Activities of Ashley FOX related to 2013/0264(COD)
Shadow reports (1)
REPORT on the proposal for a directive of the European Parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC PDF (661 KB) DOC (792 KB)
Amendments (66)
Amendment 131 #
Proposal for a directive
Recital 7
Recital 7
(7) In addition to the general measures to be taken at Member States’ level in Directive [pls insert number of NIS Directive after adoption], the security risks related to payment transactions should also be addressed at the level of the payment service providers. The security measures to be taken by the payment service providers need to be proportionate to the security risks concerned. A regular reporting mechanism should be established, so as to ensure payment services should provide the competent authorities on an annual regular basis with updated information on the assessment of their security risks and the (additional) measures that they have taken in response to these risks. Furthermore, in order to ensure that damages to other payment service providers and payment systems, such as a substantial disruption of a payment system and to users is kept to a minimum, it is essential that payment service providers have the obligation to report withinout undue delay major security incidents to the European Banking Authority.
Amendment 136 #
Proposal for a directive
Recital 9
Recital 9
Amendment 143 #
Proposal for a directive
Recital 12
Recital 12
(12) Feedback from the market shows that the payment activities covered by the limited network exception often comprise massive payment volumes and values and offer to consumers hundreds or thousands of different products and services, which does not fit the purpose of the limited network exemption as provided for in Directive 2007/64/EC. That implies greater risks and no legal protection for payment service users, in particular for consumers and clear disadvantages for regulated market actors. A more precise description of a limited network, in line with Directive 2009/110/EC, is necessary in order to limit those risks. A payment instrument should thus be considered to be used within such a limited network if it can be used only either for the purchase of goods and services infrom a specific storeprovider or chain of storeproviders, or for a limited range of goods or services, regardless of the geographical location of the point of sale. Such instruments could include the following, including their virtual equivalent: store cards, petrol cards, membership cards, public transport cards, ticketing, meal vouchers or vouchers for specific services, which are sometimes subject to a specific tax or labour legal framework designed to promote the use of such instruments to meet the objectives laid down in social legislation. Where such a specific-purpose instrument develops into a general purpose instrument, the exemption from the scope of this Directive should no longer apply. Instruments which can be used for purchases in stores of listed merchants should not be exempted from the scope of this Directive as such instruments are typically designed for a network of service providers which is continuously growing. The exemption should apply in combination with the obligation of potential payment service providers to notify activities falling within the scope of the definition of a limited network.
Amendment 148 #
Proposal for a directive
Recital 13
Recital 13
(13) Directive 2007/64/EC exempts from its scope certain payment transactions by means of telecom or information technology devices where the network operator not only acts as an intermediary for the delivery of digital goods and services through the device in question, but also adds value to these goods or services. In particular, this exemption allows for so called operator billing or direct to phone- bill purchases which, starting with ringing tones and premium SMS-services, contributes to the development of new business models based on low-value sale of digital content. Feedback from the market shows no evidence that this payment method, trusted by consumers as convenient for low threshold payments, has developed into a general payment intermediation service. However, due to the ambiguous wording of the current exemption, this rule has been implemented differently in Member States. This translates into lack of legal certainty for operators and consumers and has occasionally allowed other payment intermediation services to claim eligibility for the exemption of the application of Directive 2007/64/EC. It is therefore appropriate to narrow down the scope of the exemption in that Directive. The exemption should focus specifically on micro-payments for digital content, such asgoods and services, such as, for instance, ringtones, wallpapers, music, games, videos, or applications. The exemption should only apply to payment services when provided as ancillary services to electronic communications services (i.e. the payment service is an additional service offered by the provider of an electronic communications network or service, or its affiliate and does not constitute the core business of the operator concerned).
