Table of Contents
Payment Services Regulations 2017 [SI 2017 No. 752]Introductory TextPart 1 Introductory provisions (regs. 1-3)Regulation 1 Citation, commencement and extentRegulation 2 InterpretationRegulation 3 Exemption for certain bodiesPart 2 Registration (regs. 4-21)The register (reg. 4)Regulation 4 The register of certain payment service providersAuthorisation as a payment institution (regs. 5-12)Regulation 5 Application for authorisation as a payment institution or variation of an existing authorisationRegulation 6 Conditions for authorisation as a payment institutionRegulation 7 Imposition of requirementsRegulation 8 Variation etc. at request of authorised payment institutionRegulation 9 Determination of application for authorisation or variation of authorisationRegulation 10 Cancellation of authorisationRegulation 11 Request for cancellation of authorisationRegulation 12 Variation of authorisation on FCA's own initiativeRegistration as a small payment institution (regs. 13-16)Regulation 13 Application for registration as a small payment institution or variation of an existing registrationRegulation 14 Conditions for registration as a small payment institutionRegulation 15 Supplementary provisionsRegulation 16 Application for authorisation or registration if requirements cease to be metRegistration as an account information service provider (regs. 17-19)Regulation 17 Application for registration as an account information service provider or variation of an existing registrationRegulation 18 Conditions for registration as an account information service providerRegulation 19 Supplementary provisionsCommon provisions (regs. 20-21)Regulation 20 Duty to notify changesRegulation 21 Authorised payment institutions, small payment institutions and registered account information service providers acting without permissionPart 3 Authorised Payment Institutions (regs. 22-30)Regulation 22 Capital requirementsRegulation 23 Safeguarding requirementsRegulation 23A Insolvency RegulationsRegulation 24 Accounting and statutory auditRegulation 25 OutsourcingExercise of passport rights (regs. 26-30)Regulation 26 Application of regulations 27 to 30 to account information service providersRegulation 27 Notice of intentionRegulation 28 Decision following notice of intentionRegulation 29 Notice of intention from an EEA authorised payment institutionRegulation 30 Supervision of firms exercising passport rightsPart 4 Provisions Applicable to Authorised Payment Institutions and Small Payment Institutions (regs. 31-37)Regulation 31 Record keepingRegulation 32 Additional activitiesRegulation 33 Payment accounts and sums received for the execution of payment transactionsRegulation 34 Use of agentsRegulation 35 Removal of agent from registerRegulation 36 RelianceRegulation 37 Duty to notify change in circumstancePart 5 Requirements for providers of certain services which are not payment services (regs. 38-39)Regulation 38 Notification of use of limited network exclusionRegulation 39 Notification of use of electronic communications exclusionPart 6 Information Requirements for Payment Services (regs. 40-62)Application (regs. 40-42)Regulation 40 Application of Part 6Regulation 41 Application of this Part in the case of consumer credit agreementsRegulation 42 Disapplication of certain regulations in the case of low-value payment instrumentsSingle payment service contracts (regs. 43-47)Regulation 43 Information required prior to the conclusion of a single payment service contractRegulation 44 Information required after the initiation of a payment orderRegulation 45 Information required after receipt of the payment orderRegulation 46 Information for the payee after executionRegulation 47 Avoidance of duplication of informationFramework contracts (regs. 48-54)Regulation 48 Prior general information for framework contractsRegulation 49 Information during period of contractRegulation 50 Changes in contractual informationRegulation 51 Termination of framework contractRegulation 52 Information prior to execution of individual payment transactionRegulation 53 Information for the payer on individual payment transactionsRegulation 54 Information for the payee on individual payment transactionsCommon provisions (regs. 55-59)Regulation 55 Communication of informationRegulation 56 Charges for informationRegulation 57 Currency and currency conversionRegulation 58 Information on additional charges or