The revised payment services directive (“PSD2”) has already been implemented in Hungary, most of the provisions will be effective on 13 January 2018. PSD2 will open up the payment market to new players (“fintech companies”) in the payment services, particularly to payment initiation service providers (“PISPs”) and to account information service providers (“AISPs”), and introduces strict security requirements for the initiation and processing of electronic payments (strong customer authentication – “SCA”).
The new regulation will have an effect on the banks as account servicing providers, since they will be required to enable fintech companies to access certain data in order to initiate payments and to access their customers account information. Also, there will be changes in the liability of the banks for payment transactions. If a payment transaction is not authorized by the consumer in line with the requirements, the account servicing bank of the payer must refund the amount of the payment transaction to the payer no later than the end of the workday following the day when it becomes aware or has been informed of such transaction, regardless of whether or not such transaction was initiated through a PISP. In addition, the account servicing bank will be obliged to prove that the consumer authorized the transaction and it was otherwise carried out in line with the requirements. An exemption from the above liability is when the bank suspects the fraud of the consumer and reports it to the supervisory authority.
The banks will also need to adjust their framework agreements to the above and to notify their consumers thereon, so that they can exercise their right to terminate those agreements, which create significant administrative works for the banking system.
By Rita Parkanyi, Partner, KCG Partners Law Firm