Online payment legislation and guidelines in Europe

The popularity of eCommerce has imposed needs for adapted regulations in this field. The high incidences of hacks and fraud in the past year serve as evidence that merchants and customers need legal guidance and support. The European Commission has therefore been establishing important regulations and guidelines in this regard.

The Second Payment Services Directive (PSD2), which comes into force in January 2018, will bring some substantial changes in the way payments are processed. It aims to boost competition, bring innovation to online payments services, increase standards of customer protection and impose closer communication between all the parties involved in processing payments online. The changes from the previous directive concern mostly new standards for payments to be processed and the use of Application Programming Interfaces (APIs) to narrow the gap among customers, retailers and banks.

Payment companies also should prepare for the new General Data Protection Regulations (GDPR), also taking effect next year. One of the new implementations is that customers will need to consent to their personal information being used for marketing purposes.

In 2015, the European Banking Authority (EBA) published an Assessment Guide for the Security of Internet Payments in hope of offering reliable guidelines primarily for payment providers regarding online payment procedures. One of the key recommendations is the implementation of “two-factor authentication” for customers when registering cards and performing card transfers and payments. The two-factor authentication is a combination of some information the user knows, such as a password; information they have, like a token; or alternatively a piece of biometric information.

A second important guideline for merchants is transparency for customers on their websites. Customers should be able to distinguish clearly when they are on the merchants website or when they have passed to the payment provider to pay for the goods bought.

Additionally, the European Commission has recently published a press release about the “Digital Single Market” (DSM) strategy, which will ensure that Europeans who buy or subscribe to online content services are able to access it when they travel in other European countries. The new portability measure will mainly benefit consumers in the EU: online platforms by enabling them to provide cross-border services without the need to acquire licences from other territories, and right holders, who will be able to rely on strong safeguards protecting their rights.