WG-REQ-1516 Word-to-A4-PPT-portrait PSD3 IMPACTS-STAGE-3 PRINT3mmBLEED - Flipbook - Page 21
HL | PSD3 Impacts
What is the impact?
The Parliament9s proposals for impersonation
fraud and the deadline for making a claim to an
ASPSP, will increase considerably the liability
which ASPSP9s are exposed to.
Corporate banks will not be unaffected by these
changes and will need to implement
introduction confirmation of payee services.
The corporate opt out at least enables such
banks to reduce the time period in which a
customer can make a claim, however this will
need to be agreed with existing customers.
Other liability changes
Art 58 3 69
The proposed PSR introduces liability for
technical service providers and payment system
operators for failure to provide the services they
are under contract for regarding support of SCA
that results in loss to payee, PSP payee or payer.
It also introduces obligations on ecommunication service providers to co-operate
closely with payment service providers and act
swiftly to ensure that appropriate organizational
and technical measures are in place to safeguard
the security and confidentiality of
communications in accordance with Directive
2002/58/EC, including with regard to calling
line identification and electronic mail address.
The EP Text goes further in trying to bring tech
companies within reach:
§ requiring electronic communication service
providers to be subject to similar customer
education/customer/alert/notice
requirements as PSPs in relation to
online scams;
§ imposing fraud prevention obligations across
the entire fraud chain to have appropriate
organisational and technical measures are in
place to safeguard the security of payments
users when making transactions; and
§ providing that PSPs, electronic
communication service providers and digital
platform service providers will have in place
fraud prevention and mitigation techniques
to fight all fraud types (non-authorised and
authorised push payment fraud).
In either case 3 it isn9t clear how such liability
could be imposed on parties not authorised
under PSD3.
We expect both ASPSPs and tech platforms will
want to engage to come up with an industry
approach to addressing this issue 3 the former to
ensure they are not solely on the hook for frauds
that emerge and are disseminated through social
media, the latter to ensure the resulting regime
is both constructive and workable for them.
21
