diff --git a/BusinessModelDefinitions_October2015_W3C_Highlights.xlsx b/BusinessModelDefinitions_October2015_W3C_Highlights.xlsx deleted file mode 100755 index b6ef533..0000000 Binary files a/BusinessModelDefinitions_October2015_W3C_Highlights.xlsx and /dev/null differ diff --git a/Flow.Update.pptx b/Flow.Update.pptx deleted file mode 100644 index 48f721b..0000000 Binary files a/Flow.Update.pptx and /dev/null differ diff --git a/PSD2 about Payment Initiation 4 Feb 2016 b/PSD2 about Payment Initiation 4 Feb 2016 deleted file mode 100644 index 9b10a24..0000000 --- a/PSD2 about Payment Initiation 4 Feb 2016 +++ /dev/null @@ -1,3082 +0,0 @@ - - -
- - - - - - - - - - - - - - - - -What PSD2 says about Payment initiation
-services and Payment Initiation Service Providers (PISP).
Table
2. Some precisions about what is
- called "payment initiation services"
4. Capital constraints on Payment
- Initiation Service Providers are mitigated
5. No extra costs imposed to customers
- when using PISP
6. Same protections for the customers
8. The minimum data that the PISP must
- provide in the flow to the payee and payer are defined
10. The protection of the payee is
- included (irrevocability, defective transaction)
Reference: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32015L2366&from=FR
Page 58:
Definition
‘payment initiation service’ means a service to initiate a payment order
-at the request of the payment service user with respect to a payment account
-held at another payment service provider;
‘payment initiation service provider’
-means a payment service provider pursuing business activities as referred to in
-point (7) of Annex I;
(remark: this annex gives a list of what
-is called payment services, but does not detail the concept of ‘payment
-initiation service provider’)
Page 59:
‘sensitive
-payment data’ means data, including personalised security credentials which can
-be used to carry out fraud. For the activities of payment initiation service
-providers and account information service providers, the name of the account owner and the account number do not constitute
-sensitive payment data;
page 39:
…payment initiation services in the field of e-commerce have evolved.
-Those payment services play a part in e-commerce payments by establishing a software bridge between the website of the
-merchant and the online banking platform of the payer’s account servicing
-payment service provider in order to initiate internet payments on the basis of
-a credit transfer.
Payment
-initiation services enable the payment initiation service provider to provide
-comfort to a payee that the payment has been initiated in order to provide an
-incentive to the payee to release the goods or to deliver the service without
-undue delay. Such services offer a low-cost solution for both merchants and
-consumers and provide consumers with a possibility to shop online even if they
-do not possess payment cards. Since payment initiation services are currently
-not subject to Directive 2007/64/EC, they are not necessarily supervised by a
-competent authority and are not required to comply with Directive 2007/64/EC.
-This raises a series of legal issues, such as consumer protection, security and
-liability as well as competition and data protection issues, in particular
-regarding protection of the payment service users’ data in accordance with
-Union data protection rules. The new rules should
-therefore respond to those issues.
page 40:
Payment initiation service providers do
-not necessarily enter into a contractual relationship with the account
-servicing payment service providers and, regardless of the business model
-used by the payment initiation service providers, the account servicing payment
-service providers should make it
-possible for payment initiation service providers to rely on the authentication
-procedures provided by the account servicing payments service providers to
-initiate a specific payment on behalf of the payer.
When
-exclusively providing payment initiation services, the payment initiation
-service provider does not at any stage of the payment chain hold the user’s
-funds. When a payment initiation service provider
-intends to provide payment services in relation to which it holds user funds,
-it should obtain full authorisation for those services.
Payment
-initiation services are based on direct or indirect access for the payment
-initiation service provider to the payer’s account. An account servicing payment
-service provider which provides a mechanism for indirect access should also
-allow direct access for the payment initiation service providers.
Any
-payment service provider, including the account servicing payment service
-provider of the payment service user, should be able to offer payment
-initiation services.
Page 92:
Article
-66
Rules on
-access to payment account in the case of payment initiation services
1. Member States shall ensure that a payer
-has the right to make use of a payment initiation service provider to obtain
-payment services as referred to in point (7) of Annex I. The right to make use of a payment initiation service provider shall not
-apply where the payment account is not accessible online.
2. When
-the payer gives its explicit consent for a payment to be executed in accordance
-with Article 64, the account servicing
-payment service provider shall perform the actions specified in paragraph 4 of
-this Article in order to ensure the payer’s right to use the payment initiation
-service.
The
-payment initiation service provider shall:
(a) not
-hold at any time the payer’s funds in connection with the provision of the
-payment initiation service;
(b) ensure that the personalised security
-credentials of the payment service user are not, with the exception of the user
-and the issuer of the personalised security credentials, accessible to other
-parties and that they are transmitted by
-the payment initiation service provider through safe and efficient channels;
-
(c) ensure that any other information
-about the payment service user, obtained when providing payment initiation
-services, is only provided to the payee and only with the payment service
-user’s explicit consent;
(d) every time a payment is initiated, identify itself towards the account
-servicing payment service provider of the payer and communicate with the account servicing payment service provider, the
-payer and the payee in a secure way, in accordance with point (d) of
-Article 98(1);
(e) not store sensitive payment data of
-the payment service user;
(f) not request from the payment service
-user any data other than those necessary to provide the payment initiation
-service;
(g) not use, access or store any data for
-purposes other than for the provision of the payment initiation service as
-explicitly requested by the payer;
(h) not modify the amount, the payee or
-any other feature of the transaction.
The account servicing payment service provider
-shall:
(a) communicate
-securely with payment initiation service providers in accordance with point
-(d) of Article 98(1);EN L 337/92 Official Journal of the European
-Union 23.12.2015
(b) immediately after receipt of the
-payment order from a payment initiation service provider, provide or make available all information on the initiation of the
-payment transaction and all information accessible to the account servicing
-payment service provider regarding the execution of the payment transaction to
-the payment initiation service provider;
(c) treat payment orders transmitted through
-the services of a payment initiation service provider without any discrimination other than for objective reasons, in particular in terms of timing,
-priority or charges vis-à-vis payment orders transmitted directly by the payer.
The provision of payment initiation
-services shall not be dependent on the existence of a contractual relationship
-between the payment initiation service providers and the account servicing
-payment service providers for that purpose.
…
page 40:
Payment
-service providers that provide only
-payment initiation services should be considered to be of a medium risk with
-regard to the initial capital.
Payment
-initiation service providers and account information service providers, when
-exclusively providing those services, do not hold client funds. Accordingly, it would be disproportionate to impose own
-funds requirements on those new market players. Nevertheless, it is
-important that they be able to meet their liabilities in relation to their
-activities. They should therefore be required to hold either professional
-indemnity insurance or a comparable guarantee. EBA should
-develop guidelines in accordance with...
page 46:
Since the payment service provider’s
-request and the confirmation on the availability of the funds can be made
-through existing secure communication channels, technical procedures and infrastructure
-for communication between payment initiation service providers or account
-information service providers and account servicing payment service providers,
-while respecting the necessary security measures, there should be no additional costs for payment services providers
-or cardholders.
Page 47:
In order
-to ensure a high level of consumer protection, payers should always be entitled to address their claim to a refund to
-their account servicing payment service provider, even where a payment initiation service provider is involved in the
-payment transaction.
In the
-case of payment initiation services, rights and obligations of the payment
-service users and of the payment service providers involved should be
-appropriate to the service provided. Specifically, the allocation of liability
-between the payment service provider servicing the account and the payment
-initiation service provider involved in the transaction should compel them to take
-responsibility for the respective parts of the transaction that are under their
-control.
Page 51:
The
-payment initiation service providers and the account information service
-providers on the one hand and the account servicing payment service provider on
-the other, should observe the necessary data protection and security requirements
-established by, or referred to in, this Directive… EBA should also specify the
-requirements of common and open standards of communication to be implemented by
-all account servicing payment service providers that allow for the provision of
-online payment services. This means that those
-open standards should ensure the interoperability of different technological
-communication solutions. Those common and open standards should also ensure that the account servicing payment service provider is aware that
-he is being contacted by a payment initiation service provider or an account
-information service provider and not by the client itself.
