Global E-Payments Guide Series, Part V: Privacy Protection for Costumer, Credit Grants and Dispute Settlement

Introduction on Global E-Payments Guide by Aliant Corporate PAG. 

Global E-payments Guide was created by Aliant’s Corporate Practice Group, where our experienced and well established lawyers from France, Italy, the Netherlands, Finland, Cyprus, U.K, Israel, U.S.A and China have answered some fundamental and up-to-date questions on E-payments. If you are interested in E-payments in any of the beforementioned countries please follow this five part series and download the more extensive guide here.

 

What do we mean by E-Payments?

By “E-Payments” (also called digital payments), we mean any payment for a good or service without the use of cash, made electronically, i.e. telematically or by internet, using an electronic device (from the traditional payment cards to computers, smartphones, tablets, smartwatches, as well as the Point Of Sale or “POS”, either contactless or with magnetic stripe reading).

 

Why are E-Payments important?

Even before the pandemic, global digital payments industry has been involved in many innovations, including mobile wallets, P2P mobile payments, real-time payments and cryptocurrencies. This new, simple-to-use, cashless payment methods have become an appealing alternative for billions of people and attracted many users.

Over the years, China and the United States developed into the world’s leading digital payments markets, but Europe is set to witness the most impressive digital payments growth. However, with social distancing rules in place, more people started embracing contactless payments as a safer way to manage their money in both developed and emerging countries and consumers are increasingly inclined to use E-payments.

From the side of the E-payment service providers, even large players such as Amazon, PayPal, Apple and Facebook are continuously investing in online and mobile payment solutions and the ongoing changes in e-commerce solutions, with the transition from individual separate online shops to integrated platforms, is creating space for new business models and new opportunities for E-payments.

In conclusion, due to fast technological developments and the increasing of consumers attitude to pay products and services by their online banking accounts as well as by E-payments and mobile payments via smartphone applications, the transition to a cashless society is inevitable and irreversible, therefore this sector is very profitable at the present and will remain productive for a long time.

 

Do you need any help in E-Payment market?

If you are an entrepreneur who wants to succeed in the E-payments market, you know that in the era of global e-commerce, after launching your services locally, you have to spread beyond national borders and therefore operate in different countries, often subject to very different rules and policies.

How do you choose where to start an E-payment service or in which country is it preferable to expand a service already successfully launched in your country?  Are administrative authorisations and/or specific requirements to operate payment services? Which activities are allowed? Are there public supervisory auditing of the activity?

To help tackle these questions, Aliant presents an overview of the different legal frameworks for payment services around the world which, without being considered exhaustive or as a legal opinion, aims of providing entrepreneurs and investors who operate internationally and who are interested in payment services with a preliminary tool for choosing the markets in which to launch or expand their payment services.

This general information is merely offered on the basis that it is not a substitute for legal advice and we cannot accept any kind of liability incurred in reliance on their content.

Of course, for any in-depth analysis or specific legal assistance in this sector, Aliant’s experts are available to advise and share their global expertise in the field of digital payments.

Are there any obligations in your country to protect personal data of E-Payments services’ customers?

EUROPEAN UNION (EU)*

EU rules on the protection of personal data provided for by Regulation (EU) 2016/679, better known as the General Data Protection Regulation (GDPR) apply to all Users who are natural persons.

Therefore, also personal data of Users of payment are subject to the following principles:

• Lawfulness, fairness, and transparency: any processing of personal data should be lawful and fair. It should be transparent to individuals that personal data concerning them are collected, used, consulted, or otherwise processed and to what extent the personal data are or will be processed;
• Purpose Limitation: personal data should only be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Data Minimisation: processing of personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
• Accuracy: Controllers must ensure that personal data are accurate and, where necessary, kept up to date;
• Storage Limitation: personal data should only be kept in a form which permits identification of data subjects for as long as is necessary for the purposes for which the personal data are processed;
• Integrity and Confidentiality: personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including protection against unauthorised or unlawful access to or use of personal data and the equipment used for the processing and against accidental loss, destruction or damage;
• Accountability: Finally, the controller is responsible for, and must be able to demonstrate, their compliance with all of the above-named Principles of Data Protection

The PSD2 also specifically provides that:

• Member States shall permit processing of personal data by PSPs when necessary to safeguard the prevention, investigation and detection of payment;
• PSPs may process Users’ data only with the explicit consent of Users;
• any processing of personal data and the information to individuals about the processing of such personal data must be carried out in accordance with European rules on data protection.