Amendment 152 #
Proposal for a directive
Recital 15
Recital 15
(15) Service providers seeking to benefit from an exemption under Directive 2007/64/EC often do not consult authorities on whether their activities are covered or exempted under that Directive but rely on their own assessments. It appears that some exemptions may have been used by payment service providers to redesign business models so that the payment activities offered would be outside the scope of that Directive. This may result in increased risks for payment service users and diverging conditions for payment service providers in the internal market. Service providers should therefore be obliged to notify certain activities to the competent authorities in particular in relation to the limited networks exemption in Article 3 (k), to ensure a homogenous interpretation of the rules throughout the internal market.
Amendment 155 #
Proposal for a directive
Recital 18
Recital 18
(18) Since the adoption of Directive 2007/64/EC new types of payment services have emerged, especially in the area of internet payments. In particular, third party payment service providers (hereinafter ‘TPPs’) have evolved, offering so-calledonline payment initiation services to consumers and merchants, often without entering into the possession of the funds to be transferred. Those services facilitate the e-commerce payments by establishing a software bridge between the website of e TPPs offer an alternative to card payments for bothe merchants and the online banking platform of the consumer in order to initiate internet payments on the basis of credit transfers or direct debits. The TPPs offer a low-cost alternative to card payments for both merchants and consumers and provide consumers a possibility to shop online even if they do not possess credit cardconsumers and provide consumers a possibility to shop online even if they do not possess payment cards. TPPs also represent important security challenges to the safeguarding of the integrity of payments and personal data made available to them by payers. However, as TPPs are currently not subject to Directive 2007/64/EC, they are not necessarily supervised by a competent authority and do not follow the requirements of Directive 2007/64/EC. This raises a series of legal issues, such as consumer protection, security and liability as well as competition and data protection issues. The new rules should therefore respond to those issueaddress all those challenges appropriately and ensure that TPPs operating in the Union are authorised or registered and supervised as payment institutions.
Amendment 167 #
Proposal for a directive
Recital 32
Recital 32
(32) While this Directive specifies the minimum set of powers competent authorities should have when supervising the compliance of payment institutions, these powers are to be exercised with respect to fundamental rights, including the right to privacy. For the exercise of those powers which may amount to serious interferences with the right to respect private and family life, home and communications, Member States should have in place adequate and effective safeguards against any abuse or arbitrariness, for instance, where appropriate through prior authorisation from the judicial authority of the Member State concerned.
Amendment 187 #
Proposal for a directive
Recital 52
Recital 52
(52) Rights and obligations of the payment service users and payment service providers should be appropriately adjusted to take account of the TPP involvement in the transaction whenever the payment initiation service is used. Specifically, a balanced liability repartition between the payment service provider servicing the account and the TPP involved in the transaction should compel them to take responsibility for the respective parts of the transaction that are under their control and clearly point to the responsible party in case of incidents. In case of fraud or dispute, tThe TPP should be under a specificthe obligation to provide the payer and the account servicing payment service provider with the reference of the transactions and the information of the authorisation relating to theall transaction concerneds.
Amendment 191 #
Proposal for a directive
Recital 54
Recital 54
(54) In the case of unauthorized payment transactions the payer should be refunded immediately the amount of the respective transaction. In order to prevent the payer from any disadvantages, the credit value date of the refund should not be later than the date when the respective amount has been debited. In order to provide an incentive for the payment service user to notify, without undue delay, the provider of any theft or loss of a payment instrument and thus to reduce the risk of unauthorised payment transactions, the user should be liable only for a very limited amount, unless the payment service user has acted fraudulently or with gross negligence. In this context an amount of EUR 50100, or national currency equivalent as determined by non-euro Member States, seems to be adequate in order to ensure a harmonized and a high level user protection within the Union. Moreover, once users have notified a payment service provider that their payment instrument may have been compromised, the users should not be required to cover any further losses stemming from unauthorised use of that instrument. This Directive should be without prejudice to the payment service providers’ responsibility for technical security of their own products.