The
-standards should also ensure that payment initiation service providers and
-account information service providers communicate with the account servicing
-payment service provider and with the customers involved in a secure manner. In developing those requirements, EBA should
-pay particular attention to the fact that the standards to be applied are to
-allow for the use of all common types of
-devices (such as computers, tablets and mobile phones) for carrying out
-different payment services.
Page 106:
Article
-97
Authentication
1. Member
-States shall ensure that a payment service provider applies strong customer authentication where the payer:
(a) accesses its payment account online;
(b) initiates an electronic payment
-transaction;
(c) carries out any action through a
-remote channel which may imply a risk of payment fraud or other abuses.
2. With
-regard to the initiation of electronic payment transactions as referred to in
-point (b) of paragraph 1, Member States shall ensure that, for electronic remote payment transactions, payment service providers
-apply strong customer authentication that includes elements which dynamically
-link the transaction to a specific amount and a specific payee.
3. With
-regard to paragraph 1, Member States shall ensure that payment service
-providers have in place adequate security
-measures to protect the confidentiality and integrity of payment service users’
-personalised security credentials.
4.
-Paragraphs 2 and 3 shall also apply where payments are initiated through a
-payment initiation service provider. Paragraphs 1 and 3 shall also apply when
-the information is requested through an account information service provider.
5. Member
-States shall ensure that the account servicing payment service provider allows
-the payment initiation service provider and the account information service
-provider to rely on the authentication procedures provided by the account
-servicing payment service provider to the payment service user in accordance
-with paragraphs 1 and 3 and, where the payment initiation service provider is
-involved, in accordance with paragraphs 1, 2 and 3.
Page 106:
Article
-98
Regulatory
-technical standards on authentication and communication
EBA shall, in close cooperation with the ECB and
-after consulting all relevant stakeholders, including those in the payment
-services market, reflecting all interests involved, develop draft regulatory
-technical standards addressed to payment service providers
…
(d) the
-requirements for common and secure open standards of communication for the
-purpose of identification, authentication, notification, and information, as
-well as for the implementation of security measures, between account servicing
-payment service providers, payment initiation service providers, account
-information service providers, payers, payees and other payment service
-providers.
Page 82:
Article
-46
Information
-for the payer and payee after the initiation of a payment order
In
-addition to the information and conditions specified in Article 45, where a
-payment order is initiated through a payment initiation service provider, the
-payment initiation service provider shall, immediately after initiation,
-provide or make available all of the
-following data to the payer and, where applicable, the payee:
(a) confirmation
-of the successful initiation of the payment order with the payer’s account
-servicing payment service provider;
(b) a reference
-enabling the payer and the payee to identify the payment transaction and, where
-appropriate, the payee to identify the payer, and any information transferred with the payment transaction;
(c) the amount of the payment transaction;
(d) where applicable, the amount of any charges payable to the
-payment initiation service provider for the transaction, and where applicable a breakdown of the amounts of such charges.
Page 83:
Article
-47
Information
-for payer’s account servicing payment service provider in the event of a
-payment initiation service
Where a
-payment order is initiated through a payment initiation service provider, it
-shall make available to the payer’s account servicing payment service provider
-the reference of the payment
-transaction.
Article
-48
Information
-for the payer after receipt of the payment order
Immediately
-after receipt of the payment order, the payer’s payment service provider shall
-provide the payer with or make available to the payer, in the same way as
-provided for in Article 44(1), all of the following data with regard to its own
-services:
(a) a reference
-enabling the payer to identify the payment transaction and, where appropriate,
-information relating to the payee;
(b) the amount of the payment transaction in the currency used in the
-payment order;
(c) the amount of any charges for the payment transaction payable by the
-payer and, where applicable, a breakdown of the amounts of such charges;
(d) where applicable, the exchange rate used in the payment
-transaction by the payer’s payment service provider or a reference thereto,
-when different from the rate provided in accordance with point (d) of Article
-45(1), and the amount of the payment
-transaction after that currency conversion;
Page 89:
Where a
-currency conversion service is offered prior to the initiation of the payment
-transaction and where that currency conversion service is offered at an ATM, at
-the point of sale or by the payee, the party offering the currency conversion
-service to the payer shall disclose to the payer all charges as well as the
-exchange rate to be used for converting the payment transaction.
