On 11 November 2020, the First Chamber of the Court of Justice of the EU (CJEU) published a preliminary ruling in the case of Denizbank AG v Verein fur Konsumenteninformation (Case C-287/19) on the interpretation of the revised PSD2.
The case concerns the interpretation of PSD2; in particular, focussing on the use of tacit consent of variation, the transfer of liability for unauthorised payments to the payment service user and the application of PSD2 to near-field communication (NFC or contactless) functionality.
Validity of tacit consent to contract variation
The CJEU was asked whether Article 52(6)(a) of PSD2, read in conjunction with Article 54(1), must be interpreted to mean that a payment service provider (PSP) may unilaterally vary the terms of their framework contract with any given user of services by virtue of the presumption of tacit (or passive) consent as per the conditions set out in the change provisions of the framework contract, even in circumstances where the user is a ‘consumer’.
In a welcome decision for PSPs, the CJEU did not follow the Advocate General's April 2020 opinion that tacit acceptance of changes to terms and conditions in framework contracts could only be relied on in respect of "non-essential changes". Instead, the CJEU found that PSD2 does not restrict the type of terms that can be changed by tacit consent, but where the payment service user is a consumer the Unfair Terms in Consumer Contracts Directive applies
Legal separability of NFC (contactless) functionality
In addressing whether the contactless functionality of a personalised multifunctional bank card constitutes a ‘payment instrument’, the CJEU considered the legal separability of such NFC function.
The CJEU found that contactless functionality is legally separable from other functions of a bank card and therefore, taken in isolation, it constitutes a payment instrument within the meaning of Article 4(14) of PSD2;
As such, the CJEU ruled that a payment card may incorporate several separate payment instruments which may hold knock-on effects with regards to how payment cards and their respective credentials are issued by a PSP and in turn, what may be deemed an unsolicited payment instrument.
Defining ‘anonymous’ use
The CJEU was also asked to consider whether contactless functionality of a personalised multifunctional bank card would constitute ‘anonymous’ use of the payment instrument in question. The CJEU ruled that The use of NFC functionality for low-value payments constitutes “anonymous use” within the meaning of Article 63(1)(b) PSD2.
Article 63(1)(b) allows parties to derogate from various protective provisions under PSD2 such as: (i) Article 72, which requires the PSP to prove the authentication and execution of payment transactions; (ii) Article 73, which establishes the principle that the PSP is liable for unauthorised payment transactions; and (iii) Article 74(1) and (3), which allows partial derogation of liability for unauthorised payments onto the payer up to an amount equalling EUR 50, except after notification to the PSP of the loss, theft or misappropriation of the payment instrument.
Such derogations permitted under Article 63(1)(b) in respect of low-value payment instruments, may only occur in circumstances where ‘the payment instrument is used anonymously’ or where ‘the payment service provider is not in a position for other reasons which are intrinsic to the payment instrument to prove that a payment transaction was authorised’. The CJEU concluded that a PSP shall be ‘objectively unable to identify the person who paid using that functionality and thus unable to verify, or even prove, that the transaction was duly authorised by the account holder’.
Burden of proof required for further Article 63 derogations
A PSP cannot, without evidence, rely on the derogation under Article 63(1)(a) to relieve itself from its obligation to protect users of payments services against loss caused by fraud. The CJEU ruled that the burden of proof sits with the PSP to establish that the instrument does not allow its blocking or prevention of its further use.
and then 