Autenticación reforzada de cliente y responsabilidad en la segunda directiva de servicios de pago

  1. Lucía Alvarado Herrera
Revista:
Revista de Derecho del Sistema Financiero: mercados, operadores y contratos

ISSN: 2695-9534

Ano de publicación: 2023

Número: 5

Páxinas: 69-112

Tipo: Artigo

Outras publicacións en: Revista de Derecho del Sistema Financiero: mercados, operadores y contratos

Resumo

One of the main innovations introduced by the Second Payment Services Directive was the increase of security measures in the provision of payment services, which materialised in the requirement of the so-called strong customer authentication for access to payment accounts online and for the initiation of electronic payment transactions. The Second Directive provisions on strong authentication have been further developed through Delegated Regulation 2018/389, which specifi es the requirements of this authentication procedure. These include the obligation for payment service providers to have in place monitoring mechanisms to detect unauthorised or fraudulent transactions and the regime of exemptions from the strong authentication requirement. This paper addresses the key aspects of strong customer authentication and its liability implications.

Referencias bibliográficas

  • “La regulación de los servicios de pago por el Real Decreto-ley 19/2018, de 23 de noviembre. Una visión panorámica”, Revista de Derecho Bancario y Bursátil, n.º 155, 2019, pp. 9-36 (pp. 1-29 versión web).
  • ALAMILLO DOMINGO, I., “Autenticación reforzada y aseguramiento de la identidad del consumidor”, en CUENA CASAS – IBÁÑEZ JIMÉNEZ (dirs.): Perspectiva legal y económica del fenómeno FinTech, Wolters Kluwer, 2021, pp. 687-708.
  • AUTORIDAD BANCARIA EUROPEA, Discussion Paper on future Draft Regulatory Technical Standards on strong customer authentication and secure communication under the revised Payment Services Directive (PSD2), EBA/DP/2015/03, 8 December 2015. Disponible en https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1303936/13129941-7581-4473-a767-52ec002bd00a/EBA-DP-2015- 03%20%28RTS%20on%20SCA%20and%20CSC%20under%20PSD2%29.pdf.
  • CANO PELÁEZ, J. y MONTOLIO CALEAGA, A., “El nuevo régimen jurídico de servicios de pago”, en ORTEGA BURGOS (dir.): Mercados regulados, Tirant lo Blanch, 2021, pp. 89-110.
  • CLAROS FERNÁNDEZ, R. A., “Transformación digital y medios de pago: una visión práctica a la luz de la PSD2”, en PEREA ORTEGA (dir.): Estudios sobre Derecho Digital, Aranzadi, 2021, pp. 155-195.
  • Consultation Paper on Draft Regulatory Technical Standars amending the Commission Delegated Regulation (EU) 2018/389 supplementing Directive (EU) 2015/2366 of the European Parliamente and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication, EBA/CP/2021/32, 28 October 2021. Disponible en https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Consultations/2021/Consultation%20on%20amending%20RTS%20on%20SCA%20and%20CSC%20under%20PSD2/1022909/Consultation%20Paper%20on%20the%20amendment%20of%20the%20RTS%20on%20SCA%26CSC%20under%20PSD2.pdf
  • Consultation Paper on the draft Regulatory Technical Standards specifying the requirements on strong customer authentication and common and secure communication under PSD2, EBA/CP/2016/11, 12 August 2016. Disponible en https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1652933/9014220a-2bea-414e-964caa6a8c38da1f/Consultation%20Paper%20on%20RTS%20and%20ITS%20on%20the%20authorisation%20of%20credit%20institutions%20%28EBA-CP (RCL 1995, 3170 [RCL\1995\3170])-2016-19%29.pdf-.
  • Directrices de la ABE sobre gestión de riesgos de TIC y de seguridad, ABE/GL/2019/04, 28 noviembre 2019. Disponible en https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-security-measures-for-operational-and-securityrisks-under-the-psd2.
  • Directrices revisadas sobre la notificación de incidentes graves de conformidad con la Directiva de servicios de pago (PSD2), ABE/GL/2021/03, 10 de junio de 2021. Disponible en https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-major-incidentsreporting-under-psd2.
  • Directrices sobre requerimientos de comunicación de datos de fraude con arreglo al artículo 96, apartado 6, de la PSD2, EBA/GL//2018/05, 17 septiembre 2018. Disponible en https://www.eba.europa.eu/sites/default/documents/files/documents/10180/2352765/501f89bd-78f9-4488-9a0e38ff27d18ff0/Guidelines%20on%20fraud%20reporting%20%28EBA%20GL-2018-05%29_ES.pdf?retry=1.
