From September 14 the second European directive on payment services, the so-called PSD2, is operational in Italy, which introduces a series of innovations with the aim of promoting an even more innovative, competitive and safe payment market for citizens. In particular, this last piece of the directive intervenes to further strengthen the authentication process and the security factors necessary to access the current account and arrange online transactions.
But what is "strong authentication" and how do online payments change with PSD2? To explain it to bank customers, who in recent weeks have had to replace some traditional tokens with technically capable tools to ensure compliance with the new rules, the ABI together with seventeen consumer associations has developed a brief guide to the latest news of the directive.
The infographic, already available to all banks thanks to the circular letter sent by the Banking Association, is now also available online on the ABI websites ( ) and of ACU, Adiconsum, Adoc, Altroconsumo, Asso-Consum, Assoutenti, Casa del Consumatore, Cittadinanzattiva, Codacons, Confconsumatori, Consumer Protection Center for Users, Federconsumatori, Lega Consumatori, Movimento Consumatori, Movimento Difesa del Cittadino, U.Di.Con , A C.
Here, in summary, are the main contents of the Abi-consumers guide.
More security with strong authentication
With the PSD2 an even more secure authentication system is introduced: in order to access your online account or make a payment by bank transfer or card, in fact, the account holder must use at least two of the following three security factors:
- KNOWLEDGE - something that only the user knows, for example the password or the Pin;
- POSSESSION - something that only the user has, for example a smartphone or a key / token;
- INHERENCE something that distinguishes the user, for example his fingerprint or other biometric data.
For online payments, arranged via internet or mobile, an additional element is added to these factors, namely a unique code that links the relative amount and the beneficiary to each transaction.
Each bank provides its customers with information on which security factors to use. For their part, customers have the task of carefully guarding payment instruments, as well as their mobile phones and any other means used to do the operations.
Only small payments, recurring payments or those sent to trusted users specified by the user and parking and transportation payments are not covered by the new PSD2 rules. In fact, the use of only one safety factor is sufficient for these.
While in terms of access to the account and online payments the news are already operational, for paper purchases made on the web the directive provides for a gradual transition to the new security rules.
New payment services arrive
The PSD2 regulates new payment services, useful to those who work and buy through the internet.
The holders of online accounts, in fact, can give banks or payment institutions - authorized by the Bank of Italy or another competent European Authority - the consent to access their account through dedicated channels, to acquire information on balance, transactions and reports, to manage some services on behalf of the owners.
In particular, the directive provides that banks or payment institutions, if expressly authorized by the account holders, can offer:
- DEVICE SERVICES - i.e. the initiation of online payments on behalf of users.
- INFORMATION SERVICES - which provide aggregate information of one or more online accounts, also held at different banks and allow the user to have an updated financial situation in a single environment (for example an APP).
- FUND AVAILABILITY CONFIRMATION SERVICES - in the event that the user has a debit card issued by an institution other than the one with which he has the account.
Before allowing access to your data, it is very important to pay the utmost attention and be clear about which services and for what data the authorization is issued. The bank where you have the account, in fact, cannot make any checks in this regard.
Unauthorized payments reimbursed in 24 hours and deductible reduced to 50 euro
Another novelty introduced by the PSD2 is the reimbursement of unauthorized payments, made for example with lost or stolen tools, within the business day following the customer notification. This also applies if the transaction is performed through an institution other than your own. Finally, with regard to unauthorized transactions, the maximum excess charged to the user is reduced, passing from 150 to 50 euro.