BT-REQ-3972 PSD3 Impacts v6(without crop marks) RL - Flipbook - Page 11
11
HL | PSD3 Impacts
The Council Text limits the data that is required to be
shared between PSPs to unique identifiers (as per the
Original Commission Draft). However, it mandates that
these be shared to the extent necessary to prevent and
detect potentially fraudulent payment transactions
where there are reasonable and objective grounds to
suspect fraud. This is a departure from the proposal that
such identifiers would need to be shared where they
had been associated with fraudulent activity twice by
different PSUs using the same PSP.
The Council Text also imposes an obligation on PSPs
not to draw conclusions or take decisions that have an
impact on the business relationship with the PSU, or
on the execution of a payment transaction based on
information received from other PSPs. This is broader
(and somewhat vaguer) than the previous obligation
preventing them from terminating the relationship per
the EP Text.
What is the impact?
PSPs will have been monitoring transactions in any
event; however, the requirement to share the results
of such monitoring will require participation and
use of data sharing arrangements with other PSPs,
which will need to comply with GDPR assessment
requirements and trigger regulatory engagement.