Amendment 206 #
Proposal for a directive
Recital 68
Recital 68
(68) The payer’s payment service provider, being the account servicing payment service provider or, where involved, the TPP, should assume liability for correct payment execution, including, in particular the full amount of the payment transaction and execution time, and full responsibility for any failure by other parties in the payment chain up to the account of the payee. As a result of that liability the payment service provider of the payer should, where the full amount is not or only late credited to the payee’s payment service provider, correct the payment transaction or without undue delay refund to the payer the relevant amount of that transaction, without prejudice to any other claims which may be made in accordance with national law. Due to the payment service provider’s liability, the payer or payee should not be burdened with any costs related to the incorrect payment. In case of non-execution, defective or late execution of payment transactions, Member States should ensure that the value date of corrective payments of payment service providers is always the same as the value date in case of correct execution.
Amendment 215 #
Proposal for a directive
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Directive shall apply to payment services provided within the Union,. However, with the exception of Article 78, Titles III and IV shall apply only where both the payer’s payment service provider and the payee’s payment service provider are, or the sole payment service provider in the payment transaction is, located therein. Article 78 and Title III shall also apply to payment transactions where only one of the payment service providers is located within the Union, in respect to those parts of the payments transaction which are carried out in the Union.
Amendment 217 #
Proposal for a directive
Article 2 – paragraph 2
Article 2 – paragraph 2
2. Titles III shall apply to payment services in any currency. Titleand IV shall apply to payment services made in euro or the currency of a Member State outside the euro area.
Amendment 221 #
Proposal for a directive
Article 3 – paragraph 1 – point d
Article 3 – paragraph 1 – point d
(d) payment transactions consisting of the non-professional cash collection and delivery or its virtual equivalent within the framework of a non- profit or charitable activity;
Amendment 226 #
Proposal for a directive
Article 3 – paragraph 1 – point j
Article 3 – paragraph 1 – point j
(j) services provided by technical service providers, which support the provision of payment services, without them entering at any time into possession of the funds to be transferred, including processing and storage of data, trust and privacy protection services, data and entity authentication, information technology (IT) and communication network and secure channels provision, provision and maintenance of terminals and device, devices and applications used for payment services, with the exclusion ofexcept where they also involve payment initiation services and account information services;
Amendment 231 #
Proposal for a directive
Article 3 – paragraph 1 – point k
Article 3 – paragraph 1 – point k
(k) services based on specific instruments that are designed to address precise needs that can be used only in a limited way, because they allow the specific instrument holder to acquire goods or services only in in the premises of the issuer or within a limited network of service providers under direct commercial agreement with a professionaln issuer or because they can be used only to acquire a limited range of goods or services;
Amendment 235 #
Proposal for a directive
Article 3 – paragraph 1 – point l
Article 3 – paragraph 1 – point l
(l) payment transactions carried out by a provider of electronic communication networks or services that are ancillary to the core business of the provider, where the transaction is provided for a subscriber to the network or service and for the purchase of digital content as ancillary services to electronic communicationsgoods or services, regardless of the device used for the purchase or consumption of the contentgood or service, provided that the value of any single payment transaction does not exceed EUR 50 and[XXX] and either: - the cumulative value of payment transactions does not exceed EUR 200[XXX] in any billing month or - where a subscriber pre-funds their account with the provider of electronic communication services, the cumulative value of payment transactions does not exceed EUR [XXX] in any billing month;
Amendment 245 #
Proposal for a directive
Article 4 – paragraph 1 – point 11
Article 4 – paragraph 1 – point 11
11. ‘third party payment service provider’ means a payment service provider pursuing business activities referred to in point 7 of Annex I. The third party payment provider shall not be considered a payment service user when acting on behalf of a payment user;
Amendment 246 #
Proposal for a directive
Article 4 – paragraph 1 – point 18
Article 4 – paragraph 1 – point 18
18. ‘payment order’ means any instruction by a payer or payee to his payment servicethe account servicing payment service provider whether initiated directly or via a third party payment provider requesting the execution of a payment transaction;
Amendment 250 #
Proposal for a directive
Article 4 – paragraph 1 – point 21
Article 4 – paragraph 1 – point 21
21. ‘authentication’ means a procedure which allows the payment service provider to verify the identity of a uservalidity of a specific payment instrument, including the use of its personalised security featurecredentials or the checking of personalised identity documents;
Amendment 253 #
Proposal for a directive
Article 4 – paragraph 1 – point 22
Article 4 – paragraph 1 – point 22
22. ‘strong customer authentication’ means a procedure forto verify the validation of the identification of a natural or legal personity of a payment instrument based on the use of two or more elements categorised as knowledge, possession and inherence of the holder that are independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data. This definition shall be in line with the ECB Eurosystem’s recommendations for the security of internet payments under the ‘SecuRePay’ forum.
