Interpretations of PSD2 in C-287/19 DenizBank AG

On November 11^th the CJEU delivered a judgment in C-287/19 DenizBank AG v Verein für Konsumenteninformation on the interpretation of  Directive 2015/2366 on Payment Services (PSD2).

The facts

VKI an Austrian consumer protection organization brought proceeding for a prohibitory injunction infront of Handelsgericht Wien asking the court to prohibit DenizBank from using several clauses in their standard terms with consumers on grounds that they are null and void. The validity of these clauses were questions in relation to the card’s NFC (Near Field Communication) functionality that enables customers to use contactless payment for low value transactions. The case provided an opportunity to the CJEU to provide interpretation on several aspects of PSD2.

Validity of tacit consent to contract variation

With the first question the Austrian Supreme Court asked whether Article 52(6)(a) of Directive 2015/2366, read in conjunction with Article 54(1), should be interpreted to mean that the payment service providers may agree with the payment service users (who are in this case also consumers) in the framework contract to include a presumption that when the conditions laid down in the contract are satisfied, the payment service users tacitly consented to contract variation.

The CJEU reminded that the tacit consent that is provided for and thus agreed between the parties in advance at the point of contract conclusion of the framework contract is only valid if the change in terms and conditions is of minor importance to the contract. The court emphasized that in case of changing any of the essential terms that would result in a new contract, tacit consent would not be enough. Although the CJEU does not specify, it might be important to note that a framework contract here should be the contract that provides the card, in case of debit cards, this would be the bank account.

The CJEU confirmed that the provision indeed provide for a freedom of payment service providers and users to include these kind of clauses into their contracts, because PSD2 does not lay down restrictions regarding the status of the user or the type of contractual terms that may be the subject of such tacit consent. In principle therefore the validity of tacit consent could not be ruled out. However, in transactions with consumers, the clause should also be subject to an independent review under the Directive 1993/13/EC on unfair terms and may thus be removed from the contract for being unfair.

Meaning of a ‘payment instrument’

With the second question the referring national court asked for clarifying meaning of payment instrument in Article 4(14). More specifically, whether the NFC functionality of personalised multifunctional bank cards by means of which low-value payments are debited from the bank account associated with that card constitutes a ‘payment instrument’.

Under Article 4(14) a ‘payment instrument’ is ‘a personalised device(s) and/or set of procedures agreed between the payment service user and the payment service provider and used in order to initiate a payment order’.

According to the CJEU, the NFC functionality of a multifunctional bank card associated with a specific bank account does not constitute a ‘personalised device’, since the use of that function, in itself, does not allow the payment service provider to verify that the payment order was initiated by a user authorised for that purpose, unlike the other functions of that card which require the use of personalised security data, such as a PIN code or a signature. However, the NFC functionality is capable of constituting, in itself, a non-personalised ‘set of procedures’, within the definition and can thus be considered a ‘payment instrument’ for the purposes of the application of PDS2.

Meaning of ‘anonymous’ use

Further on, the CJEU also had an opportunity in this case to interpret the meaning of ‘anonymous’ within Article 63(1)(b), specifically, whether contactless low-value payment using the NFC functionality of a personalised multifunctional bank card constitutes ‘anonymous’ use of the payment instrument.

Article 63 allows for contracting parties to agree to several important derogations from the protective framework of PDS2 for low value  individual payment transactions not exceeding EUR 30 or which either have a spending limit of EUR 150, or store funds which do not exceed EUR 150 at any time. These include derogation from Article 72 which requires the provider to prove the authentication and execution of payment transactions; from Article 73 which establishes the principle that the service provider is liable for unauthorised payment transactions; and from Article 74(1) and (3) which enables the parties to confer some responsibility for unauthorised payments on the payer for up to EUR 50. These derogations are only possible under Article 63(1)(b) where ‘the payment instrument is used anonymously’ or where ‘the payment service provider is not in a position for other reasons which are intrinsic to the payment instrument to prove that a payment transaction was authorised’.

The CJEU held that despite the facts that the card itself is personalized, connected to a bank account of a particular customer, the use of the NFC functionality for the purpose of making low-value payments constitutes ‘anonymous’ use, within the meaning of Article 63(1)(b). The payment service provider is objectively unable to identify the person who paid using that functionality and thus unable to verify, or even prove, that the transaction was duly authorised by the account holder.

Consequently, contactless low-value payment using the NFC functionality of a personalised multifunctional bank card constitutes ‘anonymous’ use of the payment instrument in question, within the meaning of Article 63(1)(b).

