The European Council and European Parliament have reached a provisional political agreement to amend the existing Payment Services Directive (PSD2). This new regulation aims to enhance the fight against fraud and boost transparency in the payment services sector.
The agreement introduces a comprehensive anti-fraud framework to address emerging payment scams, such as ‘spoofing fraud,’ where criminals impersonate a customer’s payment service provider (PSP) to deceive users into making fraudulent transactions.
Additionally, the regulation mandates that PSPs share fraud-related information among themselves. Payment account IBAN numbers must be verified against the corresponding bank account name before any transfer can occur, a practice already in place for euro instant payment transfers. PSPs will also be held accountable if they fail to implement preventive measures.
Furthermore, major online platforms and search engines can only advertise financial services if the provider is properly regulated and authorized in the relevant member state.
The new regulation emphasizes fee transparency as well. ATM providers must clearly display all applicable fees and exchange rates prior to transactions, and companies offering card payment services to merchants must disclose their service charges.
To improve access to cash, especially in rural areas, the framework will allow retailers to offer cash withdrawals without requiring a purchase. However, these withdrawals will need to use chip and PIN technology and will be capped at €150 to prevent misuse.
Morten Bødskov, Denmark’s Minister for Business, Industry, and Financial Affairs, stated, “This agreement marks a significant step in combating payment fraud in the EU. By enhancing consumer protection, increasing transparency, and encouraging innovation, we are creating a safer, more efficient payment landscape for all Europeans.”
However, the Computer & Communications Industry Association (CCIA Europe) has criticized the proposed fraud liability measures. Leonardo Veneziani, a policy manager at CCIA Europe, expressed concern that the agreement favors large banks and telecommunications companies, potentially making it easier for fraudsters to exploit consumers. He argued that this complicated framework undermines simplification efforts and conflicts with the Digital Services Act’s ban on general monitoring, ultimately jeopardizing consumer protection.