From September 14, 2019, payment service providers based in Germany will be allowed to process online credit card payments without strong customer authentication for the time being. The Federal Financial Supervisory Authority will not initially object to this. The aim is to prevent disruptions to online payments and enable a smooth transition to the new requirements of the Second Payment Services Directive, PSD 2 for short.
From September 14, 2019, strong customer authentication will be required for online payments. This is intended to make shopping on the Internet more secure. For credit card payments, it is no longer enough to enter only the credit card number and check number. Customers must also provide a transaction number that was previously sent to their mobile phone, for example, and a password.
According to BaFin’ s assessment, the card-issuing payment service providers in Germany are prepared for the new requirements. The situation is different for companies that use credit card payments on the Internet as payment recipients. They still require considerable adjustment. To ensure that consumers and companies can still pay online by credit card, BaFin will temporarily not insist on strong customer authentication for online credit payments. The European Banking Authority had given this possibility to the national supervisors. The level of security that is already customary for Internet payments remains. Civil liability regulations, for example between the credit card holder and the payment service provider, remain unaffected by the measure, so that consumers and other payers on the Internet are not disadvantaged.
The facilitations are temporary. BaFin will determine when they expire after consulting the market participants and coordinating with the EBA and the national European supervisory authorities. In the meantime, BaFin expects all parties involved to adapt their infrastructures as quickly as possible so that they enable strong customer authentication in the cases provided for by law. Concrete migration plans must be drawn up for this purpose. The simplifications relate exclusively to credit card payments on the Internet.
PSD 2 obliges payment service providers to carry out strong customer authentication from September 14, 2019 when the payer initiates an electronic payment transaction. The requirements apply throughout the European Union.
Strong customer authentication uses two independent elements. These must come from two of the three categories of knowledge, possession and inherience. Examples include a password (knowledge), a mobile phone (possession), or a personal fingerprint (inherence).
The requirements for strong customer authentication also apply to credit card payments on the Internet. The usual authentication via the entry of credit card number and check digit does not meet the new requirements. On the contrary, two additional elements from the above categories must also be used here. Exceptions to the new requirements are narrowly limited and concern, for example, certain small amounts payments.
Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.
Introduction: In a recent ruling, the Court of Appeal in Berlin declared the price adjustment clause in Netflix's General Terms...
Read moreDetails
Suppliers of modern technologies and products in particular must always be up to date with regard to current case law...
Read moreDetails
Confernation The "Right to be Forgotten I" decision published today, which is complemented by the "Right to be Forgotten II"...
Read moreDetails
Why startups and the self-employed should not use AI-generated contracts As an IT lawyer, I advise start-ups, self-employed people and...
Read moreDetails
Summary With today's decision, the Higher Regional Court of Frankfurt am Main has prohibited an influencer and YouTuber from presenting...
Read moreDetails
The Frankfurt am Main Regional Court has issued a very exciting ruling on the question of whether a German gambler...
Read moreDetails
Introduction: what are tokens and what are they used for? Tokens are a digital type of currency used to conduct...
Read moreDetails
Some online services offer a fiduciary process for your business model when customers interact with each other. This is also...
Read moreDetails
The Federal Constitutional Court has restricted the possibility of conducting court proceedings via Internet chat. What sounds absurd at first...
Read moreDetailsPrivate accounts on ChatGPT & Co. for corporate purposes are a gateway to data protection breaches, leaks of secrets and...
Read moreDetails
This insightful podcast episode takes an in-depth look at the startup and innovation landscape in Germany and Europe. The discussion...
Read moreDetails
In this video, I talk a bit about transparent billing and how I communicate what it costs to work with...
Read moreDetails