The ways to prove impossibility to block or prevention of future use of payment instrument

Article 63(1)(a) allows the payment service provider and the user to agree on further derogations from the protecting framework of PDS2, that is, from Article 69(1)(b) which requires the user to inform the provider without delay of the loss, theft, misappropriation or any unauthorised use of the payment instrument concerned; from Article 70(1)(c) and (d) of which requires the provider to make available to the user means to make that notification free of charge or to request unblocking of that instrument; and from Article 74(3) which relieves the payer, except where he or she has acted fraudulently, from the financial consequences of any use of the lost, stolen or misappropriated instrument that takes place after that notification.
These derogations are possible to achieve if the payment instrument does not allow its blocking or prevention of its further use. So the question infront of the CJEU was whether payment service providers may simply declare that it is impossible to block the payment instrument concerned or to prevent its continued use, where, in the light of the objective state of available technical knowledge, that impossibility cannot be established.

The CJEU concluded that this is not the case. The ‘payment service provider wishing to exercise the option provided for in Article 63(1)(a) … may not, in order to relieve itself from its own obligations, simply state, in the framework contract relating to the payment instrument concerned, that it is unable to block that instrument or to prevent its further use. That service provider must establish, with the burden of proof being on that provider in the event of a dispute, that that instrument in no way allows, on account of technical reasons, its blocking or prevention of its further use. If the court hearing those proceedings considers that it would have been physically possible to carry out such blocking or to prevent such use, having regard to the objective state of available technical knowledge, but that the provider did not make use of that knowledge, Article 63(1)(a) may not be applied to the benefit of that provider’ (para 98).

Strong customer authentication and secure communication in payment services

Following the entry into force of the revised Directive 2015/2366 on Payment Services (PSD2), the European Banking Authority (EBA) is mandated to deliver several Regulatory Technical Standards (RTS) and Guidelines by January 2017. These should set out the details of the more general standards laid down in the Directive in order to secure their consistent application throughout the EU. EBA's RTS are therefore important for the smooth functioning of the single market for payment services.

As the first step, and before developing the full RTS, EBA has recently published a Discussion Paper on strong customer authentication and secure communication. The Discussion Paper specifies the requirements of strong customer authentication; the  exemptions to the application of these requirements; requirements to protect the payment service users' personalized security credentials; requirements for common and secure open standards of communication; and security measures between the various types of payment service providers.

BEUC has submitted a number of useful comments on the Discussion Paper. For example, BEUC has recommended the RTS should also consider that a good level of consumer protection in payment services is provided through an adequate combination of preventive and curative measures. Providing for a simple and unconditional refund policy in case of  unauthorized, fraudulent or disputed payment transactions is crucial for raising consumers' confidence in using payment services. It is also important that consumers' data are secure and that in case of data breaches effective redress mechanisms are in place. Finally, the requirements of strong customer authentication and the RTS should extend to mail orders and telephone orders. See for more recommendations and the full text of BEUC's response here.

European Parliament's last stands

Last week, the European Parliament voted in its plenary session on a few proposals that are important for consumers and their fate needs to be set prior to the end of term of the current Parliament. Let us take a short look at the results of last week's session:

Roaming fees and open access internet

In the first reading on the new Telecoms package, the European Parliament consolidated work conducted so far and is ready to give a further go at it to the new Parliament after the elections (see previously: MEPs say NO to roaming and YES to open internet). The package not only aims at abolishing roaming charges in Europe as of December 2015, but also at prohibiting internet access providers from blocking or slowing down selected services ensuring more net neutrality. (Ensure open access for internet service suppliers and ban roaming fees, say MEPs)

Clinical trials

We have previously mentioned on this blog the need for ascertaining more transparency of clinical trials' data, so that it could be more thoroughly tested and so that its' results could be subjected to more academic, objective scrutiny (see e.g. Who's keeping the score?...). This would increase patients' safety. On 2nd of April the European Parliament voted for a new proposal amending the existing Clinical Trials Directive. Pharma companies and academic researchers will now have to post the results of all their European clinical trials in a publicly-accessible database. The new law is also supposed to facilitate easier cross-border cooperation, which is expected to enable bigger, more reliable trials. The European Commission will be authorized to do the checks of reporting procedures, which themselves are simplified. (Clinical trials: clearer rules, better protection for patients) The proposal has already informally been agreed with by the Council so it should not take long to adopt it as law. This new proposal is welcomed by the European Ombudsman who often had to deal with complaints that citizens were refused access to clinical trials data (Clinical trials vote is a triumph for transparency in EU healthcare).

