English News

Payment Services Supervision Act/PSD2

New obligations for electronic payments as of September 2019

As of September 14, 2019, the new legal provisions of the Payment Services Act based on the Payment Services Directive (PSD2) on account information services and strong customer authentication in electronic payment transactions will come into force.

In general, the Payment Services Supervision Act/PSD2 is intended to help improve consumer protection and legal certainty. The required "Strong Customer Authentication (SCA)" is based on at least two different and independent factors:

- Knowledge, i.e. only something that the account holder knows, such as a password or PIN,

- Possession, something that only the account holder has, such as a payment card or

- Inherence, something that only the account holder is, such as a fingerprint.

Accordingly, only the combined application will be accepted as valid and secure. Examples of such a combination are card payment with PIN or the PIN/TAN procedure for online accounts. In general, the introduction of the strong customer authentication SCA does not seem to be particularly in focus for many companies yet. However, the impact on payment processes can be enormous. In order not to be completely surprised by the new requirements, you should check with your bank advisors at short notice to see to what extent they and their payment processes are affected by the new requirements.

SPECIAL INFORMATION FOR DATEV USERS

The strong customer authentication (SCA) also applies to the retrieval of account transactions. In practice, this means that in future a TAN must be entered every 90 days at the latest for account transaction queries using the HBCI PIN/TAN procedure. How the banks will implement this requirement in practice has not yet been conclusively clarified. Any restrictions on electronic bank bookings and the execution of direct debits depend on the banks' decisions and are still unclear.

What is certain, however, is that it will no longer be so easy to access account transactions using the HBCI PIN/TAN procedure. Today, for example, it is sufficient to use a read PIN for account access. If the PIN is stored in DATEV payment transactions, account transactions can now be retrieved automatically and permanently. In the future, this will no longer work because the required TAN cannot be generated with this PIN. Due to the stricter legal requirements, DATEV can only offer the HBCI PIN/TAN procedure in its current form for a few months:

- in Bank online (part of DATEV Unternehmen online) it can be used until the beginning of September 2019,

- in DATEV Zahlungsverkehr expected by 13 September 2019.

After this date, it will no longer be possible to collect bank account statements and execute payments via the existing HBCI access.

If you use the transmission procedures RZ-Bankinfo or EBICS for posting electronic documents or the service computer centre procedure (DATEV collective procedure with accompanying slip) for payments, you will not be affected by the legal change. You do not need to take any action.

In case that you use the HBCI PIN/TAN procedure in its current form, we recommend switching to EBICS. Various technical facilities are required for this. Please clarify the detailed requirements with your responsible bank advisor.

For further information please contact

Björn Christian Gerow

Steuerberater

Fachberater für internationales Steuerrecht

Phone: +49-211-17257-15

E-Mail: b.c.gerow@egsz.de

 

 Zur Übersicht