The European Commission (EC) revealed the latest draft Payment Services Directive (PSD2) rules, which are designed to strengthen security for online and mobile transactions across the economic bloc.
Its new regulations – which still have to be debated and ratified by all three legislative bodies of the EU – provide new rules for finance companies including stricter guidelines on the data required to complete a transaction.
If PSD2 is passed in its current form, some payments and cash transfers made through mobile handsets will need to be verified using either a biometric feature or password, in a bid to cut down on fraud.
There are a number of exemptions, for example in contactless payments of “small amounts” covering transport services and parking. In these use cases, the EC said collecting additional information would greatly hamper the convenience of the system.
Providers of an exempt service must still prove they have “developed ways of assessing the risks of transactions and can identify fraudulent transactions.”
Valdis Dombrovskis, VP for financial stability, financial services and the capital markets union at the EC (pictured) said: “These new rules will guide all market players, old and new, to offer better payment services to consumers while ensuring their security.”
The new regulations also place new obligations on banks, fintech players and other payment companies to develop strong communication channels to cut fraud.
Recommendations will now be presented to the European Parliament and European Council and then debated with the EC. The process is expected to take around three months with providers given 18 months after publication of the final rules to comply.