Where,
-for the use of a given payment instrument, the payee requests a charge or
-offers a reduction, the payee shall inform
-the payer thereof prior to the initiation of the payment transaction.
Where,
-for the use of a given payment instrument, the payment service provider or
-another party involved in the transaction requests a charge, it shall inform
-the payment service user thereof prior to the initiation of the payment
-transaction.
Page 95
-and 96:
Article
-72
Evidence
-on authentication and execution of payment transactions
1. Member
-States shall require that, where a
-payment service user denies having authorised an executed payment
-transaction or claims that the payment transaction was not correctly executed, it is for the payment service provider to
-prove that the payment transaction was authenticated, accurately recorded,
-entered in the accounts and not affected by a technical breakdown or some other
-deficiency of the service provided by the payment service provider.
If the
-payment transaction is initiated through a payment initiation service provider,
-the burden shall be on the payment initiation service provider to prove that
-within its sphere of competence, the payment transaction was authenticated,
-accurately recorded and not affected
Where a payment service user denies having
-authorised an executed payment transaction, the use of a payment instrument recorded
-by the payment service provider, including the payment initiation service
-provider as appropriate, shall in itself
-not necessarily be sufficient to prove either that the payment transaction
-was authorised by the payer or that the payer acted fraudulently or failed with
-intent or gross negligence to fulfil one or more of the obligations under
-Article 69. The payment service
-provider, including, where appropriate, the payment initiation service provider,
-shall provide supporting evidence to prove fraud or gross negligence on
-part of the payment service user.
Page 96:
Article
-73
Payment
-service provider’s liability for unauthorised payment transactions
…
Where the
-payment transaction is initiated through a payment initiation service provider,
-the account servicing payment service
-provider shall refund immediately, and in any event no later than by the
-end of the following business day the
-amount of the unauthorised payment transaction and, where applicable,
-restore the debited payment account to the state in which it would have been
-had the unauthorised payment transaction not taken place.
If the payment initiation service provider
-is liable for the unauthorised payment transaction, it shall immediately
-compensate the account servicing payment service provider at its request for the losses incurred or
-sums paid as a result of the refund to the payer, including the amount of the
-unauthorised payment transaction.
Page 99:
Article
-79
Refusal
-of payment orders
Where all
-of the conditions set out in the payer’s framework contract are met, the
-payer’s account servicing payment service provider shall not refuse to execute an authorised payment order irrespective
-of whether the payment order is initiated by a payer, including through a
-payment initiation service provider, or by or through a payee, unless
-prohibited by other relevant Union or national law.
Page 99:
Article
-80
Irrevocability
-of a payment order
Where the
-payment transaction is initiated by a payment initiation service provider or by
-or through the payee, the payer shall
-not revoke the payment order after giving consent to the payment initiation
-service provider to initiate the payment transaction or after giving consent to
-execute the payment transaction to the payee.
Page 103:
Article
-90
Liability
-in the case of payment initiation services for non-execution, defective or late
-execution of payment transactions
1. Where
-a payment order is initiated by the payer through a payment initiation service
-provider, the account servicing payment service provider shall, without
-prejudice to Article 71 and Article 88(2) and (3), refund to the payer the amount of the non- executed or defective
-payment transaction and, where applicable, restore the debited payment
-account to the state in which it would have been had the defective payment
-transaction not taken place.
The burden shall be on the payment
-initiation service provider to prove that the payment order was received by the
-payer’s account servicing payment service provider in accordance with Article 78 and that
-within its sphere of competence the payment transaction was authenticated,
-accurately recorded and not affected by a technical breakdown or other
-deficiency linked to the non-execution, defective or late execution of the
-transaction.