Finally, PSPs are required to adopt adequate mitigation measures and control mechanisms to manage operational and security risks.

* In order to create a single payment area where European citizens and businesses have easy access to safe cross-border payments with the same charges and the same rules the EU adopted in 2007 the first payment services directive (the so-called PSD1) applicable inside the European Economic Area to all payments executed in other way that cash, electronic payments included, establishing the rights and obligations related to this kind of services as well as the set of information that operators must give to users, and introducing a new figure of financial intermediary (payment institutions) allowed to provide payment services in competition with banks.

A new directive on payment services has been adopted in 2015 and became applicable starting from 2018 (the so-called PSD2) with the aim to improve the first set of rules and include new digital payment services, such as mobile and internet payment services, preserving consumers from frauds and abuses.

FRANCE

The protection of personal data is framed by the law of January 6, 1978 known as “Informatique et libertés”, amended to adapt it to the provisions of Regulation (EU) 2017/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of data, applicable since May 25, 2018.

Asset and banking data are personal data. In this context, the processing of this data carried out in the context of electronic payment services must comply with the Data Protection Act and the GDRP and respect their fundamental principles:

• the data must be processed in a lawful, fair and transparent manner;
• the data must be collected for specific, explicit and legitimate purposes;
• the data must be adequate, relevant and limited;
• the data must be accurate
• the data must be kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which it was collected
• the data must be processed in such a way as to guarantee appropriate security.

The subject of data protection is addressed in particular by the PSD2, which requires that:

• Member States shall allow the processing of personal data by payment systems and payment service providers where necessary to ensure the prevention, investigation and detection of payment fraud;
• payment service providers shall only have access to, process and store personal data necessary for the performance of their payment services with the explicit consent of the payment service user;
• all information on the processing of personal data carried out in the context of PSD2 is communicated to the data subjects;
• when personal data is processed for the purposes of PSD2, the purpose must be specified, the legal basis must be referred to, and the security requirements applicable by the European regulation on personal data must be met.

These requirements have been transposed into French law.

In accordance the French Monetary and Financial Code, the French data protection authority, (known as CNIL), is responsible for monitoring these provisions. Thus, this authority may receive by any means complaints relating to violations of the above-mentioned provisions.

It should be noted that the provisions of the PSD2 and the GDRP may sometimes be inconsistent, particularly with regard to the consent required from data subjects or the definition of so-called “sensitive” data. A draft guideline on these subjects was unveiled in July 2020, its final version has not yet been adopted.

ITALY

EU rules on the protection of personal data provided for by Regulation (EU) 2016/679, better known as the General Data Protection Regulation (GDPR) apply to all Users who are natural persons.

Therefore, also personal data of Users of payment are subject to the following principles:

• Lawfulness, fairness, and transparency: any processing of personal data should be lawful and fair. It should be transparent to individuals that personal data concerning them are collected, used, consulted, or otherwise processed and to what extent the personal data are or will be processed;
• Purpose Limitation: personal data should only be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Data Minimisation: processing of personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
• Accuracy: Controllers must ensure that personal data are accurate and, where necessary, kept up to date;
• Storage Limitation: personal data should only be kept in a form which permits identification of data subjects for as long as is necessary for the purposes for which the personal data are processed;
• Integrity and Confidentiality: personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including protection against unauthorised or unlawful access to or use of personal data and the equipment used for the processing and against accidental loss, destruction or damage;
• Accountability: Finally, the controller is responsible for, and must be able to demonstrate, their compliance with all of the above-named Principles of Data Protection

The PSD2 also specifically provides that:

• Member States shall permit processing of personal data by PSPs when necessary to safeguard the prevention, investigation and detection of payment;
• PSPs may process Users’ data only with the explicit consent of Users;
• any processing of personal data and the information to individuals about the processing of such personal data must be carried out in accordance with European rules on data protection.

Finally, PSPs are required to adopt adequate mitigation measures and control mechanisms to manage operational and security risks.

The NETHERLANDS

The Netherlands, as an EU Member State, is subject to European regulation as primary legislation on this matter; therefore, the privacy protection rules provided for by the European GRDP and the new European Payment Services Directive 2 (PSD2), entered into force in 2019, directly apply in the Netherlands.

Parties that offer these new payment services need access to the payment account for this. Because it is important that the privacy of the account holder remains guaranteed, the Dutch Data Protection Authority (AP) monitors the most important privacy provisions in the new legislation.

PSD2 introduced additional security requirements for all payment service providers. Companies that want to offer the new innovative services must be in possession of a license and come under supervision. In the Netherlands, this license must be requested from De Nederlandsche Bank (DNB). For example, DNB tests new providers in advance for reliability and the quality of data security.

Parties that offer these new payment services need access to the payment account for this. Because it is important that the privacy of the account holder remains guaranteed, this has been explicitly included in the implementation of the guideline.

For example, the Dutch Data Protection Authority (AP) monitors the most important privacy provisions in the new legislation. Providers of new payment services must also comply with the General Data Protection Regulation (GDPR). If this law is violated, the AP can impose hefty fines.

FINLAND

Finland, as an EU Member State, is subject to European regulation as primary legislation on this matter. If Users of e-payment services are natural persons, therefore, the privacy protection rules provided for by the European GDPR directly apply. Finland has also passed the Data Protection Act in 2019.

In compliance with the Data Protection Act of Finland, payment service providers have a secrecy obligation concerning the user’s private data.

Under the Act on Payment Services, the payment service provider must assure that any personal information of the user is solely given to the receiver of the payment, and only with the permission of the user.

Additionally in compliance with the Act, the provider cannot use, attain or store any of the user’s data, except data used for provision of the service, specifically permitted for use by the service user.

CYPRUS

The EU rules on the protection of personal data provided for by Regulation (EU) 2016/679, better known as the General Data Protection Regulation (GDPR), apply to all Customers who are natural persons.

Under the GDPR, the following principles apply:

• Lawfulness, fairness, and transparency: any processing of personal data should be lawful and fair. It should be transparent to individuals that personal data concerning them are collected, used, consulted, or otherwise processed and to what extent the personal data are or will be processed;
• Purpose Limitation: personal data should only be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Data Minimisation: processing of personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
• Accuracy: Controllers must ensure that personal data are accurate and, where necessary, kept up to date;
• Storage Limitation: personal data should only be kept in a form which permits identification of data subjects for as long as is necessary for the purposes for which the personal data are processed;
• Integrity and Confidentiality: personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including protection against unauthorised or unlawful access to or use of personal data and the equipment used for the processing and against accidental loss, destruction or damage;
• Accountability: Finally, the controller is responsible for, and must be able to demonstrate, their compliance with all of the above-named Principles of Data Protection

The PSD2 and the national Law also specifically provide that:

• Member States shall permit processing of personal data by PSPs when necessary to safeguard the prevention, investigation and detection of payment;
• PSPs may process Users’ data only with the explicit consent of Users;
• any processing of personal data and the information to individuals about the processing of such personal data must be carried out in accordance with European rules on data protection.
• Finally, PSPs are required to adopt adequate mitigation measures and control mechanisms to manage operational and security risks.

UNITED KINGDOM (UK)

The UK GDPR regime is comprised of two main pieces of legislation:

• a version of the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (the EU GDPR) incorporated into UK law (with various amendments made by Brexit legislation) following the end of the Brexit implementation (or ‘transition’) period at 11pm on 31 December 2020 (Retained Regulation (EU) 2016/679, the UK GDPR);
• the parts of the Data Protection Act 2018 that relate to general personal data processing, powers of the Information Commissioner and sanctions and enforcement, as amended by Brexit legislation following the end of the Brexit implementation period (the DPA 2018)

When considering the general processing of personal data, both the UK GDPR and the DPA 2018 should be read together as both sets of provisions directly apply. By creating the UK GDPR regime, the UK generally preserves the core EU GDPR standards in UK domestic law such as the data protection principles, rights of data subjects and obligations for controllers and processors.

The UK GDPR governs the processing of all personal data including e-payment service customers, and introduces legal obligations on data controllers and processors.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

• used fairly, lawfully and transparently
• used for specified, explicit purposes
• used in a way that is adequate, relevant and limited to only what is necessary
• accurate and, where necessary, kept up to date
• kept for no longer than is necessary
• handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction, or damage

ISRAEL

The Supervision of Financial Services Law states that no information of one client can be disclosed to another client (this does not refer to the lender).

However, if the client gives permission, the e-payment services provider may publish their name (Paragraph 38)

Of course there are other privacy laws which may apply with the relevant adjustments.

UNITED STATES OF AMERICA (USA)

There are significant laws and regulations aimed at protecting consumer data and privacy.

CHINA

Normally, these obligations are stipulated in the Law for E-Commerce of People’s Republic of China (PRC); the Law on for Cyber Security of PRC;  the Law for Data Security of PRC; the Law for Protection of Personal Data of PRC;  the Civil Code of PRC. According to these laws, collection, use of personal data must conform to the principles of legality, propriety and necessity.

For example, according to the Law for Cyber Security of PRC, when collecting and using personal information, network operators should follow the principles of legality, propriety and necessity, make public the collection and use rules, clearly state the purpose, method and scope of the collection and use of information, and obtain the consent of the recipients.

Network operators shall not collect personal information unrelated to the services they provide, shall not collect and use personal information in violation of the provisions of laws and administrative regulations and the agreement between the two parties, and shall handle the personal information stored by them in accordance with the provisions of laws and administrative regulations and the agreement with users.

Network operators shall take technical measures and other necessary measures to ensure the security of the personal information they collect and prevent information disclosure, damage and loss. In case of disclosure, damage or loss of personal information occurring or likely to occur, it shall take remedial measures immediately, inform users in time and report to the relevant competent authorities in accordance with regulations.

Further, according to the Law for Data Security of PRC, “Data” means any electronic information or other means of recorded information.

Data processing, includes data collection, storage, use, processing, transmission, provision, disclosure, etc.

Data security refers to taking necessary measures to ensure that data is in a state of effective protection and legal use, as well as the ability to guarantee a continuous state of security.

Public security organs and state security organs shall, in accordance with the provisions of this Law and relevant laws and administrative regulations, assume the responsibilities of data security supervision and control within the scope of their respective functions and duties.

In accordance with the provisions of this Law, relevant laws and administrative regulations, the Cyberspace Administration of the People’s Republic of China shall be responsible for overall planning and coordination of network data security and relevant supervision.

 

 

 

Are E-Payments service providers allowed to grant credit, even in the form of deferred payment (such as the bnpl formula)?

EUROPEAN UNION (EU)

Only PSPs which are authorized to execute e-payments where the funds are covered by a credit line for a User or to issue payment instruments may grant credits but only when credit is accessory and granted exclusively in relation to the execution of a payment transaction, it is repaid within a short period which in no case exceeds 12 months (except for credits granted by credit card), it is not granted using funds received or held by PSP for executing e-payments and PSP’s own funds are adequate with respect to the overall amount of credit granted.

