TPPs access to account servicing PSPs (the TPP access rules)

(Note: the below is a high level review of certain potential issues and is not to be relied upon in any definitive manner nor as legal and/or regulatory advice).

PSD2 | Third Party Payment Service Provider right of access to customer payment account information held with other PSPs – the TPP access rules

What is the proposal?

The Commission has proposed that third party payment service provider (TPPs) are allowed access to and the use of information on the availability of funds on a payment service user account held with another payment service provider.

Why is it being introduced?

To allow the development of other payment service providers which do not receive funds similar to deposits.

Why is this important?

  • Account servicing payment service providers will be required to allow access to their systems to TPPs.

Comments 

  • While PSD2 looks to set out criteria to allow the access by TPPs with account based payment service providers, it is likely to be unwelcomed by account service providers on the basis that they will not want their systems opened to other players who could very well be competitors. TPPs will however, see this as a means of leveling the competitive playing field.
  • It is still to be finalised the extent to which such access can be granted and if the account servicing provider can require certain contractual protections.
  • Further increased compliance costs and product work ahead for payment service providers.

Key draft provisions

Commission Proposal (24 July 2013)  EU Parliament (3 April 2014) Council composite text (1 December 2014) ‘Final’ compromise text 2 June 2015
Article 58
Access to and use of payment account information by third party payment service provider(1) Member States shall ensure that a payer has the right to make use of a third party payment service provider to obtain payment services enabling access to payment accounts as referred to in point (7) of Annex I.		 (1) Member States shall ensure that a payer, provided that the payer holds a payment account that can be accessed via online banking, has the right to make use of an authorised third party payment serviceprovider, to obtain payment servicesenabling access to payment accounts as referred to in point (7) of Annex I. Member States shall ensure that a payer has the right to make use of an authorised third party payment instrument issuer to obtain payment instrument enabling paymenttransactions. (1) Member States shall ensure that a payer has the right to make use of a payment initiation
service provider to obtain payment services as referred to in point (7) of Annex I. The right
to make use of a payment initiation service provider shall not apply where the payment
account is not accessible online.

 

 Article 58

 

Rules on access to payment account in case of payment initiation services

 

1. Member States shall ensure that a payer has the right to make use of a payment initiation service provider to obtain payment services as referred to in point (7) of Annex I. The right to make use of a payment initiation service provider shall not apply where the payment account is not accessible online.

 

 
  New: 58(1)(a)1a. The account servicing payment service provider shall not deny access under this Article to the third-party payment service provider or to the third-party payment instrument issuer when it has been authorised to carry out a specific payment on behalf of the payer provided that thepayer gives its consent in accordance with Article 57 in an express manner. New 58(1)(a)When the payer gives its explicit consent for a payment to be executed in accordance with
article 57, the account servicing payment service provider shall perform actions specified
in paragraph 2 in order to ensure the payer’s right to use the payment initiation service.1b.
The payment initiation service provider shall have the following obligations:(aa) not to hold at any time the payer’s funds in connection with the provision of the
payment initiation service;

(a) to ensure that any information about the payment service user, obtained when
providing payment initiation services, is not accessible to other parties;

(b) every time a payment is initiated, to authenticate itself towards the account servicing
payment service provider of the account owner and communicate with the account
servicing payment service provider, the payer and the payee in a secure way, in
accordance with Article 87a, paragraph 1,(d);

(d) not to store sensitive payment data of the payment service user and not to request from
the payment service user any data other than those necessary to initiate the payment;

(e) not to use, access and store any data for purposes other than for performing the
payment initiation service explicitly requested by the payer;

(f) not to modify the amount, the recipient or any other feature of the transaction.

 1a. When the payer gives its explicit consent for a payment to be executed in accordance with article 57, the account servicing payment service provider shall perform actions specified in paragraph 2 in order to ensure the payer’s right to use the payment initiation service.