Amendment 263 #
Proposal for a directive
Article 4 – paragraph 1 – point 32
Article 4 – paragraph 1 – point 32
32. ‘payment initiation service’ means a payment service enabling access to a payment account provided by a third party payment service providservice based on a funds check by a third party payment service provider upon request and express consent by the payer, where the payer can beis actively involved in the payment initiation, either directly or therough third party payment service provider’s software, or where payment instruments can be used by the payer or the payee to transmit the payer’s credentials to the account servicing payment service provider;
Amendment 270 #
Proposal for a directive
Article 4 – paragraph 1 – point 33
Article 4 – paragraph 1 – point 33
33. ‘account information service’ means a payment service where consolidated and user-friendlyaggregated information is provided to aat the request of the payment service user on the current balance of one or several payment accounts held by the payment service user with one or several account servicing payment service providers;
Amendment 274 #
Proposal for a directive
Article 4 – paragraph 1 – point 38 a (new)
Article 4 – paragraph 1 – point 38 a (new)
38a. ‘personalised security credentials’ means the information – generally confidential – provided by a customer or PSP for the purposes of authentication. Credentials can also mean the physical tool containing the information (e.g. one- time-password generator, smart card), or something the user memorises or represents (such as biometric characteristics);
Amendment 280 #
Proposal for a directive
Article 5 – paragraph 1 – point g
Article 5 – paragraph 1 – point g
(g) a description of the process in place to monitor, track and restrict access to sensitive payment data, and logical and physical critical resources;
Amendment 281 #
Proposal for a directive
Article 5 – paragraph 1 – point k
Article 5 – paragraph 1 – point k
(k) a description of the internal control mechanisms which the applicant has established in order to comply wifor payment institutions subject to the obligations in relation to money laundering and terrorist financing under Directive 2005/60/EC of the European Parliament and of the Council45 and Regulation (EC) No 1781/2006 of the European Parliament and of the Council a description of the internal control mechanisms which the applicant has established in order to comply with those obligations46; __________________ 45 Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (OJ L 309, 25.11.2005, p.15) 46 Regulation (EC) No 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds (OJ L 345, 8.12.2006, p.1).
Amendment 285 #
Proposal for a directive
Article 9 – paragraph 1 – introductory part
Article 9 – paragraph 1 – introductory part
1. The Member States or competent authorities shall require a payment institution which provides any payment services and, insofar as it at the same time is engaged in other business activities referred tolisted in Annex 1 including those listed in Article 17(1)(c) to safeguard all funds which have been received from the payment service users or through another payment service provider for the execution of payment transactions, in either of the following ways:
Amendment 290 #
Proposal for a directive
Article 12 – paragraph 1 – introductory part
Article 12 – paragraph 1 – introductory part
1. The competent authorities may withdraw an authorisation issued to a payment institution only where the institution falls within the following cases:
Amendment 291 #
Proposal for a directive
Article 12 – paragraph 1 – point d
Article 12 – paragraph 1 – point d
(d) would constitute a threat to the stability of or the trust in the payment system by continuing its payment services business; or
Amendment 293 #
Proposal for a directive
Article 17 – paragraph 2
Article 17 – paragraph 2
2. When payment institutions engage in the provision of one or more of the payment services, they may hold only payment accounts and safeguarding accounts used exclusively for payment transactions. Member States shall ensure that access to those payment accounts is proportionate. For payment institutions and their agents to be able to provide payment services, they require access to payment accounts. Member States shall ensure that the rules on access of payment institutions to payment and safeguarding accounts shall be objective, non-discriminatory and proportionate and that those rules do not inhibit access more than is necessary to protect against specific risks such as the risk of the conditions established by Chapter II of Directive 2005/60 not being satisfied.
