EU Advocate General Athanasios Rantos has issued a non-binding legal opinion urging a reinterpretation of PSD2 to require banks to immediately reimburse cybercrime victims before determining gross negligence, rather than after. Currently, banks can delay refunds by invoking gross negligence defenses, leaving fraud victims in financial limbo. Rantos's opinion would flip this burden, forcing banks to pay first and reclaim funds later if negligence is proven. The change is expected to be formally codified in the upcoming PSD3 and Payment Services Regulation (PSR), but the Advocate General wants it fast-tracked via PSD2 reinterpretation given the slow legislative timeline. PSD3/PSR will also strengthen Strong Customer Authentication requirements and broaden authentication methods beyond smartphone-only access.
Table of contents
Rantos's hypotheticalSort: