Image: Adobe Stock
The accord covers two major legislative texts: the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3).
The European Parliament and the Council have reached a political agreement on sweeping reforms of the EU’s payment services framework.
The aim is to deliver stronger safeguards against fraud, clearer fee structures, and a fairer competitive environment for banks and non-bank providers.
The accord covers two major legislative texts: the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3). Together, they mark the most significant overhaul of EU payment rules since the adoption of PSD2 in 2015.
Negotiators announced the deal on Thursday (Nov. 27) morning, highlighting its focus on reducing online fraud, improving data security, guaranteeing continued access to cash, and creating a more open financial ecosystem. The move comes amid a rapid surge in digital payments across Europe, which has intensified calls for tougher consumer protection and clearer oversight of new market entrants such as fintech firms and technical service providers.
Rapporteur René Repasi said, “Consumers will benefit from new harmonized rules on the payment services regulation. Mandatory fraud preventive measures will be applied and lead to less payment fraud. Banks have to share more of the burden if they fail to do their part.” He added that the new liability rules for online platforms were a “win for the Parliament.”
One of the most consequential components of the agreement is the expanded liability regime for payment service providers (PSPs). Under the new rules, service providers that fail to implement adequate fraud-prevention measures will be responsible for reimbursing victims.
The legislation mandates that PSPs verify whether a payee’s name and unique identifier match. If discrepancies are detected, the provider must block the transaction and alert the payer. This requirement addresses a common avenue for fraud in which transfers are misdirected to accounts with deceptively similar names.
PSPs must also enforce strong customer authentication and perform detailed risk assessments before processing payments. The expansion of spending limits and blocking tools is designed to give consumers greater control, thereby reducing the likelihood of unauthorised transactions.
In cases where a fraudster initiates or manipulates a transaction, the payment will automatically be classified as unauthorised. The PSP will be liable for the full amount. Receiving providers must also freeze suspicious funds on arrival, a measure intended to halt the rapid laundering of stolen money through layered accounts.
A particularly notable provision addresses impersonation fraud – a growing category in which criminals pose as bank employees to manipulate customers into approving transfers. The deal obliges PSPs to refund the full loss if the victim reports the fraud to the police and informs their service provider. This shifts more responsibility onto institutions, which lawmakers argue have superior technological capacity to detect such abuses.
In a move that extends liability beyond financial institutions, online platforms will be held accountable if they fail to remove fraudulent content after being notified. Should a customer be defrauded due to scams hosted on a platform, that platform may be required to reimburse the PSP that compensated the victim. This builds on and reinforces obligations introduced under the EU’s Digital Services Act.
The regulation also tightens rules for online advertising of financial services. Advertisers must demonstrate to major platforms and search engines that they are legally authorised to offer the services they promote. This requirement aims to reduce the prevalence of misleading or unlicensed financial promotions, which have been a major driver of investment scams.
MEPs also introduced a requirement for payment service users to have access to human support channels, preventing companies from relying solely on chatbots. Lawmakers emphasise that human intervention is often essential in high-stress situations involving fraud or disputed payments. Additionally, member states are expected to invest more public resources in digital fraud awareness, recognising that education is a crucial component of prevention.
The reform seeks to eliminate hidden or confusing fees by obliging PSPs to disclose all costs before a payment is initiated. This applies to currency conversion fees, withdrawal charges at ATMs, and fixed service costs.
The goal is to create a consistent experience across the EU, preventing operators from exploiting differences in national rules to impose unexpected charges on consumers.
Though digital payments continue to grow, the EU has reaffirmed its commitment to maintaining cash as a viable payment method. PSD3 introduces a mechanism that allows retail shops to provide cash withdrawals of between €100 and €150 without requiring customers to make a purchase.
This measure is particularly aimed at rural or remote communities where bank branches and ATMs have been disappearing, raising concerns about financial exclusion.
The deal significantly expands “open banking” rights, allowing authorised service providers to access payment account data on fair and non-discriminatory terms. Banks will be prohibited from obstructing such access and must provide users with dashboards to manage permissions they have granted to third-party providers.
Manufacturers of mobile devices and digital service providers must also allow payment-related data to be stored and transferred under fair and reasonable conditions. This is expected to reduce the dominance of proprietary payment ecosystems and encourage innovation among smaller fintech firms.
PSD3 introduces a simplified authorisation process for payment institutions, supported by unified capital requirements and harmonised timelines. Providers already licensed under the Markets in Crypto-Assets Regulation will benefit from a streamlined procedure when applying for payment-related permissions.
All PSPs will be required to participate in alternative dispute resolution mechanisms chosen by consumers, aiming to resolve issues more quickly and cheaply than through court proceedings.
The agreement must now be formally adopted by both Parliament and the Council. Once approved, the new framework will gradually come into force across EU member states.
In other news in Europe, Iberdrola and Echelon Data Centres have allied to develop and operate large-scale data centres across Spain.
