EN
Corporate

New Swedish rules for online payments have entered into force

logo
Legal news
calendar 23 September 2019
globus Norway

On 14 September 2019, the remaining rules in the EU Directive PSD2 has been implemented in Sweden in the Swedish Payment Services Act. The new rules aim to make e-commerce safer through more requirements for the web-shops' online payment systems. From now on online payments can only be made using strong customer authentication in Sweden. IUNO takes a closer look at the new Swedish rules and how they will affect e-commerce in Sweden

Higher customer authentication requirements - safer online commerce

The EU PSD2 rules, introduced in January 2018, aim to make online payments safer and to avoid cases of credit card misuse. The requirements introduced in the EU Directive are amongst other things a so called strong customer authentication that have now been implemented into Swedish law.

In order to comply with the new legislation, a two-factor authentication is necessary when making payments over the internet. The new national regulation will, therefore, affect businesses and traders engaged in online commerce as well as costumers buying online. The new regulation is to be found in Chapter 5 (b), Section 4 of the Payment Services Act (2010: 751).

From now on, costumers will have to pass through at least two of the following elements when approving an online payment:

  • Something the payer knows (eg. a password)
  • Something the payer has (eg. a debit card)
  • Something the payer is (eg. fingerprint)

Therefore, it is important that all Swedish businesses with an online shop have made sure that their online platform supports at least two of the above-mentioned elements. In order to finalize a transaction, customers must approve their payment with at least two factors, for example payment cards and a confirmation code on SMS, or the use of Bank-ID.

Before the deadline for the implementation of the new rules, The Swedish Financial Services Authority assessed that there would be few problems with the rules for Swedish e-commerce sites. This was due to the fact that bank-ID was already used to a large extent in Sweden.

Not all EU member states has had a implementation as simple as the Swedish. One example is Danmark where the implementation has been postponed with 18 months due to infrastructural complication. This is primarily because it is common to use the Danish equivalent to the Bank ID in the same extend that we see in Sweden.

Transitional period

There is no general transitional period. The rules were, therefore, effective from 14 September 2019.
In order to avoid negative consequences, the European Banking Authority (EBA) has given national financial services authorities the opportunity to give companies a limited time to adapt to the new requirements. It is, therefore, possible to apply for an individual time-limited implementation period in Sweden. A detailed time-restricted migration plan must be presented to the Swedish Financial Services Authority.

Failure to comply with the new rules

All businesses are liable for any losses incurred in connection with any abuse if they are not compliant with the new rules. In addition to this, the financial companies and other parties in the payment flow have the right to reject payments that have not been made with two-factor approval and, therefore, one can risk losing profit.

IUNO’s opinion

It is important that all Swedish online businesses secure their online payment solutions and that they make sure to have the necessary technical layout of their web-shops. If companies do not comply they risk having their customer’s payments rejected.

If your company is not compliant, it is important to contact the Financial Services Authority and request for an individual time-limited implementation period. If you have any questions about the new rules or need our help to request for an individual time-limited implementation period, please do not hesitate to contact us.

Higher customer authentication requirements - safer online commerce

The EU PSD2 rules, introduced in January 2018, aim to make online payments safer and to avoid cases of credit card misuse. The requirements introduced in the EU Directive are amongst other things a so called strong customer authentication that have now been implemented into Swedish law.

In order to comply with the new legislation, a two-factor authentication is necessary when making payments over the internet. The new national regulation will, therefore, affect businesses and traders engaged in online commerce as well as costumers buying online. The new regulation is to be found in Chapter 5 (b), Section 4 of the Payment Services Act (2010: 751).

From now on, costumers will have to pass through at least two of the following elements when approving an online payment:

  • Something the payer knows (eg. a password)
  • Something the payer has (eg. a debit card)
  • Something the payer is (eg. fingerprint)

Therefore, it is important that all Swedish businesses with an online shop have made sure that their online platform supports at least two of the above-mentioned elements. In order to finalize a transaction, customers must approve their payment with at least two factors, for example payment cards and a confirmation code on SMS, or the use of Bank-ID.

Before the deadline for the implementation of the new rules, The Swedish Financial Services Authority assessed that there would be few problems with the rules for Swedish e-commerce sites. This was due to the fact that bank-ID was already used to a large extent in Sweden.

Not all EU member states has had a implementation as simple as the Swedish. One example is Danmark where the implementation has been postponed with 18 months due to infrastructural complication. This is primarily because it is common to use the Danish equivalent to the Bank ID in the same extend that we see in Sweden.

Transitional period

There is no general transitional period. The rules were, therefore, effective from 14 September 2019.
In order to avoid negative consequences, the European Banking Authority (EBA) has given national financial services authorities the opportunity to give companies a limited time to adapt to the new requirements. It is, therefore, possible to apply for an individual time-limited implementation period in Sweden. A detailed time-restricted migration plan must be presented to the Swedish Financial Services Authority.

Failure to comply with the new rules

All businesses are liable for any losses incurred in connection with any abuse if they are not compliant with the new rules. In addition to this, the financial companies and other parties in the payment flow have the right to reject payments that have not been made with two-factor approval and, therefore, one can risk losing profit.

IUNO’s opinion

It is important that all Swedish online businesses secure their online payment solutions and that they make sure to have the necessary technical layout of their web-shops. If companies do not comply they risk having their customer’s payments rejected.

If your company is not compliant, it is important to contact the Financial Services Authority and request for an individual time-limited implementation period. If you have any questions about the new rules or need our help to request for an individual time-limited implementation period, please do not hesitate to contact us.

Receive our newsletter

Aage

Krogh

Partner

Similar

logo
Corporate

24 June 2021

Pitfalls in intra-group support statements

logo
HR Legal Corporate

2 May 2021

Non-competition clause not covered by the Employment Clauses Act

logo
HR Legal Corporate

15 April 2021

Internal investigations in Denmark 1

logo
Corporate

5 April 2021

New recommendations for good corporate governance

logo
Corporate

17 March 2021

The basics of distributing extraordinary dividend

logo
HR Legal Corporate Technology

15 March 2021

New Act will introduce requirements on whistleblower schemes

The team

Aage

Krogh

Partner

Anna

Bjørk Dahlin Irvold

Senior legal assistant

Johanne

Tange Thams

Legal assistant

Matilde

Grønlund Jakobsen

Associate

Pernille

Skall Søby Nielsen

Legal assistant

Signe

Kræmer Pedersen

Senior legal assistant