Parliament and the Council have reached an agreement on new rules aimed at making payment services in the European Union more open, competitive, and secure. The agreement covers both the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3).
The new regulation seeks to harmonize payment services across EU member states and strengthen measures against fraud. It will apply to a wide range of providers, including banks, post-office giro services, payment institutions, technical service providers, certain electronic communications providers, and online platforms. The directive is designed to ensure fair competition among payment service providers by clarifying authorization procedures and supervisory powers. It also aims to improve access to cash for people living in remote areas.
A key part of the agreement focuses on protecting customers from fraud. Under the new rules, if a payment service provider (PSP) does not implement effective fraud prevention mechanisms, it will be responsible for covering customer losses. PSPs must check that payee details match before processing payments; if there are discrepancies, they must refuse the transaction and inform the payer. Providers are also required to offer spending limits and blocking measures as safeguards against fraud.
If a fraudulent transaction is initiated or changed by someone other than the customer, it will be treated as unauthorized, with the PSP liable for reimbursing the full amount. Receiving PSPs must freeze suspicious transactions. In cases where customers are victims of impersonation fraud—where scammers pretend to be PSP employees—the provider must refund losses if the customer reports the incident to police and informs their PSP.
Online platforms will bear liability toward PSPs who have already reimbursed defrauded customers if these platforms fail to remove known fraudulent content after being notified. This builds upon existing protections established under the Digital Services Act.
Advertisers of financial services must demonstrate their legal status or exemption when advertising on large online platforms or search engines in each relevant country.
Users will have guaranteed access to human customer support rather than just automated chatbots. Public resources should also be used to educate people about how to avoid falling victim to fraud.
Transparency around charges is another focus area. Customers must receive clear information about all fees before initiating a payment—including currency conversion charges or fixed fees for ATM withdrawals—regardless of which operator manages the machine.
To help maintain access to cash—especially in rural areas—retail stores will be allowed to provide cash withdrawals between €100 and €150 without requiring a purchase.
The agreement includes provisions intended to foster competition by reducing barriers for open banking services such as account information and payment initiation services. Banks and other account-servicing providers cannot discriminate against authorized open banking providers regarding data access. Users will have dashboards enabling them to monitor permissions given for data access.
Manufacturers of mobile devices and electronic service providers must allow front-end service providers like apps or user interfaces fair access needed for processing payments.
The authorisation process for payment institutions has been simplified but remains subject to strict requirements regarding capital adequacy, risk controls, budget forecasts, and timelines scaled according to risk level and type of service provided. Crypto asset service providers already authorized under existing regulations would follow a streamlined procedure while maintaining appropriate risk controls.
All PSPs must participate in alternative dispute resolution processes if chosen by consumers.
René Repasi (S&D, DE), rapporteur for the regulation stated: “Consumers will benefit from new harmonized rules on the payment services regulation. Mandatory fraud preventive measures will be applied and lead to less payment fraud. Banks have to share more of the burden if they fail to do their part.”
“Today’s deal is a win for the Parliament by establishing a liability provision for online platforms where fraud started. In certain cases, they now have to reimburse banks who have reimbursed defrauded customers.”
Morten Løkkegaard (Renew, DK), rapporteur for the directive said: “This deal is a significant step toward a more open and resilient single market for payments. By updating outdated rules, we ensure Europe stays competitive in a rapidly evolving financial sector.”
“With today’s deal, we have secured better access to cash for citizens across Europe. Besides ATMs, people will now be able to withdraw money in a shop without being forced to make a purchase, ensuring cash remains a genuine and convenient payment option.”
The agreement awaits formal adoption by both Parliament and Council before coming into effect.