  • Discussion Paper on the EBA’s preliminary observations on selected payment fraud data under PSD2, as reported by the industry, EBA/DP/2022/1, 17 January 2022. Disponible en https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Discussions/2022/Discussion%20Paper%20on%20the%20payment%20fraud%20data%20received%20under%20PSD2/1026061/Discussion%20Paper%20on%20the%20EBA%27s%20preliminary%20observations%20on%20selected%20payment%20fraud%20data%20under%20PSD2%20as%20reported%20by%20the%20industry.pdf
  • fhttps://www.eba.europa.eu/sites/default/documents/files/documents/10180/1303936/13129941-7581-4473-a767-52ec002bd00a/EBA-DP-2015-03%20%28RTS%20on%20SCA%20and%20CSC%20under%20PSD2%29.pdf
  • Final Report. Draft Regulatory Technical Standards on Strong Customer Authenticantion and common and secure communication under Article 98 of Directive 2015/2366 (PSD2), EBA/RTS/2017/02, 23 February 2017. Disponible en https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1761863/314bd4d5-ccad-47f8-bb11- 84933e863944/Final%20draft%20RTS%20on%20SCA%20and%20CSC%20under%20PSD2%20%28EBA-RTS-2017-02%29.pdf?retry=1.
  • Final Report. Draft Regulatory Technical Standars amending the Commission Delegated Regulation (EU) 2018/389 supplementing Directive (EU) 2015/2366 of the European Parliamente and of the Council with regard to regulatory technical standards for strong customer authentication and common
  • GEVA, B., Bank Collections and payment transactions. A comparative legal analysis, Oxford University Press, 2011.
  • https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-major-incidents-reporting-under-psd2
  • https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-major-incidents-reporting-under-psd2
  • https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-security-measures-for-operational-and-security-risks-under-the-psd2
  • https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-security-measures-for-operational-and-security-risks-under-the-psd2
  • https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Consultations/2021/Consultation%20on%20amending%20RTS%20on%20SCA%20and%20CSC%20under%20PSD2/1022909/Consultation%20Paper%20on%20the%20amendment%20of%20the%20RTS%20on%20SCA%26CSC%20under%20PSD2.pdf
  • https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Discussions/2022/Discussion%20Paper%20on%20the%20payment%20fraud%20data%20received%20under%20PSD2/1026061/Discussion%20Paper%20on%20the%20EBA%27s%20preliminary%20observations%20on%20selected%20payment%20fraud%20data%20under%20PSD2%20as%20reported%20by%20the%20industry.pdf
  • https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Draft%20Technical%20Standards/2022/EBARTS202203%20RTS%20on%20SCA%26CSC/1029858/Final%20Report%20on%20the%20amendment%20of%20the%20RTS%20on%20SCA%26CSC.pdf.
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/2352765/501f89bd-78f9-4488-9a0e-38ff27d18ff0/Guidelines%20on%20fraud%20reporting%20%28EBA%20GL-2018-05%29_ES.pdf?retry=1
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/2352765/501f89bd-78f9-4488-9a0e-38ff27d18ff0/Guidelines%20on%20fraud%20reporting%20%28EBA%20GL-2018-05%29_ES.pdf?retry=1
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/2137845/0f525dc7-0f97-4be7-9ad7-800723365b8e/Opinion%20on%20the%20implementation%20of%20the%20RTS%20on%20SCA%20and%20CSC%20%28EBA-2018-Op-04%29.pdf?retry=1
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/2137845/0f525dc7-0f97-4be7-9ad7-800723365b8e/Opinion%20on%20the%20implementation%20of%20the%20RTS%20on%20SCA%20and%20CSC%20%28EBA-2018-Op-04%29.pdf?retry=1
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/2137845/0f525dc7-0f97-4be7-9ad7-800723365b8e/Opinion%20on%20the%20implementation%20of%20the%20RTS%20on%20SCA%20and%20CSC%20%28EBA-2018-Op-04%29.pdf?retry=1
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1761863/314bd4d5-ccad-47f8-bb11-84933e863944/Final%20draft%20RTS%20on%20SCA%20and%20CSC%20under%20PSD2%20%28EBA-RTS-2017-02%29.pdf?retry=1
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1761863/314bd4d5-ccad-47f8-bb11-84933e863944/Final%20draft%20RTS%20on%20SCA%20and%20CSC%20under%20PSD2%20%28EBA-RTS-2017-02%29.pdf?retry=1
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1652933/9014220a-2bea-414e-964c-aa6a8c38da1f/Consultation%20Paper%20on%20RTS%20and%20ITS%20on%20the%20authorisation%20of%20credit%20institutions%20%28EBA-CP-2016-19%29.pdf
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1652933/9014220a-2bea-414e-964c-aa6a8c38da1f/Consultation%20Paper%20on%20RTS%20and%20ITS%20on%20the%20authorisation%20of%20credit%20institutions%20%28EBA-CP-2016-19%29.pdf