Medical devices

The MEPs voted in the first reading on the proposal for a new Regulation on medical devices in order to consolidate the existing various projects of that law and pass it on to the new Parliament. (see our previous post: New European rules on medical devices) We discussed the need for this law previously, mentioning the scandals with faulty breast implants, for example. New provisions are to enforce stricter monitoring and certification procedures of medical devices, therefore, increasing consumer safety. (Medical devices: better controls and traceability to ensure patients' safety)

Consumer payments

The European Parliament adopted also last week the proposal to cap bank fees for processing consumers' payments in the EU (at 0.3% of the transaction value for credit card transactions and at a maximum of seven euro for debit cards). (MEPs push for card payment fee caps and online payment safeguards) The caps will apply to both domestic and cross-border transactions and in time should lead to lower prices for card users. They will enter into force one year upon this law's adoption. Moreover, the MEPs decided to strengthen online payment safeguards by, among others, introducing a uniform set of information that would clearly state all charges, execution times, contact information and exchange rates. Unauthorized payment will need to be refunded within 24 hours of their being noticed. Consumers should not bear losses of illegal use of their stolen or lost cards above €50. (see our previous post: Money, money, money...)

Payments secured

Yesterday it was announced that the European Central Bank supports the new European directive on payment services in the internal market. (see our previous post: Paying your dues - a new package on Payment Services and BEUC's opinion thereon: Money, money, money...) The legal opinion of the ECB will be published shortly in the Official Journal of the European Union, but in the meantime the press release makes it clear that the ECB supports the broadening of the services' list to include payment initiation services (where a third party provider initiates a payment at the request of the payer, e.g. in online purchases) and account information services (providing consolidated information on different accounts, also in different banks, to allow better overview of the client's financial situation). The ECB suggests some improvements that could enhance the security of these new services and boost competition on the market. One of the developments that are encouraged is the creation of a common European standard for safe authentication of consumers. (ECB supports new European directive for electronic payments)

Testing significant imbalance in unfair contract terms - CJEU in Constructora Principado C-226/12

16 January 2014: CJEU judgment in Constructora Principado (case C-226/12)

Mr Álvarez purchased a dwelling and his contract put the responsibility of paying various surcharges on him: the municipality tax on the increase in value of urban land, price of connecting the property to various utilities, etc. Upon having paid these surcharges, the consumer claimed that he should be reimbursed since the clause in the contract that obliged him to pay this money was unfair, creating significant imbalance in the rights and obligations of the parties. The consumer claimed that by law it was the seller who was obligated to pay these surcharges and therefore the contract clause was unfair by switching that default. The seller claimed that there was no imbalance if the amount of surcharges were compared to the amount of the purchase price.

The CJEU was asked to determine here whether obliging consumers to pay for expenses that by law need to be borne by the sellers is sufficient to determine significant imbalance in the unfairness test or whether all circumstances of the case needed to be taken into account, i.e., whether 'such a term have a significant economic impact having regard to the value of the transaction in question'. (Par. 17) The CJEU reminds its test from the Aziz case: to determine significant imbalance the court needs to look as to what rules would apply in the absence of a parties' agreement and whether through that analysis consumer may be seen as having been placed in an unfavourable position in comparison. (Par. 21) The court should not, therefore, limit its assessment to the 'quantitative economic evaluation based on a comparison between the total value of the transaction which is the subject of the contract and the costs charged to the consumer under that clause'. (Par. 22) Moreover, the significant imbalance may solely result from a 'sufficiently serious impairment of the legal situation' of a consumer through the contractual provision denying him his legal rights or limiting their enforcement. (Par. 23) While the CJEU leaves it, as usual, to the national court to ascertain whether there was an unfair contract term in this situation, it points out pretty specific directions as to how to evaluate whether the consumer could be required to pay this tax and other surcharges:

"As regards, in particular, the first obligation imposed on the consumer by clause 13 of the contract, namely, payment of the capital gains tax, it is apparent from the documents submitted to the Court that that obligation has the effect of transferring to the consumer, in his capacity as a purchaser, a tax liability which, under the applicable national legislation, should be borne by the seller in its capacity as vendor and as the recipient of an economic advantage that is subject to taxation, namely, the capital gain made as a result of the increase in value of the property sold. Thus, it appears that, while the seller benefits from the increase in the value of the property it is selling, the consumer must pay not only a purchase price that includes the increase in value achieved by that property, but also a tax charged on that increase in value. Furthermore, according to the written observations submitted to the Court by Mr Menéndez Álvarez, the amount of that tax was unknown at the date on which the contract was concluded and is to be determined only ex post by the relevant authority; if that is the case, this could lead to uncertainty on the part of the consumer as to the extent of the commitment undertaken." (Par. 26)

"As regards the second obligation imposed on the consumer by clause 13 of the contract, namely, payment of the charges for individual connection to the various utilities, such as water, gas, electrical power, and drainage, it is for the referring court to ascertain whether those charges include the costs of connecting with the general facilities essential for ensuring that the dwelling is habitable, which charges should, according to the relevant national rules, be borne by the vendor as part of its contractual obligation to provide a dwelling that is fit for its intended purpose, that is to say, in a proper habitable state. If that is the case, it is for the referring court to assess whether that contractual term, in so far as it restricts the rights which, under the rules of national law, the consumer enjoys under the contract and imposes on him an additional obligation not envisaged by those rules, constitutes a sufficiently serious impairment of the legal situation which national law confers on that consumer as a party to the contract." (Par. 28)

Interestingly, the CJEU requires the courts to check whether in exchange for taking the responsibility to pay these surcharges the consumer may not have acquired a discount on the sale price. It is, however, not sufficient that a contractual provision that has not been individually negotiated indicates that. The seller needs to present additional proof thereof. (Par. 29)

Heigh-Ho Heigh-Ho, It´s Off To Work We Go!

Best wishes for 2014! That being said it is time to leave behind the holidays' spirit and to update our dear readers on what is going on currently in Brussels. Not much, that's the good news for anyone who took a bit of a break - you didn't miss much. However, just before Christmas on the 20th of December the European Council agreed its position on two relevant for consumer protection draft laws.

 

The first one, concerns a draft directive that is to improve the transparency and comparability of information on fees related to payment accounts. (see our previous post Money, money, money...) Upon the Council establishing its position it will now be time to negotiate this directive's provisions with the Parliament. (Council sets out its position on payment accounts)

 

The second measure is a draft regulation to facilitate and speed up the authorisation procedure of clinical trials. The goal of the EU is to encourage more clinical trials (the number thereof decreased by 25% between 2007 and 2011) while at the same time not giving up the necessary standard of patients safety. The timeline for authorisation of clinical trials is to be set at 60 days, with a tacit agreement having been given if no decision is taken within this time (! - I wonder how this is going to play out if/when the administrative bodies will be overloadedCouncil confirms agreement on clinical trials)

). When a clinical trial requires a substantial modification the decision about it will need to be taken in 49 days (again with tacit agreement rule). One single application will suffice to conduct clinical trials in different Member States. The next step in the adoption of these rules lies with the European Parliament. (

Money, money, money – BEUC on recent EU proposals related to consumer payments

On 18 November the Economic and Monetary Affairs Committee of the European Parliament voted on the Commission’s proposal regarding bank accounts. The new rules aim to increase bank fees´ transparency, facilitate switching between bank accounts and make opening of a basic bank account simpler and affordable for anyone (currently 10% Europeans do not have a bank account). BEUC in its press releases criticizes certain developments with regard to the proposal: suspension of a rule that would create a system for automatic redirection  of payments from the former to the new account; Member States will need to harmonize terminology for only 10 services linked to a bank account and not all of them, which will not serve the aim of assuring full transparency. (Bank account plans: Timid steps towards more transparency)

 

This week BEUC evaluated two new Commission’s proposals that intend to increase consumer protection on the financial services market. First, the proposal for a Regulation on interchange fees for card-based payment transactions was positively evaluated by BEUC, even if they argue that it should remain a minimum harmonization area, so that the Member States are allowed to protect consumers more (by reducing the interchange fee caps, e.g., below the suggested 0,2% or 0,3% level). BEUC expresses also its preference for an EU-wide ban on surcharges. It argues also for the choice to be left to consumers as to what payment brand they want to use at the point of sale. The consumer should also be able to decide freely whether or not he needs two or more different payment brands on his card, telecommunication or IT device, etc. In general, the new framework would be a positive development for consumers potentially limiting the monopoly of two credit card companies that dominate the payments market in the EU (Mastercard and Visa), often prevailing over national debit cards that are cheaper to use for consumers and merchants in comparison to international cards.

 

Second, the proposal for the new Payment Services Directive was assessed by BEUC. BEUC again argues here for these rules to have a minimum harmonization standard, so that the Member States could maintain stricter rules they already have in favor of consumer protection. Electronic money should fall within the scope of payment services regulated by the Directive. The EU-wide ban on surcharges is required by BEUC also with respect to these rules, since surcharges are perceived as having failed in steering consumers towards more efficient and cheaper means of payment. The payment service providers should refund any unauthorized transactions from the consumers’ accounts on the same day they have become aware thereof (currently the obligation of ‘immediate’ refund is interpreted differently across the EU) and consumers should be granted an unconditional refund right for direct debit transactions. This would give consumers control over his direct debit payments and provide easy redress instruments in case of fraudulent payments or undelivered goods/services. In order to protect consumers against payment frauds and incidents thereof should be reported regularly to national and European authorities.