Furthermore, the provisions of the Consumer Credit Directive (Directive 2008/48/EC or “CCD”) are applicable to the credits granted by the PSPs to consumers, except for credit agreements:

• of less than EUR 200 and more than EUR 75,000
• in the form of an overdraft facility and where the credit must be repaid within one month
• that do not involve interest payments or other costs
• which must be repaid within three months and only insignificant charges are payable, and
• other specific credit agreements listed by Art. 2 of CCD.

This means that if PSP intends to grant credits, also according to BNPL (Buy Now Pay Later) model, must obtain authorization to execute e-payments from a credit line granted to User or to issue e-payments instruments and, if the loan is greater than EUR 200 or is charged by interests, also be compliant to rules on advertising, pre-contractual information and conditions to be included in credit agreements provided for by CCD.

FRANCE

While credit institutions may grant loans, in principle other payment providers may not.

However, there is an exception for payment institutions if the following three cumulative conditions are met:

• the credit is ancillary in nature and must be granted exclusively in connection with the execution of payment transactions that this institution performs;
• the credit is repaid within a period of time determined by the parties and it may not exceed 12 months;
• the credit shall not be granted on the basis of funds received or held by the institution for the purpose of executing payment transactions.

ITALY

The Italian rules on consumer credit basically reproduced the structure and text of the PSD2. Please refer, therefore, to the European Union Section.

As for the BNPL model, it has only recently been introduced in Italy, therefore transactions are still low and the diffusion of this type of solution is not widespread but in recent years it has been growing quickly and is achieving one of the highest growth rates in Europe.

The BNPL formulas most used in Italy by the main operators are the offer of deferred payments for online purchases:

• in a few (usually three) interest-free monthly instalments, to be paid by debit or credit card, or
• in several instalments (usually 24-36) at the ordinary interest rate, to be paid through the payment account indicated by the user (a credit card or a banking account) or by using capital provided by other clients of the PSP.

The NETHERLANDS

E-payment services providers are allowed to grant credit if they have a license.

FINLAND

In Finland, granting credit is allowed but only if the credit is ancillary to the payment services and the credit is granted from funds other than those received or held for the purpose of executing payment transactions.

If the credit is provided from another EAA country, the credit shall be repaid within at most 12 months. This includes deferred payments.

Considering the buy now, pay later (BNPL) formula and other deferred payment plans, the maximum interest rate is 20 %. There is no legal obstacle in Finnish law for payment service providers to grant interest-free credit in the form of deferred payments. However, this is rare and generally the service providers utilising the BNPL formula charge an interest close to the maximum rate.

CYPRUS

Under art. 18(5) of the Payment Services and Access to Payment Systems Laws of 2018 (PS Law), only PSPs which are authorized to execute e-payments where the funds are covered by a credit line for a User or to issue payment instruments may grant credits but only when credit is accessory and granted exclusively in relation to the execution of a payment transaction, it is repaid within a short period which in no case exceeds 12 months (except for credits granted by credit card), it is not granted using funds received or held by PSP for executing e-payments and PSP’s own funds are adequate with respect to the overall amount of credit granted.

Furthermore, the provisions of the CCD are applicable to the credits granted by the PSPs to consumers, except for credit agreements:

• of less than EUR 200 and more than EUR 75,000
• in the form of an overdraft facility and where the credit must be repaid within one month
• that do not involve interest payments or other costs
• which must be repaid within three months and only insignificant charges are payable, and
• other specific credit agreements listed by Art. 2 of CCD.

This means that if PSP intends to grant credits, also according to BNPL (Buy Now Pay Later) model, must obtain authorization to execute e-payments from a credit line granted to User or to issue e-payments instruments and, if the loan is greater than EUR 200 or is charged by interests, also be compliant to rules on advertising, pre-contractual information, and conditions to be included in credit agreements provided for by CCD.

UNITED KINGDOM (UK)

Usage of “Buy Now Pay Later” (BNPL) products is rapidly increasing in popularity, with the volume of transactions tripling in 2020 as the pandemic drove online shopping taking total lending to £2.7bn.

There are a range of PSPs that offer BNPL terms of credit.