reductionsRegulation 59 Burden of proof on payment service providerOther information requirements (regs. 60-62)Regulation 60 Information requirements for account information service providersRegulation 61 Information on ATM withdrawal chargesRegulation 62 Provision of information leafletPart 7 Rights and Obligations in Relation to the Provision of Payment Services (regs. 63-101)Application (regs. 63-65)Regulation 63 Application of Part 7Regulation 64 Application of this Part in the case of consumer credit agreementsRegulation 65 Disapplication of certain regulations in the case of low value payment instrumentsCharges (reg. 66)Regulation 66 ChargesAuthorisation of payment transactions (regs. 67-80)Regulation 67 Consent and withdrawal of consentRegulation 68 Confirmation of availability of funds for card-based payment transactionsRegulation 69 Access to payment accounts for payment initiation servicesRegulation 70 Access to payment accounts for account information servicesRegulation 71 Limits on the use of payment instruments and access to payment accountsRegulation 72 Obligations of the payment service user in relation to payment instruments and personalised security credentialsRegulation 73 Obligations of the payment service provider in relation to payment instrumentsRegulation 74 Notification and rectification of unauthorised or incorrectly executed payment transactionsRegulation 75 Evidence on authentication and execution of payment transactionsRegulation 76 Payment service provider's liability for unauthorised payment transactionsRegulation 77 Payer or payee's liability for unauthorised payment transactionsRegulation 78 Payment transactions where the transaction amount is not known in advanceRegulation 79 Refunds for payment transactions initiated by or through a payeeRegulation 80 Requests for refunds for payment transactions initiated by or through a payeeExecution of payment transactions (regs. 81-84)Regulation 81 Receipt of payment orders Regulation 82 Refusal of payment ordersRegulation 83 Revocation of a payment orderRegulation 84 Amounts transferred and amounts receivedExecution time and value date (regs. 85-89)Regulation 85 Application of regulations 86 to 88Regulation 86 Payment transactions to a payment accountRegulation 87 Absence of payee's payment account with the payment service providerRegulation 88 Cash placed on a payment accountRegulation 89 Value date and availability of fundsLiability (regs. 90-96)Regulation 90 Incorrect unique identifiersRegulation 91 Non-execution or defective or late execution of payment transactions initiated by the payerRegulation 92 Non-execution or defective or late execution of payment transactions initiated by the payeeRegulation 93 Non-execution or defective or late execution of payment transactions initiated through a payment initiation serviceRegulation 94 Liability of payment service provider for charges and interestRegulation 94A Liability of payment service provider for charges and interest as a consequence of delay under regulation 86(2B)Regulation 95 Right of recourseRegulation 96 Force majeureMiscellaneous (regs. 97-101)Regulation 97 Consent for use of personal dataRegulation 98 Management of operational and security risksRegulation 99 Incident reportingRegulation 100 AuthenticationRegulation 101 Dispute resolutionPart 8 Access to payment systems and bank accounts (regs. 102-105)Regulation 102 Application of regulation 103Regulation 103 Prohibition on restrictive rules on access to payment systemsRegulation 104 Indirect access to designated systemsRegulation 105 Access to bank accountsPart 9 The Financial Conduct Authority (regs. 106-122)Regulation 106 Functions of the FCARegulation 106A Technical standardsRegulation 107 Application of this Part to requirements of retained direct EU legislation and FCA rulesSupervision and enforcement (regs. 108-117)Regulation 108 Monitoring and enforcementRegulation 109 Reporting requirementsRegulation 110 Public censureRegulation 111 Financial penaltiesRegulation 112 Proposal to take disciplinary measuresRegulation 113 InjunctionsRegulation 114 Power of FCA to require restitutionRegulation 115 Proposal to require restitutionRegulation 116 Restitution ordersRegulation 117 ComplaintsMiscellaneous (regs. 118-122)Regulation 118 Costs of supervisionRegulation 119 Credit agreementsRegulation 120 GuidanceRegulation 121 FCA's exemption from liability in damagesRegulation 122 Application and