The world of payments has undergone a silent revolution in recent years. From cheques to bankcards, then to mobile applications and contactless payment, the methods for paying for our purchases have diversified at breakneck speed.
This development has been accompanied by a constantly changing legal framework. Technological innovations have forced legislators to adapt rules originally designed for a world where electronic transactions did not exist.
Legal definition of payment services
The Monetary and Financial Code defines payment services as a sub-category of banking transactions. They include in particular :
- Execution of transfers and direct debits
- Transferring funds
- Cash deposit and withdrawal services
- Payment account management
This definition stems from European Directive 2007/64/EC, transposed into French law by Order no. 2009-866 of 15 July 2009. This directive created a European market for payment services and stimulated competition between service providers.
The PSD2 Directive (2015/2366/EU) then strengthened this framework in 2018, with a particular focus on security and innovation.
Article L.521-3 of the French Monetary and Financial Code sets out the exceptions to the monopoly of payment service providers. For example, a company may provide payment services limited to its premises or to a restricted acceptance network.
A ruling by the Court of Cassation on 30 June 2021 (no. 19-21.418) confirmed that these companies do not fall into the category of payment service providers and are therefore not subject to the same regulatory obligations.
New players: payment institutions
The Order of 15 July 2009 created a new category of players: payment institutions. These structures can provide payment services without being traditional banks.
They have fewer statutory obligations, with initial capital ranging from €20,000 to €125,000 depending on their activity. This innovation has led to the emergence of fintechs and specialist players, shaking up the banking monopoly.
The service provider's information obligations
During a transaction, the payment service provider must provide the user with precise information. Article L.314-7 of the French Monetary and Financial Code prohibits charging for this information.
The obligation to provide information concerns :
- Contractual conditions
- Applicable fees
- Terms and conditions
- Safety measures
- Complaints procedures
The burden of proof lies with the service provider. Under article L.316-2 of the French Monetary and Financial Code, it is up to the service provider to demonstrate that it has correctly informed the user. This provision effectively protects consumers.
In practice, banks must document each stage of the information process. Failure to do so could result in liability in the event of a dispute.
Focus on direct debit
A direct debit is a means of payment where the creditor initiates the transaction. This differs from a credit transfer, which is initiated by the payer.
The Court of Cassation clarified the direct debit mandate regime in an important ruling on 24 May 2018 (no. 17-11.710). It establishes that the payment service provider is not required to verify the existence of the direct debit mandate, unless there is an apparent anomaly.
In practical terms, the sampling cycle is as follows:
- The payer gives his consent to the payee
- The payee sends the order to the payer's service provider
- The service provider carries out the operation without systematically checking the mandate
This case law eases the banks' obligations. They can simply check for obvious anomalies without verifying each mandate.
Order no. 2009-866 of 15 July 2009 also prohibits service providers from contractually preventing merchants from applying charges or discounts depending on the payment method chosen.
However, it prohibits the practice of "overcharging" (additional charges for certain means of payment) so as not to discourage the use of bankcards.
There are strict time limits for disputing a direct debit. Customers generally have 8 weeks to dispute an authorised direct debit, and 13 months for an unauthorised direct debit.
Responsibilities and claims
When it comes to payment services, responsibility is divided between the service provider and the user according to precise rules.
The service provider is responsible for :
- Correct execution of operations
- The security of payment instruments
- Data confidentiality
The user must :
- Take all measures to ensure the safety of its systems
- Notify us immediately of any loss, theft or fraudulent use
- Quickly challenge unauthorised transactions
In the event of an unauthorised transaction, the service provider must refund the amount immediately, unless the user has committed gross negligence or fraud.
The law provides for specific mediation for disputes relating to payment services. This procedure is free of charge and suspends the statute of limitations.
Professionals will need to take particular care to ensure compliance with this complex legal framework. Legal support is often needed to navigate these technical rules.
Sources
- Monetary and Financial Code, articles L.133-1 et seq., L.314-7, L.316-2, L.521-3
- Order no. 2009-866 of 15 July 2009 on the conditions governing the provision of payment services
- Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007
- Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 (PSD2)
- Court of Cassation, Commercial Chamber, 24 May 2018, no. 17-11.710
- Court of Cassation, Commercial Division, 30 June 2021, No. 19-21.418
EN 
FR