 

1b. The payment initiation service provider shall have the following obligations:

 

(-a) not to hold at any time the payer’s funds in connection with the provision of the payment initiation service;

 

(a) to ensure that the personalised security credentials of the payment service user, are not, with the exception of the user and the issuer of the personalized credentials, accessible to other parties and that they are transmitted by the payment initiation service provider through safe and efficient channels;

 

(aa) to ensure that any other information about the payment service user, obtained when providing payment initiation services, is only provided to the payee and only with the payment service user’s explicit consent;

 

(b) every time a payment is initiated, to identify itself towards the account servicing payment service provider of the account owner and communicate with the account servicing payment service provider, the payer and the payee in a secure way, in accordance with Article 87a, paragraph 1(d);

 

(d) not to store sensitive payment data of the payment service user

 

(da) not to request from the payment service user any data other than those necessary to provide the payment initiation service ;

 

 

(e) not to use, access and store any data for purposes other than for the provision of the payment initiation service as explicitly requested by the payer;

 

 

(f) not to modify the amount, the recipient or any other feature of the transaction.

 

 

 

 

 

 
   New 58 (3)(a)3a. Where the payer has given consent to a third-party payment instrument issuer which has provided the payer with a payment instrument to obtain information on the availability of sufficient funds for a specified payment transaction on a specified payment account held by the payer, the account servicing payment service provider of the specified payment account shall provide such information tothe third party payment instrument issuer immediately upon receipt of the payer’s payment order. The information on the availability of sufficient funds should consist in a simple ‘yes’ or ‘no’ answerand not in a statement of the account balance, in accordance with Directive 95/46/EC. 2. The account servicing payment service provider shall:(a) provide facilities to securely communicate with payment initiation service providers in
accordance with Article 87a, paragraph 1,(d);

(b) immediately after the receipt of the payment order from a payment initiation service
provider provide information on the initiation of the payment transaction to the
payment initiation service provider and

(c) treat payment orders transmitted through the services of a payment initiation service
provider without any discrimination, in particular in terms of timing, priority or
charges vis-à-vis payment orders transmitted directly by the payer himself, unless
objectively justified.

 

 2. The account servicing payment service provider shall:

 

(a) securely communicate with payment initiation service providers in accordance with

Article 87a, paragraph 1(d);

 

(b) immediately after the receipt of the payment order from a payment initiation service

provider provide or make available all information on the initiation of the payment

transaction and all information accessible to the account servicing payment service

provider regarding the execution of the payment transaction to the payment initiation

service provider;

 

(c) treat payment orders transmitted through the services of a payment initiation service provider without any discrimination for other than objective reasons, in particular in terms of timing, priority or charges vis-à-vis payment orders transmitted directly by the payer himself

 

4a. The provision of payment initiation services shall not be made dependent on the existence of a contractual relationship between the payment initiation service providers and the account servicing payment service providers for that purpose.

 

 
      Article 59

 

Rules on access to and use of payment account information in case of account information services

 
      1. Member States shall ensure that a payment service user has the right to make use of

services enabling access to payment account information as referred to in point 8 of Annex

I. The right shall not apply where the payment account is not accessible online;
      2. The account information service provider shall have the following obligations:

 

(a) to provide services only based on the payment service user’s explicit consent;

 
      (aa) to ensure that the personalised security credentials of the payment service user, are not, with the exception of the user and the issuer of the personalized credentials, accessible to other parties and that when they are transmitted by the account information service provider, this is done through safe and efficient channels;

 
      (b) for each communication session, identify itself towards the account servicing payment service provider(s) of the payment service user and securely communicate with the account servicing payment service provider(s) and the payment service user, in accordance with Article 87a, paragraph 1(d);

 
      (d) to access only the information from designated payment accounts and associated payment transactions;

 
      (e) not to request sensitive payment data linked to the payment accounts;
      (f) not to use, access and store any data for purposes other than for performing the

account information service explicitly requested by the payment service user, in

accordance with data protection rules.
      3. The account servicing payment service provider, in relation to payment accounts, shall:

 
      (a) securely communicate with the account information service providers, in accordance with Article 87a, paragraph 1(d) and

 
      (b) treat data requests transmitted through the services of an account information service provider without any discrimination for other than objective reasons .

 
      3a. The provision of account information services shall not be made dependent on the existence of a contractual relationship between the account information service providers and the account servicing payment service providers for that purpose.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *