In November 2015, the European legislator published the European Directive 2015/2366 relating to payment services called PSD2, partly practicable since January 13, 2018 and replacing the European Directive 2007/64.

Moreover, the European Banking Authority and the European Commission have published texts (orientations, technical regulatory standards and delegated regulation) in order to complete the Directive PDS2 on an operational point of view, in particular concerning the following themes:

• Security measures for operational and security risks linked to payment services, practicable since January, 13 2018
• Classification of incidents linked to payment services and major incident reporting to competent authorities, practicable since January, 13 2018
• Data reporting relating to fraud, practicable from January, 1^st 2018
• Strong authentication of the consumer and common and secured open standards of communication (Application Programming Interface – API), practicable from September, 14 2019
• Conditions to fulfil to benefit from a waiver on the emergency mechanism in accordance with article 33, section 6 of the regulation (EU) n° 2018/ 389 on CSA and CSC, practicable from September, 14 2019

The directive (EU) 2015/2366 (PDS2) was written into the French national law through the ordinance of August, 9 2017, ratified by the law of August, 3 2018, completed by two decrees of December, 26 2018 (n°2018-1224 and n°2018-1228). These two decrees deal with:

• Cash-back, cash provision within the framework of a payment operation
• Methods of application of the delegated act (delegated regulation) 2018/389

Main contributions of PSD2:

• The creation of two new payment services: services of payment initiation & information services on accounts
• The redefinition of conditions and requirements concerning information ruling payment services (contractual clauses – decision of August, 31 2017 implementing PDS2)
• The franchise is lowered within the limit of 50EUR cap instead of 150EUR (this franchise is supported by the payer in specific cases clarified by PDS2)
• PDS2 defines and describes the process and the period relating to the reimbursement of non-authorized operations
• PDS2 supervises the response times to customers reclaims relating to payment services, which shall be sent within 15 working days, 35 days in the event of complex reclaims.
• The 3 EBA orientations completing articles 95 (Operational and security risk management), 96 “Incident notification” and “data reporting relating to fraud” of the PDS2 clarify:
  • The criteria chosen for the classification of operational and / or minor or major security incidents
  • The calculation methods of the