Payment Systems

The revised Payment Services Directive (PSD2)

What is PSD2?

The PSD2 is a Directive issued by the European Commission which regulates payment services throughout the European Union. This Directive builds on the first Payment Services Directive which was introduced in 2009 with the aim to create a single market for payments in the European Union. The PSD2 is designed to make payments safer, increase consumer protection and foster innovation and competition.

When will it become applicable?

The PSD2 became applicable on 13 January 2018.

What are the main changes of this Directive?

The PSD2 will regulate new market players known as Third Party Providers (TPPs). The PSD2 identifies two types of TPPs: Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). AISPs provide a consenting client with an aggregated view of all the client's payment accounts held with different banks. PISPs are able to initiate a payment on behalf of a consenting client from the client's payment account held with a particular bank.

Moreover, in order to enhance security and mitigate card fraud, the PSD2 enforces strong customer authentication and therefore banks are no longer permitted to continue issuing local debit cards that only use magnetic stripe technology to store card information. To this effect, all local magnetic stripe-only debit cards such as HSBC's Quikcash, BOV's Cashlink and APS' Premier have to be upgraded to EMV, commonly referred to as Chip & Pin technology. The aforementioned banks will be advising their clients in due course on the way forward. These changes will also pave the way forward for the implementation of contactless cards, which make low value payments more efficient.

Finally, bank transfers where both the payer's bank and the payee's bank are located in an EEA country will attract the sharing of charges irrespective of the currency. This means that the payer pays the charges levied by his bank while the payee pays the fees charged by his bank.

How will consumers benefit from this Directive?

The new Directive provides further consumer protection whereby, if a client has his card lost or stolen and it transpires that a fraudulent transaction has been effected, the client is only liable to pay a maximum of EUR 50 unless the client acted fraudulently or with gross negligence. The PSD2 also prohibits surcharging on electronic payments which translates to cheaper transactions. This means that merchants are unable to charge an extra fee to those payers opting to pay with an electronic instrument such as a card.

In order to promote greater transparency, banks are obliged to provide information on individual debit and credit transactions to their clients, free of charge, either electronically or in paper format. While banks may opt to provide monthly statements instead of individual debit and credit advices, the customer reserves the right to receive individual debit advices instead of monthly statements. Furthermore, upon the closure of a payment account, banks are obliged to provide a statement covering a period of at least thirteen months to their clients, free of charge, either electronically or in paper format.

Consumers have a right to submit a complaint with the bank relating to any alleged infringements of PSD2 provisions. The bank is obliged to handle the complaint within 15 business days which may be extended to 35 business days when the information required is not within the bank's control. If the consumer is not satisfied with the complaint resolution, he may resort to the Office of the Arbiter for Financial Services for alternative dispute resolution.

Titles III and IV of the PSD2 have been transposed to the CBM Directive No. 1: Provision and Use of Payment Services. Directives published by the Central Bank of Malta under the Central Bank of Malta Act in respect of retail payment services can be found here.

Leaflet issued by the Malta Bankers' Association