Second European Payment Services Directive PSD2 (Payment Services Directive 2)

The second European Payment Services Directive (PSD2), which applies within the EU and contains both regulatory and civil law elements, has been in full effect since September 14, 2019. What does this mean? What exactly is to be observed? What effects does PSD2 have on data protection for payment data? You can find out in the article.

Innovations in electronic payment transactions through the Payment Services Directive PSD2

The purpose of the directive is to make payment transactions in the EU more secure and to enable more competition. In addition, it should ensure better protection of customer data and increased security during data transmission. It brings changes for customers who pay cashless, for companies with online shops, but also for stationary retailers who accept card payments. As of now, companies are only allowed to work with payment services that are supervised by the Federal Financial Supervisory Authority or that are subject to the supervisory authority of another EU country and that have a corresponding license.

Effects of the payment services directive on data protection for payment data

In connection with data protection, the possible new access by payment service providers to sensitive payment data or personalized security features such as credit cards, signature and biometric data of the customer is particularly relevant. For this reason, the Payment Services Directive contains some data protection requirements.

First of all, it should be noted that only payment services that are subject to banking supervision have access to sensitive payment data. In addition, all responsible companies that process sensitive payment data must ensure that the data is protected against unauthorized access by third parties using the latest technology. If a company passes on different sensitive data to the payment service provider than before, the data protection notice on the website and the data protection declaration in the booking process must be adapted accordingly and reference made to this transfer. In addition, a description of the processing activities for all processing versions is required. If the responsible company has the right to issue instructions, order processing contracts with all payment service providers are necessary to ensure sufficient data security.

We look forward to these new challenges, which we will tackle in close cooperation with you. If you have any questions, please do not hesitate to contact your team of specialists.
Contact us!

This post is also available in: German