data in accordance with paragraph 4 shall not lead to termination of the contractual relationship with the customer by the payment service provider or affect their future on-boarding by another payment service provider unless a thorough fraud investigation conducted by the relevant authorities has concluded that the customer participated in the fraudulent activity.