 

See BEUC's website for more detailed assessment.

Paying your dues - a new package on Payment Services

On July 24, the European Commission published a new, revised version of the Payment Services Directive as well as a proposal for a Regulation on interchange fees for card-based payment transactions. This package is supposed to update and harmonise the existing Payment Service Directive from 2007. The role of the PSD is to increase competition among payment institutions, thereby offering more payment choices to consumers. Consumers are also supposed to benefit from these measures due to more attention being given to transparency of payment services to consumers (better information on fees, e.g.), as well as enforcement of consumer rights (e.g., refund rights, liability of payment institutions). 

The new PSD2 takes into account certain new types of payment services, such as internet payments where consumers are often enabled to pay instantly for their online shopping without the need to use a credit card (interestingly, still ca 60% of EU population does not possess a credit card - FAQ), but instead paying directly to the online trader through the payer's online banking module, e.g., iDeal in the Netherlands, Sofort in Germany, Trustly in Scandinavia. Such providers would fall under the EU rules upon the adoption of the revision of the PSD.

The mentioned Regulation would also contribute to better consumer protection by taking away a possibility of the traders to surcharge consumers for using their payment cards.The interchange fee levels will be capped at 0.2% and 0.3% for debit and credit cards which is below the level of interchange fees in most Member States currently. This cap could result also in lowered retail prices. (New rules on Payment Services for the benefit of consumers and retailers)

Additionally, the new rules would strengthen consumer protection against fraud by capping the maximum amount of payment that consumers could be obliged to pay in case of an unauthorised payment from 150 to 50 Euro. Consumers would also be granted an unconditional refund right, even when a payment would be under dispute, unless the trader had already fulfilled his contractual obligations and the goods have been consumed.

The European Commission advises readers to keep apart the previously discussed proposal for a Directive on Payment Accounts from the PSD2 (Proposal for a new Directive on Payment Accounts). While the PSD2 targets fee transparency, aiming at consumers' awareness of full terms and conditions linked to payment services (e.g., possibilities of refund, execution of payment), Payment Accounts Directive focuses on core services linked to a payment account, e.g., the annual fee for a debit or credit card, but also separate aspects of payments services and fees. Honestly, to me the difference does not sound that obvious and I wonder why are these two instruments kept separate.

The proposal will now have to be accepted by the Parliament and by the Council.

Proposal for a new Directive on Payment Accounts

We haven't had a chance yet to mention the new proposed Directive on Payment Accounts that is a response to the last year's results of public consultation on bank accounts (How to improve banking services). The Directive deals with three issues: comparability of payment account fees, payment account switching and access to payment accounts. We have discussed these issues fully in our previous post (see the above-mentioned link) but let's shortly discuss the measures introduced in the proposal. 

The new Directive would oblige all payment service providers to provide consumers with the same (minimum) set of documents: a fee information document on the most common services provided and the fees charged for each of them; a statement of fees charged during the previous twelve months for the services provided on the payment account; a glossary of terms used in relation to payment accounts (upon request). The increase in transparency would occur due to the usage of standardised forms and terminology, which should enable consumers to better compare various offers. Additionally, the new Directive would require Member States to set up at least one independent comparison website that would give consumers information on the fees charged by different payment service providers in the given Member State.

A smoother switching process for consumers who want to move their bank accounts from one service provider to another is another goal of the proposed Directive.  Therefore, firstly, consumers should be informed of such possibilities by their payment service providers. The consumer would be able to request his service provider to transfer all or some of the recurring payment orders (credit transfers, direct debits) to a new provider, and it would be up to the provider to organize it, free of charge, within 15 days (30 days if the switch is between different MS) - limiting the administrative burden of the consumer. This could be combined with the transfer of the remaining balance on the old account and its closure.

Finally, the new rules would allow consumers in Europe to open a basic payment account in any Member State, even if they are not residents of that Member State and regardless of their personal financial situation. At least one payment service provider in a Member State should provide an opportunity to open such a basic payment account (with a possibility of withdrawals, bank transfers and a debit card) to anyone who applied for it. Credit facilities would not constitute a part of such an account. (Commission acts to make bank accounts cheaper, more transparent and accessible to all + FAQ)