Copia de Nueva normativa de pagos y bancos electrónicos

New European regulations for payments and cards

Once again we are turning to current legislation for the security of online payments. Since last Saturday, 09/14/2019, the law that forced banks to put more obstacles for those who try to make an online payment with a card that does not belong to them came into force.


In general, there are very few people reluctant to buy online, the benefits of comfort and practicality are imposed in all our types of society, since it does not matter in the field that we think is also being imposed on the network.

Why it would be another topic to ramble on, but in summary what we all want is to buy what we need at any time anywhere without worrying about much more. The most important small pitfall of which online sales must be defended is that of payment security. How many times have we hesitated to put our card number? How many times have we heard about errors in online security?

European regulations taking care of the insecurity that produces that they can steal a card and use it massively online has promulgated a new law that basically fights this. The fraudulent use of the cards, and therefore implies that banks have to make them safer, and that their legal owners have less financial responsibility if they unfortunately use it.

But the European guidelines not only affect card payments but also the deposit into our bank accounts.

Given the complexity of the system, the Bank of Spain has granted an adaptation period, only for online tpv gateways, for payment of purchases to websites. We still have to decide how much moratorium time we count.

What is a POS

POS: Point of sale terminal, that is, the devices with which we are charged by card. Online POS, the gateways provided by the websites to make the payment and that takes us to the payment service. These POSs are not managed by web pages, but it is the same banks or payment gateways that manage transactions and security.

3 types of possible identifications.

Currently we can identify by 3 different ways, included in the logic;

  1. Something I know
  2. Something i am
  3. Something i have

Something that I am

Obviously here we advance in the most fervent technology of personal psychometric aspects, fingerprints, retina, facial recognition …

Something I know,

It is like until now we have always been doing in all places, a password, a pin, and although every time they require more complications, letters, numbers, capital letters, symbols .. All the good men of the network have ever lived the inability to see how we weren’t going to be able to put a password up to security demands …

Something I have

or I will have when I try to make a payment with my card, until now the most normal have been messages with a code, or encrypted cards that gave us a code after receiving another, the variety can be immense, from mails to all kinds of systems to send us a key that hung from another.

New PSD2 regulations

Minimum 2 identifications.

From this last Saturday it will be mandatory for the client to identify with 2 of the possible methods explained above to pay at a POS gateway or to enter their online bank account. It will not only be valid with a password but we will have to add another type of security. Always 2 and different. That to the practice for the common user has a little more complication but much more security, that in front of a theft or theft of our card it becomes really much more difficult to use it online.

This double identification will not always be mandatory, if a customer purchases less than 90 days apart, the second authentication may not be requested.

Less economic responsibility

Until now, users of online banks or payment gateways were responsible for unauthorized payments for up to a limit of € 150. From this Saturday we would only put € 50 in our pocket in case of fraud.

More ease in payment, faster

In a near time we should be able to make payments directly to the website, without having the tpv intermediary, that is, from the web to the bank. This is not currently implemented but it really is what this new regulation follows the PSD2 Payment Services Directive 2.