Payment Services Directive – PSD2
European Directive 2015/2366, known as PSD2, came into force on 13 January 2019. The Directive’s aim is to foster development of the payments market, enhance consumer protection, support technological innovation and boost the level of competition in the European Union’s financial industry.
The most important changes are outlined below:
Scope of application: PSD2 applies to all Payment Service Providers (hereinafter PSP), therein including banks, for payment transactions carried out in the European Union in euros or other official currency of a member state. It likewise applies to payments made from or to countries that are not member states, in currency other than the euro, for the part of the transaction made within the EU, if at least one of the PSP involved in the transaction (i.e. the PSP of either the payer or the beneficiary) is situated in the EU;
Third Party Providers (TPP): PSD2 gives new operators outside the banking sector, so-called Third Parties, the possibility to provide payment services via Internet by accessing online current accounts following authorisation from the account holder.
Within the context we can distinguish between:
PISP (Payment Initiation Service Provider)
Service that acts as a go-between between the payer and his/her online payment account, which can initiate a transaction on behalf of the user in favour of a third beneficiary.
AISP (Account Information Service Provider)
Service offered to holders of accounts that are accessible online, through which, by means of an integrated dashboard, clients can obtain complete information about their own accounts.
CISP (Card Initiation Service Payment)
Issuers of card-based payment tools different from those of banks. The card holder can access a service to make payment instructions regarding his/her own account, on which the CISP can request prior verification of the availability of the amount of the operation.
Documents containing the technical specifications of the interface are published by the multi-operator platform provider Cedacri Group S.p.A. and are available online on the Third Party Portal at: https://developer.cedacri.it in compliance with guideline no. 6 of the Final Report EBA. There is also a sandbox, which allows Third Parties to simulate online operations involving access to accounts.
During the testing phase, assistance can be requested by writing to the email address firstname.lastname@example.org, which guarantees the same level of assistance to both our clientele and third parties.
For clientele and third parties the toll-free number 800035088 is available for calls made in Italy and the number +3905211922194 is available for calls made from overseas.
Security: PSD2 introduces new security requisites for access to online accounts and the availability of electronic payments. PSD2 calls for the use of obligatory, strict security standards that necessitate identity verification through two or more authentication tools classified as:
«knowledge» something that only the customer knows (e.g. a PIN)
«possession» something that only the customer has (e.g. a token)
«inherence» something that only the customer is (e.g. a fingerprint)
Responsibility: new division of responsibility amongst banks for incorrect/late payment transactions by the PISP:
• lowering the deductible of non-authorised payment transactions deriving from the misuse of the payment tool as a result of theft, loss or misappropriation should the customer have fulfilled communication requirements from Euro 150.00 to Euro 50.00;
Transparency: extension of the SHARE charge principle to transactions in currencies outside the EU and to transactions in EU currency that require currency conversion.
• Ban on surcharges for the use of payment cards (for both domestic and cross-border transactions)
• Revision of the scope of exemption for commercial agents and for limited spending tools and networks
• Revision of exemptions allowed for the use of telephone credit for payment brokering.
Statistics: publication of reports regarding account information services, i.e. the availability of data through access to the online platform. The reports, with daily checks, shall be published quarterly starting in September 2019.