.svg)
Vixio’s global roundup of imperative regulatory developments. Your lowdown on what the world’s regulatory leaders are up to this month.
Following investigations, the Bank of Italy has published a communication to payment services providers (PSPs) regarding their practices when handling unauthorised payment transactions that are not recognised by the payment service user. The communication highlights PSPs’ practices that have raised the Bank of Italy’s concerns, as well as expectations from PSPs.
How does this compare: ‘Unauthorised transactions’ (Italy) v ‘authorised transactions’ (UK)
The Bank of Italy’s communication underscores the need to guarantee customers the right to not recognise unauthorised transactions and to receive the associated refunds. Similarly, customers’ right to dispute transactions has been the focus of the UK's Payment Systems Regulator (PSR) in recent months, with the mandatory authorised push payment (APP) fraud reimbursement rule set to enter into force on October 7, 2024.
It is worth noting that the Bank of Italy’s communication refers specifically to “unauthorised” payment transactions. This means either of the following:
- The payer has not provided their consent for the execution of the transaction (Article 5, Legislative Decree No. 11/2010).
- The payment was not authorised with the highest safety standards required by the regulation, such as strong customer authentication (SCA) (Articles 10 and 12, Legislative Decree No. 11/2010).
In contrast, in the UK, the PSR regulates authorised push payment (APP) fraud, where a victim is tricked, by way of manipulation, deceit or persuasion, into sending money to a fraudster’s account.
Notwithstanding the difference in regulators’ approach, a concise comparison between the two jurisdictions’ key rules is provided below:
- Timeline for making a claim: In Italy, the consumer must make the claim within 13 months of the date of debit (for the payer) or the credit date (for beneficiary); this deadline does not apply if the PSP has failed to provide or make available the information relating to the payment transaction (Article 9, Legislative Decree No. 11/2010).
Similarly, in the UK, under Specific Requirement 1, Paragraph 4.7, PSPs are not required to reimburse APP frauds reported more than 13 months after the payment subject of the claim is executed.
- Timeline for reimbursement: In Italy, PSPs must reimburse the payer the amount of the transaction immediately and, in any case, at the latest by the end of the next business day following the day of the PSP’s acknowledgement of the operation or receipt of the payer’s claim. This does not preclude the PSP from demonstrating, even at a later time, that the payment transaction had been authorised and, consequently, obtain the refund back from the client (Article 11(1 and 3), Legislative Decree No. 11/2010).
APP fraud victims in the UK will have to be reimbursed within five business days from the date the victim makes a Faster Payment System (FPS) APP scam claim to the sending PSP, unless the sending PSP exercises the “stop the clock” provision to gather more information where necessary (Specific Requirement 1, Paragraph 5).
- Information requirements: Both the Bank of Italy and the PSR stress the importance for transparency and documentation that contains adequate information to ensure customers are fully aware of their rights and the protections available to them.
- Exceptions: In both jurisdictions, in cases of consumers’ gross negligence, the consumer loses their right to receive the reimbursement (in Italy, Article 12(4) of the Legislative Decree No. 11/2010 refers to “dolo” and “colpa grave”, whereas the UK’s Specific Requirement 1, Paragraph 4.2 relies on the “consumer standard of caution”).
For a closer look at the key areas of focus for PSPs in the UK, highlighted in the PSR’s letter, to implement the APP Scams Reimbursement Requirement, please refer to Vixio’s Regulatory Influencer available here.
Why should you care?
The Bank of Italy’s communication requires PSPs to carry out a self-assessment of their structures, procedures and practices against the regulatory provisions, particularly Legislative Decree No. 11/2010 (unofficial consolidated version), and against the expectations of the Bank of Italy. For PSPs, compliance with these self-assessment requirements is a matter of regulatory obligation, but could also present an opportunity from an operational perspective. A self-assessment that is well-executed could streamline PSPs’ handling of claims and disputes with consumers, which, in turn, could also increase customer satisfaction.
Additionally, PSPs must implement any necessary corrective actions as quickly as possible and, in any event, within 12 months of the publication of the communication. The assessments and analyses carried out by the PSPs should be appropriately formalised and will be subject to verification as part of the ordinary supervisory activities of the Bank of Italy.