Amendment 306 #
Proposal for a directive
Article 27 – paragraph 1 a (new)
Article 27 – paragraph 1 a (new)
1a. The natural or legal person does not intend to provide the services listed under point 7 of Annex 1
Amendment 313 #
Proposal for a directive
Article 30 – paragraph 2 – subparagraph 1
Article 30 – paragraph 2 – subparagraph 1
Member States shall require that, before taking up an activity referred to in Article 3(k) for which the voalume of payment transactions calculated in accordance with Article 27(1)(a) exceeds the threshold referred to therein, service providers notify their intention to the competent authorities and submit a request for recognition as a limited network.
Amendment 324 #
Proposal for a directive
Article 39 – paragraph 1 – point a
Article 39 – paragraph 1 – point a
(a) a confirmation of the successful initiation of the payment order with the payer’s account servicing payment service provider;
Amendment 325 #
Proposal for a directive
Article 39 – paragraph 1 – point d
Article 39 – paragraph 1 – point d
(d) where applicable, the amount of any charges for the payment transaction and, where applicable, a breakdown thereofpayable to the third party payment provider for the payment transaction, such charges to be individually itemised.
Amendment 327 #
Proposal for a directive
Article 39 – paragraph 1 a (new)
Article 39 – paragraph 1 a (new)
In line with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the consent of the payer should be required to make these data available to the payee.
Amendment 329 #
Proposal for a directive
Article 40
Article 40
Where a payment order is initiated by the third party payment service provider’s own system, it shall in case of fraud or dispute, it shall make available to the payer and the account servicing payment service provider the reference of the transactions and the authorisation information.
Amendment 337 #
Proposal for a directive
Article 45 – paragraph 1 – point 6 – point a
Article 45 – paragraph 1 – point 6 – point a
(a) if agreed, information that the payment service user will be deemed to have accepted changes in the conditions in accordance with Article 47, unless he notifies the payment service provider that he does not accept them before the date of their proposed date of entry into force, such notification being ineffective where the change is clearly and unambiguously more favourable to payment service users;
Amendment 367 #
Proposal for a directive
Article 55 – paragraph 3
Article 55 – paragraph 3
3. The payment service provider shall not prevent the payee from requesting from the payer a charge, offering him a reduction or otherwise steering him towards the use of a given payment instrument. Aelectronic or non-electronic payment instrument. However, where Article 19 of Directive 2011/83/EU of the European Parliament and the Council of 25 October 2011 does not apply any charges applied shall, however, not exceed the costs borne by the payee for the use the specific payment instrument.
Amendment 382 #
Proposal for a directive
Article 57 – paragraph 2 – subparagraph 1
Article 57 – paragraph 2 – subparagraph 1
Consent to execute a payment transaction or a series of payment transactions shall be given in the form agreed between the payer and the payment service provider. Consent may also be given directly or indirectly via the payee. Consent to execute a payment transaction shall also be considered given where the payer authorises a third party payment service provider to initiate the payment transaction with the account servicing payment service provider.
Amendment 390 #
Proposal for a directive
Article 58 – paragraph 1
Article 58 – paragraph 1
1. Member States shall ensure that a payer has the right to make use of a, provided that he holds a payment account that can be accessed via online banking, has the right to make use of an authorised third party payment service provider, pursuant an agreement between the payer and the third party payment service provider to obtain payment services enabling access to payment accounts as referred to in point (7) of Annex I.
Amendment 405 #
Proposal for a directive
Article 58 – paragraph 2 – point b
Article 58 – paragraph 2 – point b
(b) to authenticate itself in an unequivocal manner towards the account servicing payment service provider(s) of the account owner according to agreed procedures and standards.