modification of primary and secondary legislationPart 10 The Payment Systems Regulator (regs. 123-136)Regulation 123 Interpretation of Part 10Regulation 124 Functions of the Payment Systems RegulatorRegulation 125 DirectionsRegulation 126 Publication of compliance failures and penaltiesRegulation 127 PenaltiesRegulation 128 Notice of publication of a compliance failure or of imposition of a penaltyRegulation 129 InjunctionsRegulation 130 Appeals: generalRegulation 131 Appeals against directions and publication of compliance failuresRegulation 132 Appeals in relation to penaltiesRegulation 133 ComplaintsRegulation 134 GuidanceRegulation 135 Information and investigationRegulation 136 Application of other provisions of the 2013 ActPart 11 General (regs. 137-158)Contracting out of statutory requirements (reg. 137)Regulation 137 Prohibition on contracting out of statutory requirementCriminal Offences (regs. 138-146)Regulation 138 Prohibition on provision of payment services by persons other than payment service providersRegulation 139 False claims to be a payment service provider or exemptRegulation 140 DefencesRegulation 141 Contravention of regulations 57 and 58Regulation 142 Misleading the FCA or the Payment Systems RegulatorRegulation 143 Restriction on penaltiesRegulation 144 Liability of officers of bodies corporate etcRegulation 145 Prosecution of offencesRegulation 146 Proceedings against unincorporated bodiesMiscellaneous (regs. 147-148A)Regulation 147 Duty to co-operate and exchange of informationRegulation 148 Actions for breach of requirementsRegulation 148A Single Euro Payments AreaTransitional and saving provisions (regs. 149-154)Regulation 149 Saving of Payment Services Regulations 2009Regulation 150 Transitional and saving provisions: authorised payment institutionsRegulation 151 Transitional and saving provisions: small payment institutionsRegulation 152 Transitional provisions: payments through network operatorsRegulation 153 Transitional and saving provisions: generalRegulation 154 Transitional provisions: account information services and payment initiation servicesGibraltar (reg. 155)Regulation 155 Application to GibraltarAmendments to legislation (regs. 156-157)Regulation 156 Amendments to primary and secondary legislationRegulation 157 RevocationsReview (reg. 158)Regulation 158 ReviewSchedule 1 Payment ServicesSchedule 1, Part 1 Payment services (para. 1)Schedule 1, Part 2 Activities which do not constitute payment services (para. 2)Schedule 2 Information to be included in or with an application for authorisationSchedule 3 Capital requirementsSchedule 3, Part 1 Initial capital (paras. 1-2)Schedule 3, Part 2 Own funds (paras. 3-11)Schedule 3A Application and modification of the Banking Act 2009Schedule 4 Prior general information for framework contractsSchedule 5 Credit agreementsSchedule 5, Part 1 Prohibitions and restrictions (paras. 1-2)Schedule 5, Part 2 Procedure and appeals (paras. 3-6)Schedule 6 Application and modification of legislationSchedule 6, Part 1 Application and modification of the 2000 Act (paras. 1-11)Schedule 6, Part 2 Application and modification of secondary legislation (paras. 12-13)Schedule 7 GibraltarSchedule 8 Amendments to legislationSchedule 8, Part 1 Amendments to primary legislation (paras. 1-4)Schedule 8, Part 2 Amendments to the Electronic Money Regulations 2011 (para. 5)Schedule 8, Part 3 Amendments to other secondary legislation (paras. 6-26)Schedule 9 RevocationsSignatureExplanatory NoteExplanatory Memorandum
Page Overview
Document Overview
Tools
Print / Export
Notification
Bookmark
Share / Source link
Regulation 100 Authentication
(1) A payment service provider must apply strong customer authentication where a payment service user -
(a) accesses its payment account online, whether directly or through an account information service provider;
(b) initiates an electronic payment transaction; or
(c) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.
(2) Where a payer initiates an electronic remote payment transaction directly or through a payment initiation service provider, the payment service provider must apply strong customer authentication that includes elements which dynamically link the transaction to a specific amount and a specific payee.
(3) A payment service provider must maintain adequate security measures to protect the confidentiality and integrity of payment service users' personalised security credentials.