Banks’ Payment Services: Data protection under EU Laws -HAZM Mahegir


The most crucial cost at present in banking industries is to provide Data services to their customers as per their desire. Under guidance of EU legislation over Payment Services Directive II, banks have to be conceived in force to obey the directives need to expose their personal data vaults to the customers’ own choice.
To encourage new entrants and ideas with fresh technologies and modern services, such new laws is going to be imposed to patronize in this sector. The monopoly business is to be stopped by the ultimate aim of the PSD II [New Regulation on Payment Services Forces Banks to Act] Directive on Payment Services in the Internal Market II (PSD II; Directive 2015/2366) was adopted by the European Parliament and will enter into force on January 13, 2018. The PSD II is the successor of the Payment Services Directive (PSD I; 2007/64/EC) which entered into force in 2007 and provided the legal basis for the creation of an EU-wide single market for payments and, in doing so, promoted competition and efficiency to the concerned partners. The law specifies that banks should share their Data by way of mandated application programming interfaces, Application Programming Interface [APIs] in the jargon [not to be used by the outsiders of the restricted group]. There are two main areas addressed in the PSD II for which innovations are developed and that bank and Fin Tech companies need to bear in mind in order to fully leverage opportunities arising from the new environment in the payments area and comply with the regulations.
Technical overview
The PSD contains two main sections:
1. The ‘market rules’ describe which type of organizations can provide payment services. Next to credit institutions (i.e. banks) and certain authorities (e.g. Central banks, government bodies), the PSD mentions Electronic Money Institutions, created by the E-Money Directive in 2000, and created the new category of ‘Payment Institutions’ with its own prudential regime rules. Organizations that are not credit institutions or EMIs, can apply for an authorization as a Payment Institution if they meet certain capital and risk management requirements, in any EU country of their choice where they are established and then “passport” their payment services into other EU member states without additional PI requirements.

2. The ‘business conduct rules’ specify what transparency of information payment service institutions need to provide, including any charges, exchange rates, transaction references and maximum execution time. It stipulates the rights and obligations for both payment service providers and users, how to authorize and execute transactions, liability in case of unauthorized use of payment instruments, refunds on payments, revoking payment orders, and value dating of payments.
Each country had to designate a ‘Competent Authority’ for prudential supervision of the PIs and to monitor compliance with business conduct rules, as transposed into national legislation.

Buying safe on line with credit card

There is no denial that High quality global journalism [HQGJ] requires hudge investment. Most progressive instruments and durable protected data protection Center is the prime structural requirement to protect customers’ information. The ultimate aim of the PSDII is to break the banking monopoly on data in the hope of encouraging new entrants into the market with fresh product innovations, ideas and services. The law specifies that banks should share their data by way of mandated application programming interfaces, “APIs” in the jargon [Special terminology for technology and business] way of art. Through these standardized protocols, it is envisaged; third parties will be able to download data with ease as soon as customers give them permission to do so. But, while the goal is admirable, it is not without risk. Critically, the legislation neglects to address how differently data are treated in the market by non-bank institutions.

Banks had to pass the bitter path and have learnt the hard way — through a series of crisis, fear, and supervisory lapses in penalties — that their vast depositories of personal data behave more like liabilities than assets. They have dealt with this challenge by listing the protection of customer data and privacy above all else and turning it into a competitive differentiator. ‘Economist Gary Gorton and his colleagues have raised an argument; banking is, to a large extent, the business of keeping secrets.’ Related article FinTech sector fears weakening of EU ‘Open banking’ legislation Payment start-ups say big lenders’ lobbying will reduce shared access to customer data Combine that with the fear of being fined for miss uses of customers’ data, and banks have been slow to leverage this trove for their own benefit beyond making a Concrete decision of credit. Here the withdrawal of customer data is compulsory, with corporate valuations often directly linked to the size and potential of such reserves. Advocates of PSDII say the legislation will help customers take control of their information. Without fear of being locked into a particular provider they will be able to move their data, and their deposits.

Payment protection insurance, or PPI, is insurance that will pay out a sum of money to help the customer cover the concerned person monthly repayments on mortgages, loans, credit/store cards or catalogue payments if the person is unable to work for certain reasons covered by policy, such as death, illness or accident, or someone become unemployed. The Payment Protection Insurance (PPI) miss-selling scandal gives us an insight into how things might go wrong. Millions of customers were tricked into buying products they didn’t understand or want through the leveraging of their unwitting consent. In the tech world, the use of impossibly complicated terms and conditions stealthily to provoke customer consent is deemed a bona fide business strategy. In banking, it potentially turns API into a new PPI-style scandal in the making. This is not the only conflict. Another bit of EU legislation, the GDPR [General Data Protection Regulation], aims to impose penalties on companies that fail to safeguard personal data, could container with the core doctrines of PSDII, despite the two being deemed complementary by legislators.
Protection of the banking industries from the hackers’ domain should have to be in fully secured. This law requires gaining appropriate consent for data use and to comply with data deletion requests, with a smooth operation of data technology by minimizing risk factor. Competitive advantage trustworthy tech companies need to comply the systematic terms and conditions to be followed with a target oriented job as per schedule of the work. The most interesting, this EU laws will work at the third world banking industries at the coming years.


Please enter your comment!
Please enter your name here