Amendment 407 #
Proposal for a directive
Article 58 – paragraph 2 – point c
Article 58 – paragraph 2 – point c
(c) not to store sensitive payment data or personalised security credentials of the payment service user for the purposes of this provision.
Amendment 412 #
Proposal for a directive
Article 58 – paragraph 2 a (new)
Article 58 – paragraph 2 a (new)
2a. EBA shall, in close cooperation with the ECB and the European Retail Payments Board (ERPB), develop the procedures and standards referred to in Art. 58.2(b) to be complied with for the secure authentication of third party payment service providers, the communications between the third party payment service provider and the account servicing provider, and the transmission to the account service payment service provider of the consent of the payer.
Amendment 417 #
Proposal for a directive
Article 58 – paragraph 4
Article 58 – paragraph 4
4. Account servicing payment service providers shall treat payment orders transmitted through the services of a third party payment service provider without any discrimination for other than objective reasons, in particular in terms of timing and priority vis- à-vis payment orders transmitted directly by the payer himself. This is without prejudice to controls to be performed by account servicing payment service providers objectively justified by the particularities of these transactions.
Amendment 423 #
Proposal for a directive
Article 59
Article 59
Access to and use of payment account information by third party payment instrument issuers 1. Member States shall ensure that a payer has the right to make use of a third party payment instrument issuer to obtain payment card services. 2. If the payer has given consent to a third party payment instrument issuer which has provided the payer with a payment instrument to obtain information on the availability of sufficient funds for a specified payment transaction on a specified payment account held by the payer, the account servicing payment service provider of the specified payment account shall provide such information to the third party payment instrument issuer immediately upon receipt of the payer's payment order. 3. Account servicing payment service providers shall treat payment orders transmitted through the services of a third party payment instrument issuer without any discrimination for other than objective reasons in terms of timing and priority in respect of payment orders transmitted directly by the payer personally.rticle 59 deleted
Amendment 441 #
Proposal for a directive
Article 63 – paragraph 1
Article 63 – paragraph 1
1. The payment service user shall obtain rectification from the account servicing, or, if involved, the third party payment service provider only if he notifies the payment service provider without undue delay on becoming aware of any unauthorised or incorrectly executed payment transactions giving rise to a claim, including that under Article 80, and no later than 13 months after the debit date, unless, where applicable, the payment service provider has failed to provide or make available the information on that payment transaction in accordance with Title III.
Amendment 442 #
Proposal for a directive
Article 63 – paragraph 2
Article 63 – paragraph 2
Amendment 447 #
Proposal for a directive
Article 64 – paragraph 1 – subparagraph 1
Article 64 – paragraph 1 – subparagraph 1
Member States shall require that, where a payment service user denies having authorised an executed payment transaction or claims that the payment transaction was not correctly executed, it is for the payment service provider and, if involved and as appropriate, the third party payment service provider, to prove that the payment transaction was authenticated, accurately recorded, entered in the accounts and not affected by a technical breakdown or some other deficiency.
Amendment 458 #
Proposal for a directive
Article 65 – paragraph 1
Article 65 – paragraph 1
1. Member States shall ensure that, without prejudice to Article 63, in the case of an unauthorised payment transaction, the payer's payment service provider refunds to the payer immediatwithout undue delay the amount of the unauthorised payment transaction and, where applicable, restores the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place. This shall also ensure that the credit value date for the payer's payment account shall be no later than the date the amount had been debited.
Amendment 462 #
Proposal for a directive
Article 65 – paragraph 2
Article 65 – paragraph 2
2. Where the unauthorised payment transaction is originated by a payment order transmitted by a third party payment service provider is involved, the account servicing payment service provider shall inform the payer accordingly and the third party payment provider shall without undue delay refund the amount of the unauthorised payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place. Financial compensation to the account servicing payment service provider by the third party payment service provider may be applicable.
