1. Ferenc Suba LLM, MA Chairman of the Board, CERT-Hungary, Theodore Puskás Foundation Vice-Chair of the Management Board, European Network and Information Security Agency Member of the Board Hamilton Stock Brokerage Ltd. Electronic payment

2. e-Money eMoney: - monetary value - stored on an electronic device (credit card, smart card, e-check, e-account, etc.) - accepted as payment - based on trust - wide-spread: only 8% of the world’s currency is in cash

3. e-Payment ePayment: - any kind of non-cash payment - methods: credit card, debit card, clearing house - types: one time customer to vendor, recurring customer to vendor, automatic bank to vendor - benefits: convenient for consumer, low cost for businesses - popular: online bill pay services (PayPal, banks) - risky: identity theft, hacking, phishing

4. Relevant EU directives Directive 2000/46/EC on electronic money institutions (issue means of payment in e-money) Directive 2007/64/EC on payment services (any kind of e-payment)

5. BACKGROUND TO PAYMENT SERVICES DIRECTIVE (PSD) Objectives: -To establish a Single Payment Market (common framework) - To introduce more competition (EU wide payment services) - To reduce costs of payment (231 billion payments per year in the EU costing 52 trillion Euros, e-payment ten times cheaper than cash) Single Payment Market: - Allows EU citizens to make e-payments in the whole EU - Same rules for every MS relating to e-payments

6. SINGLE EURO PAYMENTS AREA (SEPA) Initiative by banks "European Payments Council" (EPC), a common decision making-body of banks EPC develops procedures, rules and standards for EU-wide payments (credit transfers, direct debits, credit and debit card payments) in euros by 31st December 2010 PSD provides necessary legal platform

7. SCOPE OF PSD Electronic payments: - made in any EU currency - both the payer’s payment service provider and the recipient’s payment service provider is located in the EU ("two-leg payment transactions") - possibility of „one-leg payment transactions” and non EU currencies after 3 years

8. Which actions and players? money remitters, payment transactions carried out by mobile telecom operators full-range payment service providers (e.g. credit transfers, direct debits, card payments, including credit related to the payment) payment related services (operation of payment systems)

9. Obligations for payment providers Execution time: all credit transfers without any currency conversion must mandatorily be carried out at the latest by the end of the next business day (i.e. the so-called "D+1" basis)

10. Liability Liability of a payment provider in case of non- execution or defective execution of a payment transaction Liability of payment service user in case of misuse of a payment instrument (limited to EUR 150). This amount may be reduced by Member States no liability for unauthorised payments occurring after the user has properly notified his/her payment service provider.

11. Obligatons for payment providers Full amount principle (the full amount specified in a payment order shall be credited without any deduction to the beneficiary). Conditions for refunding when a payment transaction has been authorised. Irrevocability of payment orders (e.g. the ability of the payment service user to reject a payment wrongly made on his/her behalf)

12. Benefits for consumers Permit cross-border direct debits (paying bills in whole EU). Allow the use of a debit card anywhere in the euro area: particularly useful for persons who do not have a credit card, or for making low-value purchases for which a credit card is often not accepted.

13. Benefits for consumers Only one bank account is needed for the whole euro area: persons working or studying abroad in another euro area country will be able to manage all their finances from an existing euro account in their home country. Faster payments: the D+1 rule means payment monies must be credited to a recipient's account at the latest by the end of the next business day. Banks will no longer be able to keep for up to 5 days the funds received before executing a payment.

14. Benefits for consumers Immediate use of payments received: value dating to the disadvantage of the user is no longer permitted; so when payment monies are credited to an account, a recipient will have full and immediate use of the monies. Crediting of the full amount: the full amount in a payment order shall be credited without any deduction to the beneficiary. (charge for the receipt of credit transfers allowed but the amount charged separately shown and deducted).

15. Benefits for consumers Enhanced consumer protection: better information and clear rules on refund where a transaction is wrongly executed. Limited liability: in the case of loss or theft of a payment instrument (e.g. a debit or credit card) the maximum liability of consumers limited to EUR 150 (except for fraudulent behaviour). Amount may be reduced by Member States and no liability for unauthorised payments after the user notified his/her payment service provider.

16. Some thoughts on Consumers Challenge: - How to protect them? (weakest link) - How to educate them? (bad students?) - How to make them liable/responsible? (internetbanking) Opportunity: - IT security as part of national curriculum - Technical empowerment („outsourced workstation”) - Awareness raising (professionally userfriendly ) - Role specific division of liability (balance between outer protection and self-responsibility)

17. Thank you for your attention! ferenc.suba@cert-hungary.hu PTA CERT-Hungary www.cert-hungary.hu Theodore Puskás Foundation www.neti.hu www.neti.hu ENISA www.enisa.europa.eu Hamilton Stock Brokerage Ltd. www.hamilton.hu/uj/index_html.hu

18. Questions Who runs Single European Payment Area and European Payment Council? What are the objectives of the Payment Services Directive? Can you specify the D+1 rule? Is your bank liable if your computer using the bank’s internet bank application has been hacked?