Payment Services Directive
The Payment Services Directive is an EU law that, in 2009, introduced common EU rules for electronic payments such as credit transfers, direct debits, card payments, and mobile and online payments. It was intended to make payments between EU countries as easy and secure as payments made within a country.
The second Payment Services Directive (PSD2) was introduced in 2018. PSD2 provides added consumer protection and security and regulates new types of online and mobile payments. This page explains the PSD2 rules and protections.
If there is a transaction on your account that you have not authorised, the amount you are liable for is limited to a maximum of €50, unless you have acted fraudulently or carelessly.
Direct debit payments
If a direct debit payment is taken from your account, you have the right to have the payment refunded for 8 weeks after the payment. You can request a refund even if a payment transaction is disputed.
Amounts blocked before payment
In cases where the retailer blocks funds to cover a transaction amount that is not known in advance, for example, for car rental or in petrol stations, they can only block an amount that you approve. Your bank will immediately release the blocked funds when it receives the final exact amount or the payment order.
Retailers cannot charge you an extra fee or surcharge for paying by debit or credit card, either online or in shops. (There is an exception to this in limited cases where the card charge to the retailer is not capped under the Interchange Fee Regulation.)
If you enter into a contract for payment services, you can end the contract free of charge after 6 months.
Strong Customer Authentication
PSD2 introduces stricter rules for creating and processing electronic payments (particularly online payments) and for protecting your financial data.
Strong Customer Authentication (SCA) must be used to confirm your identity or confirm that you authorise the payment. This stricter security process requires at least 2 parts which can be:
- Something only you know, for example, a password or PIN
- Something only you have, for example, a card or code generator
- A characteristic you have, for example, your fingerprint or voice
There are some types of transactions that are exempt from Strong Customer Authentication. For example, SCA is not always required for low-value transactions.
PSD2 covers new types of payment services where the service providers have access to information from your payment account. These services may be from:
- Payment Initiation Service Providers
- Account Information Service Providers
Payment Initiation Service Providers (PISPs) allow you to make online purchases without a credit card. This means that you can use a bank transfer to make a purchase without any delay. The PISP arranges payment from your account and immediately confirms the payment with the seller who can complete the purchase.
Account Information Service Providers (AISPs) allow you to access information from different accounts in a single service. This means that you can, for example, analyse your overall spending by different categories to help you with budgeting and financial planning.
The Financial Services and Pensions Ombudsman (FSPO) is the independent service that helps resolve complaints between customers and regulated financial services providers, including payment service providers.