Amendment 467 #
Proposal for a directive
Article 66 – paragraph 1 – subparagraph 1
Article 66 – paragraph 1 – subparagraph 1
By way of derogation from Article 65 the payer may be obliged to bear the losses relating to any unauthorised payment transactions, up to a maximum of EUR 50100 or national currency equivalent as determined by non-Euro Member States, resulting from the use of a lost or stolen payment instrument or from the misappropriation of a payment instrument.
Amendment 495 #
Proposal for a directive
Article 67 – paragraph 1 – subparagraph 4
Article 67 – paragraph 1 – subparagraph 4
For direct debits the payer has an unconditional right for refund within the time limits set in Article 68, except where the payee has already fulfilled the contractual obligations and the services have. The payment service provider and the payment service user may algready been receivede on an exclusion orf the goods have already been consumed by the payer. At the payment service provider's request, the payee shall bear the burden to prove that the conditions referred to in the third subparagraphrefund right provided that the absence of the refund right is clearly mentioned in a specific mandate under a payment scheme which does not provide for the right to a refund.
Amendment 502 #
Proposal for a directive
Article 68 – paragraph 1
Article 68 – paragraph 1
1. Member States shall ensure that the payer can request the refund referred to in Article 67 of an authorised payment transaction initiated by or through a payee for a period of at least eight weeks from the date on which the funds were debited.
Amendment 512 #
Proposal for a directive
Article 73 – paragraph 2
Article 73 – paragraph 2
2. This Section shall apply to other payment transactions, unless otherwise agreed between the payment service user and the payment service provider, with the exception of Article 78, which is not at the disposal of the parties. However, when the payment service user and the payment service provider agree on a longer period than those laid down in Article 74, for intra-Union payment transactions such period shall not exceed 4 business days, or such time as permitted by other legal obligations covered by national and Union law, following the point in time of receipt in accordance with Article 69.
Amendment 514 #
Proposal for a directive
Article 74 – paragraph 1
Article 74 – paragraph 1
1. Member States shall require the payer's payment service provider to ensure that, after the point in time of receipt in accordance with Article 69, the amount of the payment transaction is credited to the payee's payment service provider's account at the latest by the end of the next business day. Theseis periods may be extended by a further business day for paper-initiated payment transactions.
Amendment 528 #
Proposal for a directive
Article 84 – paragraph 1
Article 84 – paragraph 1
Amendment 535 #
Proposal for a directive
Article 85 – paragraph 1
Article 85 – paragraph 1
1. Payment service providers are subject to Directive [NIS Directive] [OP please insert number of Directive once adopted] and notably to the risk management and incident reporting requirements in Articles 14 and 15 thereinshall establish a framework with appropriate mitigation measures and control mechanisms to manage the operational risks, including security risks, relating to the payment services they provide. As part of that framework payment service providers shall establish and maintain effective incident management procedures, including the classification of major incidents.
Amendment 536 #
Proposal for a directive
Article 85 – paragraph 2
Article 85 – paragraph 2
2. The authority designated under ArtPayment servicle 6(1) of Directive [NIS Directive] [OP please insert number of Directive once adopted] shall without undue delay inform the competent authority in the home Member State and EBA of the notifications of NIS incidents received fromproviders shall without undue delay notify any major operational incident, including security incidents, to the competent authority in the home Member State of the payment services providers.
Amendment 537 #
Proposal for a directive
Article 85 – paragraph 2 a (new)
Article 85 – paragraph 2 a (new)
2a. Upon the receipt of the notification, the competent authority in the home Member State shall assess the relevance of the incident for competent authorities of other Member States, and, based on that assessment, shall share the relevant details (if any) of the incident notification with EBA and the ECB.
Amendment 546 #
Proposal for a directive
Article 85 a (new)
Article 85 a (new)
Article 85a Upon the receipt of the notification, the competent authority in the home Member State shall assess the relevance of the incident for competent authorities of other Member States, and, based on that assessment, shall share the relevant details (if any) of the incident notification with EBA and the ECB.