Presently PSPs providing credit (which not fully covered by UK credit rules) provide cannot charge backdated interest on amounts of money that have been repaid by the consumer during the BNPL offer period.

The PSPs also have to provide clear information to consumers about BNPL offers. The information should be balanced and appropriately reflect the risks as well as the benefits of the product. The PSPs must give prompts to consumers, to remind them when the offer period is about to end, so that consumers are more likely to repay the credit before they incur interest.

In February 2021, the UK government, in response to consumer protection concerns, announced plans to legislate to bring interest-free BNPL products under full supervision by the Financial Conduct Authority.

ISRAEL

In Israel, the e-payment services providers are allowed to grant credit, even offering BNPL formula.

UNITED STATES OF AMERICA (USA)

Lenders are allowed to operate on an e-payment type platform.

CHINA

Granting credit shall be governed by other laws and regulations instead of regulations of E-payment.

However, if consumers buy products on some online shopping platforms, they may choose to pay by instalments.  If the products are on promotion, the payment by instalments may not be charged with interest. For other occasions, the interest may be similar to the interest charged by banks for instalments for credit cards.  For example, for ICBC credit card, the instalment interest is :   1.65% for 3 instalments,  3.6% for 6 instalments , 5.4% for 9 instalments, 7.2% for 12 instalments . Interest may vary from bank to bank, and even credit card to credit card, and also vary due to change of policy.

Are there any forms of dispute settlement relating to E-Payments services?

EUROPEAN UNION (EU)

PSD2 expressly states that each Member State must establish ADR procedures for the settlement of disputes between Users and PSPs related to rules on transparency and execution of e-payments and ensure that said procedures are adequate, independent, impartial, transparent and effective.

The right to promote ADR procedures must be granted to both individual Users and consumer associations and must be applied to all PSPs, including their representatives.

PSPs must include information on ADR procedures and ADR entity in the general terms and conditions of the framework contract and on its website in a clear, comprehensive and easily accessible way.

FRANCE

In France, any retail consumer has the right to have recourse free of charge to a consumer mediator for the amicable resolution of a dispute with a professional.

In the case of e- payment services, this right is provided for and must be stated in the payment service contracts.

Thus, if there is no response to a complaint made against a professional within two months or if the response provided by the complaints department of this establishment is not satisfactory, the consumer may refer the matter to the mediator free of charge, provided that no legal proceedings have been initiated or are about to be initiated.

The time limit for processing cases by the mediator is 90 days. In case of particular difficulties, this period may be extended. The mediator must then inform the consumer.

If the mediator’s opinion is not in favor of the consumer or if it is refused by the institution or the intermediary, the consumer may bring the matter before the competent court. Finally, it is always possible for the consumer to bring an action before the courts without having called upon the mediator.

An annual activity report drawn up by each mediator is sent to the president of the Consumer Mediation Assessment and Control Commission, which reports to the minister in charge of the economy, to the governor of the Banque de France, and to the president of the Financial Sector Advisory Committee.

Furthermore, if a consumer subscribes to a service via the Internet, he or she can submit a complaint to the European platform for out-of-court settlement of online disputes, which will direct his or her request: http://ec.europa.eu/consumers/odr/.

ITALY

In Italy, for all controversies between customers and banks and financial intermediaries (including e-payment services) for an amount of money not exceeding € 100,000, Users could file a claim before ABF, an independent body composed by members selected by Bank of Italy, associations representing financial intermediaries and associations representing customers (consumers and professional and/or companies).

It is a decision-making alternative dispute resolution (ADR) proceeding which could be initiated by any User with minimal administrative costs (€ 20) and to which Banks and financial intermediaries are required by law to adhere.

Given the highly technical nature of the matter, the assistance of a lawyer in proceedings before the ABF is necessary, although not mandatory.

Proceedings are carried out in written form (by filing one or more defence briefs) and may last a maximum of 270 days.

Decisions, made according to the applicable law, may not be appealed and are not binding like judicial rulings, but the non-fulfilment of their prescriptions is published on the ABF website and could be evaluated by the Bank of Italy as Supervisory Authority; therefore, the voluntary compliance rate is very high. Anyway, regardless of whether the consumer has started arbitration proceedings before the ABF and of their conclusion, Users may bring the matter before the competent Court.

The NETHERLANDS

In the Netherlands, the regular courts deal with disputes involving e-payment services.

For e-payment services, there are no particular mediators.

However, the users agreement or terms & conditions of the e-payment services provider can dictate that a dispute will be resolved by an intermediary, the Financial Department of the provider or the e-payment services provider himself.

FINLAND

Under the Act on Payment Services, the payment service providers must have effective procedure to process complaints made by service Users relating to the Users’ legal rights and obligations.

The only official dispute resolution mechanism in Finland, concerning e-payment service matters, is a trial in a general court. No other instance (but the general court) has an authority to solve disputes with binding effect, unless agreed upon arbitration by the parties.

The Consumer Disputes Board is an available alternative mechanism concerning disputes between the Users and service providers but the Board’s statements are recommendations/opinions only.

CYPRUS

The Alternative dispute resolution for consumers N.85(I)/2017 transposes into national law  Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013. This aims to help consumers resolve contractual disputes with traders when they have a problem with a product or service that they have bought. Under the ADR Law, there are various private ADR service providers.

The Financial Ombudsman of the Republic of Cyprus is a public body established by law to offer out of court dispute resolution for clients of financial institutions (including PSPs and EMIs). http://www.financialombud­sman.gov.cy/forc/forc.nsf/page08_en/page08_en?OpenDocument. As with all third generation ombudsman schemes: (i) Filling a complaint is easy and may be done on-line; (ii) Representation by a lawyer is not required; (iii) the procedure is simple and much quicker compared to court law suits (maximum 6 months by law); (iv) filling a complaint is much cheaper compared to a law suit – the complainant pays a fee of 20 euros.

UNITED KINGDOM (UK)

The Financial Conduct Authority (FCA) Guidance is to make a complaint to a payment service provider or e-money issuer.  Firms are meant to respond within 15 business days.  A final response cannot be more than 35 business days from when the complaint was first received.  You can also contact the Financial Ombudsman Service.  The Financial Ombudsman Service will then make a decision.  If someone is not happy with the decision, they can take the matter to court.

There is also the Alternative Dispute Resolution for Consumer Disputes (Competent Authorities and Information) Regulations 2015 (as amended) which establishes a framework for accredited ADR entities dealing with small consumer claims and information that traders have to provide to consumers including e-payment service customers about access to ADR.

ISRAEL

In Israel, Users of e-payment services could promote arbitration proceedings for the amicable resolution of a dispute with a provider of e-payment services.

UNITED STATES OF AMERICA (USA)

Not by statute.

Arbitration provisions will usually be set forth in the contractual agreement between the consumer and the service provider.

CHINA

If there is a dispute relating to e-payment services, parties involved may seek solutions by reconciliation, mediation, complaint with governing authorities, arbitration, litigation etc in accordance with certain applicable laws and regulations of PRC, such as Civil Code, the Civil Procedural Law of PRC, the Arbitration Law of PRC. If the dispute about e-payment does not constitute a crime, it will be processed as a civil case. If so, the cost, timing may depend on the nature, difficulty, and the amount of subject etc.  For example, according to the Civil Procedural Law of PRC, cases tried by people’s court following Ordinary Procedures shall be concluded within six (6) months from the date of filing the case. If an extension is needed under special circumstances, the extension may be extended for six (6) months with the approval of the president of the court; If an extension is needed, it shall be reported to the people’s court at a higher level for approval.

If such disputes constitute crimes, they will be investigated by the Ministry of Public Security of the Criminal Law of PRC (PSB), and brought to court for a trial in accordance with the Criminal Law of PRC.

If you would like to read the entire Global Guide on E-Payments, you can download it here .

Follow us on LinkedIn.