Please note that all my articles are for informational purposes only and not legal advice. I assume no liability for the content of my articles. The articles may be out of date, the legal situation may have changed, or the specific situation in a case may need to be assessed differently. A binding consultation can only be given by me directly in the individual case. Take advantage of my free brief consultation!
BaFin will not object if payment service providers based in Germany execute card payments on the Internet until December 31, 2020, even without strong customer authentication as required under PSD2.
The background to this is the opinion issued by the EuropeanBanking Authority ( EBA) on October 16, in which it recommends this deadline to national supervisory authorities. In addition, the EBA sets milestones for the payment service providers involved and defines data to be reported, which the supervisor can use to monitor progress until all relevant PSD2 requirements are fully implemented. BaFin also incorporates these milestones into its supervisory practice.
On August 21, 2019, BaFin had already informed about the facilitation of customer authentication, but had not yet specified a deadline. The facilitations also apply to online payments with debit cards or prepaid cards. Card-issuing payment service providers that already offer their card customers a PSD2-compliant authentication method should not switch it off again.
Marian Härtel is a lawyer and entrepreneur specializing in copyright law, competition law and IT/IP law, with a focus on games, esports, media and blockchain.