Within the payment system there is always a chance that a payment will not be executed or will be executed incorrectly or that unauthorized transactions will take place. The PSD1 already stipulates that if third parties are used to place a payment order, the liability for the incorrect transaction lies with this payment service provider.
Third payment service provider, called PISP (Payment Initiation Service Provider)
The PSD2 has built on this, among other things by formalizing the role of a third-party payment service provider (the ‘PISP’). It has been stated that if the third payment service provider is responsible for the incorrect execution of the payment transaction, the PISP must immediately and fully compensate the account manager (the ‘Account Servicing PSP’), unless the PISP can prove that the AS PSP has received the correct payment order. The consumer thus remains free of any user risk. It should be noted, however, that if the payer himself has acted fraudulently or negligently, the liability is still placed with the payer. The payment service provider (the ‘PSP’), or if applicable the PISP, must provide additional evidence to this effect.
Because not all organizations involved in payment processes that are actually covered by the PSD2 (for example, exempt telecom providers), the ‘exempt’ services also opted for a stronger limitation of the maximum liability for consumers, as well as for limiting the type services to which the exemption applies. The exemption only applies to the purchase of digital content and the value of a single payment transaction may not exceed €50. The cumulative value of the payment transactions may not exceed €300 per billing month.
The liability of the consumer has also been changed with regard to the loss or theft of a payment instrument (for example a bank card). The maximum amount has been reduced to €50 and the consumer is now also exempt from liability if the loss, theft or unauthorized use could not have been determined by the payer before a payment was made.
Finally, the PSD2 states that the payer is not liable for any loss if the PSP does not require strong customer authentication for a payment, provided that the payer has not committed any fraud. This has consequences, for example, for payments via a smartphone or tablet with only a pin code to a beneficiary that is not in the list of trusted beneficiaries. There is no strong authentication here and therefore any damage will always have to be fully reimbursed by the bank.
> 5. Additional requirements for payment institutions