We consider that Guideline 1.7 should be deleted as unduly restrictive and is not actually represented in the text of PSD2. Commercially, it is currently broadly accepted to combine different instruments, functions, and schemes in one mechanism (card) and to do so without impact on the consumer.
Whilst there is no specific area allocated for general comments, we propose to add the following that could be considered across all guidelines.
General - consumer protection:
In the Consultation Paper EBA stated that one of the reasons for preparing the Guidelines is to provide protection to consumers carrying out transactions with the excluded payment instruments. It is also identified that these payment instruments may represent risks which consumers may be exposed to.
We may argue that if certain card acceptance schemes are available only to B2B customers, therefore such schemes do not represent any exposure to consumers, then there is no need to such strict rules with a general application to all customers. In those cases, where consumer protection is the main reason for stricter rules, such rules should be applied to B2C customers only and these should not apply to B2B customers, therefore a distinction is to be made between the two groups.
Guideline 2.5 should be deleted. Restriction of card use to a single limited network is too restrictive and is not justified by the provisions of PSD2. Article 3(k)(i) of PSD2 requires only a direct commercial agreement between the issuer and the service provider. If this requirement is met, then it is not justified and not proportionate to establish an additional, new restriction by EBA, which would limit the card use to a single limited network.
If despite of the above reasons, EBA considers it necessary to keep this interpretation for consumer protection reasons, then this Guideline 2.5. should be applicable only to payment instruments for B2C customers.
Guideline 3.1. should be deleted. To the contrary, EBA should accept a broader interpretation of Article 3(k)(i) of PSD2 to cover both physical premises and online shops. Premises of a service provider should not be interpreted to include only physical premises. Such interpretation is too restrictive and is not justified by the provisions of PSD2. ‘Premises of the issuer’ are to be interpreted as a point of sale or shops of the issuer and that should include any type of point of sale operated by the issuer. Excluding online shops is unreasonable and is against the notion of PSD2.
Guideline 6.1. requires notification to be completed in all EU member states where goods and services are provided.
In case of cross-border provision of services, it would be advisable to allow service providers to benefit of passporting rights and allow to passport the limited network exclusion assessed by one national authority in one member state to other member states. With the Guidelines, the harmonised interpretation of PSD2 would be ensured, therefore there should be no obstacle or restriction to offer mutual recognition and acceptance of the assessment made by one authority in one of the EU member states to other member states. Completing notification obligations in all member states would be burdensome and costly for service providers providing services in more than 1 member state and it may result in that different national authorities may come to different conclusion in relation to the assessment of limited network exclusion, which may adversely impact the universal application and interpretation of PSD2 and may cause uncertainties to market players.
Perhaps not entirely clear in the Consultation Paper, but the guidelines seem to underestimate the potential notification burden both for the PSP and the Competent Authorities. This would particularly be so, where a card is issued in the home country, but can be used to purchase the limited range products/services across border. Could the Payment Service Provider, having agreed a qualifying list of goods and services under the limited range, with their home regulator, then potentially be subjected to a separate challenge process in each Competent Authority where the card is used and notified (subject to the threshold)? Please consider the level of activity and support needed to cover the notifications requirements for a group that issues their cards domestically for domestic and cross border use, and the level of extra support to manage this at a competent authority level. The level of notifications required could grow exponentially.