Amendment 547 #
Proposal for a directive
Article 86 – paragraph 1
Article 86 – paragraph 1
1. Member States shall ensure that payment service providers provide to the authority designated under Article 6(1) of Directive [NIS Directive] [OP please insert number of Directive once adopted]competent authority on a yearly basis updated information of the assessment of the operational and security risks associated with the payment services they provide and on the adequacy of the mitigation measures and control mechanisms implemented in response to these risks. The authority designated under Article 6(1) of Directive [NIS Directive] [OP please insert number of Directive once adopted] shall without undue delay transmit a copy of this information to the competent authority in the home Member State.
Amendment 549 #
Proposal for a directive
Article 86 – paragraph 2
Article 86 – paragraph 2
2. Without prejudice to Articles 14 and 15 of Directive [NIS Directive] [OP please insert number of Directive once adopted], EBA shall, in close cooperation with the ECB, develop guidelines with regard to the establishment, implementation and monitoring of the security measures, including certification processes when relevant. It shall, inter alia, take into account the standards and/or specifications published by the Commission under Article 16(2) of Directive [NIS Directive] [OP please insert number of Directive once adopted] as well as the ECB Eurosystem's recommendations for the security of internet payments under the "SecuRePay" forum.
Amendment 554 #
Proposal for a directive
Article 86 – paragraph 4
Article 86 – paragraph 4
4. Without prejudice to Articles 14 and 15 of Directive [NIS Directive] [OP please insert number of Directive once adopted], EBA shall issue guidelines to facilitate payment service providers in qualifying major incidents and the circumstances under which a payment institution is required to notify a security incident. Those guidelines shall be issued by (insert date - two years of the date of entry into force of this Directive)EBA shall coordinate the sharing of information in the area of operational and security risks associated with payment services with the competent authorities the ECB, the competent authorities under the [NIS] Directive and, where relevant, with ENISA.
Amendment 558 #
Proposal for a directive
Article 87 – paragraph 1
Article 87 – paragraph 1
1. Member States shall ensure that a payment service provider applies strong customer authentication when the payer initiates an electronic payment transaction unless EBA guidelines allow specific exemptions based on the risk involved in the provided payment service. This also applies to a third party payment service provider when initiating a payment transaction on behalf of the payer. The account servicing payment service provider shall allow the third party payment service provider to rely on the authentication methods of the former when acting on behalf of the payment service user.
Amendment 562 #
Proposal for a directive
Article 87 – paragraph 3
Article 87 – paragraph 3
3. EBA shall, in close cooperation with the ECB, in particular with respect to the ECB Eurosystem's recommendations for the security of internet payments under the "SecuRePay" forum, issue guidelines addressed to payment service providers as set out in Article 1(1) of this Directive in accordance with Article 16 of Regulation (EU) No 1093/2010 on state of the art customer authentication and any exemption to the use of strong customer authentication. Those guidelines shall be issued by (insert date - two years from the date of entry into force of this Directive) and be updated on a regular basis as appropriate.
Amendment 566 #
Proposal for a directive
Article 88 – paragraph 1
Article 88 – paragraph 1
1. Member States shall ensure that procedures are set up which allow payment service users and other interested parties, including consumer associations, to submit complaints to the competent authorities or ADR authorities with regard to payment service providers' alleged infringements of this Directive.
Amendment 571 #
Proposal for a directive
Article 90 – paragraph 4
Article 90 – paragraph 4
4. The information referred to in paragraph 23 shall be mentioned in an easily, directly, prominently and permanently accessible way on the website of the payment service provider, where one exists, in the general terms and conditions of the contract between the payment service provider and the payment service user and in invoices and receipts relating to such contracts. It shall specify how further information on the out-of-court redress entity concerned and on the conditions for using it can be accessed clear, comprehensible and easily accessible way on the trader's website, where one exists and if applicable in the general terms and conditions of the contract of sales or service contracts between the trader and a consumer.