Security and privacy

“The payer would like to refrain entirely from providing sensitive financial information such as bank account details or credit card numbers. For customers, therefore, payment methods are particularly
interesting in which they deposit their payment details only once with a single trusted provider and are passed on in the online payment transaction either to this provider or the online banking portal of their house bank to log in there and trigger the payment process. “

In the assessments of acceptance, the importance of security and privacy is clearly visible. “Safety remains a highly critical issue. Money is easier to divert than any physical good. Every solution already carries its attempts to avoid it, the fight of the good against the bad remains a permanent task. “The same applies to the personal data. When asked “What do you think about your personal risk of
becoming a victim of the following dangers?”, The first and most common danger is that nearly two- thirds mention the risk of reselling their data, including a clear majority of 14-29 year olds (57 %).

2 conclusions

For citizens to be able to act at all and to be more or less “mature”, this requires full transparency as a necessary condition, but even more important is the sufficient condition that the information is of high
quality and not made transparent anywhere willfully or unintentionally, and often unconsciously, create personal information that third parties, such as the owners of business models of the business offering or decision makers of governmental institutions, can and want to exploit, personal information often having an institutional, social, and / or economic value; that all actors, in principle therefore also the consumers, should be able to use individually or collectively as a subject of negotiation, which seems to
be decisive from the perspective of the citizens, how simple, understandable It is clearly recognizable that the offers used are paid out of the personal data (also through the transfer to third parties) and whether in the case of refusal there are possibilities of avoidance as well as alternative solutions besides the non-use of the service. This includes the simple, clear and comprehensible identification of how
personal data is used for direct or indirect personal, geographic and technology-dependent (for example, depending on the device used) price differentiation.

Likewise, this concerns labeling in terms of (IT) security, including the declaration of the expected and obligatory contribution of the payer.

As far as a desirable regulatory solution for consumer policy is concerned, a transitional solution is conceivable. An at least initial willingness to pay for high standards of security and data protection could be accommodated by a special award. Considerable here would be a seal of quality, which simply and understandably documented that a payment service provider in terms of security and reliability and in terms of the protection of personal data more than meets the statutory minimum requirements.

Alternatively, however, it would also be conceivable to obtain the guarantee against payment that all data will be completely deleted after a usage unit (session). Due to the current subscription, the regulatory field of the implementation of the Payment Accounts Directive is also being discussed in German law. This is an important issue in relation to the opportunities and risks of innovative payment services and their acceptance, partly because the payment account represents essential access, effectively the key in payment transactions.

However, when implementing the basic idea of improving the transparency of information on payment account fees, the same needs have to be considered from the point of view of consumers, as for other financial products. In general, to oblige payment service providers to “inform consumers both before conclusion of the contract and during the contract period of the charges [for, AOe] required for payment account services …” and, in principle, a “… facility of comparable websites … “is barely sufficient in the
light of past experience with product labeling in the area of consumer finance. It is a necessary condition for the functioning of the social market economy, not more.

Beyond this necessary condition, analogous to the still lacking regulation on product information in the
consumer finance sector, there is still a lack of high-quality, up-to-the-minute information, such as could
be ensured by means of standardized sample specifications to suppliers and users in the financial, trade
or payment services under regular control to make it easy, understandable and comparable for potential
users to assess which risks exist:

  • Safety,
  • data protection (who records, stores, processes and passes on or resells personal data when, in what manner and with which approval processes and consequences),
  • availability,
  • indebtedness and alternatives ex ante (overdraft, overdraft facility, alternative consumer credit);

which costs arise directly and indirectly during use:

  • account management,
  • card issuance,
  • card usage at home and abroad,
  • withdrawing cash,
  • non-cash transactions online or paper-based,
  • account information including account statements in paper form or for self-responsible download,
  • security requirements & customer liability;

which services and payment services are directly connected to the payment account, including the above-mentioned comprehensive information on the Risks and costs, for example access

  • to branches,
  • to cash dispensers,
  • to multifunctional terminals,
  • for online banking,
  • for mobile payment and which additional services can be selected, including the comprehensive information on risks and costs mentioned above.

To ensure that the websites in question are suitable for comparing the conditions in the above- mentioned sense and can give rise to the corresponding market confidence, essential requirements regarding identification & transparency, verification as well as relevance & usefulness must be observed.

In addition, regular checks should be carried out in a controlled manner and documented in a robust manner (with reversal of the burden of proof).

Neither the two directives on payment services (and on the payment accounts themselves, nor the present draft bill on transposition into German law) contain such minimum requirements that would
actually enable different groups of citizens to make clear, simple and understandable terms about payment accounts and payment services to be informed in a high-quality way so that (potential) customers can only be in a position to deal self-directed and critically with financial products because they are now able to perceive and assess the information (type and functionality, risks, costs).