- The Commission is preparing another major reform to payment services regulation with an updated directive on payment services and electronic money services (PSD3) and a regulation on payment services (PSR).
- The costs and administrative implications of the Commission’s proposals must be carefully assessed.
- The clarity of regulation must be ensured and regulatory overlap avoided.
- Adequate transition periods must also be guaranteed.
- Allowing banks to exchange information on suspicious transactions would help prevent fraud.
- Tightening banks’ financial liability for scams could even end up increasing crime.
The second EU Payment Services Directive (PSD2) entered into force in 2018. The revised directive introduced requirements such as strong customer authentication and the requirement to grant third-party payment service providers access to bank accounts. In the five years since, the operating environment has gone through so many changes that the European Commission decided to review the directive once more. This decision gave rise to proposals for an updated directive on payment services and electronic money services (commonly referred to as PSD3) and a regulation on payment services (PSR).
The review will mean major changes in payment services regulation. Finance Finland’s objectives are to ensure that the costs and administrative implications of the review are carefully assessed and kept under tight control. Adequate transition periods must also be guaranteed.
PSD2 obligated banks to offer dedicated interfaces for data exchange to third-party payment service providers free of charge and with all of the same functionalities as in the bank’s customer interfaces. This principle was unbalanced, as it increased costs for banks and weakened their ability to compete using their own solutions. This issue should be fixed in the upcoming review.
“In the Open Finance proposal also published in June, this defect was fixed by leaving the door open to a reasonable compensation for financial companies who have to share their data. A similar compensation model would balance out the situation also in payment services regulation, which is now skewed in favour of third-party payment service providers”, points out Teija Kaarlela, head of e-services, payments and banking regulation at Finance Finland.
Information exchange would help prevent fraud
PSD2 also governs the legislation of anti-fraud measures. As two new means of fraud prevention, the Commission is proposing to permit information exchange on accounts potentially used for illegal purposes and to develop an IBAN/name verification system that checks that the name of the payee matches the name of the account holder.
“The proposal is good and reasonable. Enabling information exchange on suspicious transactions and so-called mule accounts is an effective way to obstruct the work of criminals”, says Kaarlela.
PSD2 obligates banks to refund the losses of consumers who have fallen victim to card theft or banking credential phishing unless they were negligent in their safekeeping. The proposed revision would extend this refund obligation to scams in which the fraudster impersonates a bank employee and tricks the customer into transferring funds to a criminal account.
Banks invest significant resources to detect and prevent abuses as well as to inform and advise their customers to identify and avoid attempted fraud.
“Tightening banks’ liability for scams would not reduce crime. On the contrary, it might make customers less careful and more confident in taking risks in their online transactions, trusting that the bank will reimburse any money lost to scammers. This, in turn, would raise the success rate of criminals and potentially even give rise to new types of crime”, Kaarlela points out.
Fraud is a growing problem. Between January and June 2023, Finnish banks successfully prevented or intercepted a total of €15.9 million in fund transfers to scammers. This was more than double compared to the previous year, when the figure was €6.7 million.
The sums lost by fraud victims also grew sharply: In the first half of 2023, Finnish consumers lost a total of €19.8 million to fraud. In the previous year, this figure was €10.8 million.
“The most important thing is to increase awareness. In most scams that succeed, the victim approves the money transfer personally, either through manipulation or by oversight. In the worst cases, victims to romance scams, for example, have transferred funds despite several warnings from their bank.”