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1652933/9014220a-2bea-414e-964c-aa6a8c38da1f/Consultation%20Paper%20on%20RTS%20and%20ITS%20on%20the%20authorisation%20of%20credit%20institutions%20%28EBA-CP-2016-19%29.pd
  • https://www.eba.europa.eu/sites/default/documents/files/documents/10180/1303936/13129941-7581-4473-a767-52ec002bd00a/EBA-DP-2015-03%20%28RTS%20on%20SCA%20and%20CSC%20under%20PSD2%29.pdf and secure open standards of communication, EBA/RTS/2022/03, 5 April 2022.
  • https://www.eba.europa.eu/sites/default/files/documents/10180/2622242/4bf4e536-69a5-44a5-a685-de42e292ef78/EBA%20Opinion%20on%20SCA%20elements%20under%20PSD2%20.pdf
  • https://www.eba.europa.eu/sites/default/files/documents/10180/2622242/4bf4e536-69a5-44a5-a685-de42e292ef78/EBA%20Opinion%20on%20SCA%20elements%20under%20PSD2%20.pdf
  • ILLESCAS ORTIZ, R., Derecho de la contratación electrónica, 3.ª ed., Civitas, 2019.
  • LORENTE HOWELL, J. L., “Exenciones de la autenticación reforzada en la Directiva de Servicios de Pago”, Actualidad Jurídica Aranzadi, n.º 930, 2017.
  • MARTÍ MIRAVALLS, J., “Banca on-line y responsabilidad por daños: Análisis crítico de la jurisprudencia reciente en materia de phishing engañoso”, en SÁNCHEZ CRESPO (coord.): Fraude electrónico entidades financieras y usuarios de banca. Problemas y soluciones, Aranzadi, 2011, pp. 215-249.
  • NABALÓN, I., “La identificación electrónica: redefiniendo las reglas del sector financiero”, Papeles de Economía Española, n.º 162, 2019, pp. 162-174.
  • Opinion of the European Banking Authority on its technical advice on the review of Directive (EU) 2015/2366 on payment services in the internal market (PSD2), EBA/OP/2022/06, 23 June 2022. Disponible en https://www.eba.europa.eu/sites/default/documents/files/document_library/Publications/Opinions/2022/Opinion%20od%20PSD2%20review%20%28EBAOp06%29/1036016/EBA%27s%20response%20to%20the%20Call%20for%20advice%20on%20the%20review%20of%20PSD2.pdf.
  • Opinion of the European Banking Authority on the elements of strong customer authentication under PSD2, EBA/OP/2019/06, 21 June 2019. Disponible en https://www.eba.europa.eu/sites/default/files/documents/10180/2622242/4bf4e536-69a5-44a5-a685- de42e292ef78/EBA%20Opinion%20on%20SCA%20elements%20under%20PSD2%20.pdf.
  • Opinion of the European Banking Authority on the implementation of the RTS on SCA and CSC, EBA/OP/2018/4, 13 June 2018. Disponible en https://www.eba.europa.eu/sites/default/documents/files/documents/10180/2137845/0f525dc7-0f97-4be7-9ad7 800723365b8e/Opinion%20on%20the%20implementation%20of%20the%20RTS%20on%20SCA%20and%20CSC%20%28EBA-2018-Op-04%29.pdf? retry=1.
  • PACHECO JIMÉNEZ, M. N., “Nuevas alternativas de pago online: proveedores de servicio de pago externo en un mercado más tecnológico y seguro”, Revista Aranzadi de Derecho y Nuevas Tecnologías, n.º 49, 2019 (recurso electrónico).
  • PASTOR SEMPERE, C., “El ‘mercado único digital’ de los micropagos”, en MARTÍ MIRAVALLS (dir.): Problemas actuales y recurrentes en los mercados financieros. Financiación alternativa, gestión de la información y protección del cliente, Aranzadi, 2018, pp. 215-242.
  • PEÑAS MOYANO, M. J., Régimen jurídico de los servicios de pago en el Derecho español, Aranzadi, 2020.
  • PÉREZ GUERRA, M., “Ciberdelitos y responsabilidad civil de las entidades financieras a la luz de la jurisprudencia”, Revista de Derecho del Mercado de Valores, n.º 29, 2021, pp. 1-10.
  • REQUEIJO TORCAL, A., “Derechos y obligaciones en relación con la prestación de servicios de pago”, en URÍA FERNÁNDEZ – CARPINTERO PÉREZ (coords.): Servicios de pago: adaptación a la Directiva PSD II, Claves Prácticas Francis Lefebvre, 2018, pp. 85-122.
  • ROJO ÁLVAREZ-MANZANEDA, R., La utilización fraudulenta de las tarjetas de pago, Thomson Reuters Aranzadi, 2011.
  • RUIZ ESPINOSA, J., “Garantías legales en el pago a distancia con tarjeta efectuado por consumidores”, Revista Aranzadi de Derecho y Nuevas Tecnologías, n.º 60, 2022 (recurso electrónico).
  • RUIZ MUÑOZ, M., “Obligaciones del proveedor de servicios de pago frente al usuario de los instrumentos de pago (La Directiva y la Ley de servicios de pago, y el Anteproyecto de Ley de Código Mercantil de 2014)”, La Ley Mercantil, n.º 7, octubre 2014, pp. 1-15.
  • TAPIA HERMIDA, A. J., “La Segunda Directiva de Servicios de Pago”, Revista Estabilidad Financiera (Banco de España, Eurosistema), n.º 35, 2018, pp. 57-80.