2019_4594 Definition of an electronic remote payment transaction

Question ID: 2019_4594
Legal act: Directive 2015/2366/EU (PSD2)
Topic: Strong customer authentication and common and secure communication (incl. access)
Article: 97
Paragraph: 2
Subparagraph: no relevance
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph: Article 5/paragraph 3
Type of submitter: Industry association
Subject matter: Definition of an electronic remote payment transaction
Question: What are the demarcation criteria of the term „remote payment transaction“, which is an essential term in the RTS on SCA and CSC?
Background on the question: According Art. 97 (2) of the PSD2, the SCA of an electronic “remote” payment transactions should include “elements which dynamically link the transaction to a specific amount and a specific payee”. According to Art. 4 (6) of the PSD2 a ’remote payment transaction’ is defined as “a payment transaction initiated via internet or through a device that can be used for distance communication.” Based on this PSD2-definition of a remote payment transaction every contactless card transaction (e.g. via NFC technology) and every payment transaction initiated by a mobile phone could be considered as a remote payment. This is obviously not the interpretation by the EBA. According SCA exemptions in EBA´s final draft of November 2017, contactless payments at point of sale (Art. 11) and at unattended terminals for transport fares and parking fees (Art. 12) are considered as non-remote payment transactions, whether or not they are based on mobile phone. This finding results in the question whether a “point of sale” according Art. 11 (of Regulation EU 2018/389) is referring to physical terminals (as payment device of the payee) only (like “terminals” in Art 12) or not? Are contactless payments outside a physical POS environment included? What about contactless payments using two mobiles phones or other devices in a P2P constellation without sales? Contactless payments are not defined - neither in the PSD2 nor in the EBA documents. Recital 96 of the PSD2 stated: “Payment services offered via internet or via other at-distance channels, the functioning of which does not depend on where the device used to initiate the payment transaction or the payment instrument used are physically located, should therefore include the authentication of transactions through dynamic codes.” For a non-remote payment transaction, which SCA doesn´t require a dynamic linking, the requirement of the physical presence of the device or payment instrument of the payer (card, mobile phone, wearable) at the physical point-of-sale seems to be essential. Are the physical presence and the involvement of the device of the payee (merchant) also required in case of a non-remote transaction? Is a mobile payment in a cashierless store based on “just walk out” technology (like in the Amazon Go stores) a remote transaction, even when the physical presence of the mobile phone is necessary for registration of the payer (login) and the articles bought?
Submission date: 04/03/2019
Final publishing date: 21/01/2022
Final answer: Article 97(2) of Directive 2015/2366/EU (PSD2) states that dynamic linking applies to electronic remote payment transactions. Article 4(6) PSD2 defines remote payment transactions as “a payment transaction initiated via internet or through a device that can be used for distance communication”. Article 4(34) PSD2 provides that ‘means of distance communication’ means a method which, without the simultaneous physical presence of the payment service provider and the payment service user, may be used for the conclusion of a payment services contract’.

Recital 95 further clarifies that ‘Payment services offered via internet or via other at-distance channels, the functioning of which does not depend on where the device used to initiate the payment transaction or the payment instrument used are physically located, should therefore include the authentication of transactions through dynamic codes, in order to make the user aware, at all times, of the amount and the payee of the transaction that the user is authorising.’

It follows from the above that a payment transaction is remote where it is initiated via internet or, in the case where the transaction is initiated via a device, where the physical presence of the device is irrelevant for the initiation of the payment transaction.

Disclaimer:

The answers clarify provisions already contained in the applicable legislation. They do not extend in any way the rights and obligations deriving from such legislation nor do they introduce any additional requirements for the concerned operators and competent authorities. The answers are merely intended to assist natural or legal persons, including competent authorities and Union institutions and bodies in clarifying the application or implementation of the relevant legal provisions. Only the Court of Justice of the European Union is competent to authoritatively interpret Union law. The views expressed in the internal Commission Decision cannot prejudge the position that the European Commission might take before the Union and national courts.
Status: Final Q&A
Answer prepared by: Answer prepared by the European Commission because it is a matter of interpretation of Union law.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre

Disclaimer