Regulations on payment platforms in electronic transactions

In today’s commercial landscape, the use of online payment platforms has become essential to carry out transactions between marketplaces or e-commerce sites and customers.

The role of these payment platforms is to approve the transactions carried out, as well as to secure the information provided by the customer.

However, in this article we will examine the regulation of payment platforms from both an EU and Spanish perspective.

1.- Regulation (EU) 2016/679

The economic integration of the internal market drives cross-border flows of personal data, which requires a robust and effective European regulatory framework on data protection to ensure security in those data exchanges and thereby foster the development of the digital economy.

These ideas underpin Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This European regulation sets out how individuals’ data must be processed, recognising the right of access to such data, the right to rectification, and the right to have it erased. In addition, it is the rule that underpins the creation of the regulation known as PCI DSS, an acronym for Payment Card Industry Data Security Standard.

2.- Directive (EU) 2015/2366

In December 2022, the latest amendment to Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market was made, introducing a neutral definition of a payment transaction in order to include other methods that were not previously contemplated, thus going beyond conventional forms of electronic payment such as credit and debit cards.

This directive considers that as more technical advances emerge, there are greater security risks in electronic payments due to their complexity. This is why, following Directive 2015/2366, commonly known as PSD2, the way users could identify themselves when making an electronic payment was changed.

Up to this point, the payment data verification process was carried out using the payment card information and a verification code or SMS and, after the introduction of this rule, e-commerce businesses are required to implement so-called two-step authentication, in which the user must identify themselves using at least two of the three available methods.

With PSD2, the payment process is also simplified, so that payment platforms cease to be external and are integrated into the merchant’s own website. With this type of payment platform, the user completes the purchase process more quickly and, by not changing pages, it gives them a greater sense of security.

3.- Royal Decree-Law 19/2018 (Spain)

At national level, Royal Decree-Law 19/2018 of 23 November on payment services and other urgent measures in financial matters classifies certain key concepts for the correct understanding of EU rules.

Its purpose is payment services and the measures related to them, such as how such payment services are provided, the legal regime of payment institutions, and their transparency regime. It also sets out the rights and obligations of payment users and of the providers of those services.

Likewise, its provisions include the definitions of certain concepts such as payment institution, payment account, payment instrument, payment transaction, payment system, and so on.

4.- Organic Law 3/2018 (Spain)

In order to align EU data protection legislation with the Spanish legal system, Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights was approved. It should be noted that another of the aims of this law is to guarantee Article 18.4 of the Spanish Constitution.

In short, since the matter to be regulated arises from economic relationships between different states, the pioneering regulations that provide security to those relationships are those of the European Union. States simply adopt that legislation aimed at regulating the operation and content of payment platforms.

5.- How can we help you?

The Banking and Finance Department and the New Technologies Department at In Diem Abogados work jointly to provide legal advice and guidance when interpreting Spanish and EU regulations for the implementation of online payment gateways. Our team specialises in payment platforms for electronic transactions.

The Banking and Finance Department and the New Technologies Department at In Diem Abogados work closely with Cryptoveritas 360, an international company specialising in consulting and development of blockchain projects, smart contracts, crypto payment method integration, among many other solutions, ensuring that their operations meet all the necessary requirements.

Contact IN DIEM Abogados 24 hours a day, any day of the week, with no obligation.

We guarantee the best possible outcome, whatever your case may be.

Personalised and professional service
Support throughout the entire legal process
24-hour contact with your expert criminal defence lawyer
Absolute confidentiality

Author: Lucia Arce Espejo

Expert lawyers in online payment platforms : Malaga, Marbella, Seville, Madrid, Las Palmas de Gran Canaria, Almeria, Huelva…

In addition, IN DIEM lawyers have extensive experience and a high level of specialisation in Financial Law, providing advice in relation to the integration of payment gateways for marketplaces or e-commerce, in fiat currency or cryptocurrencies, offering clients personalised support at all times.

IN DIEM lawyers have a team with experience from previous roles such as Judge, State Attorney, Public Prosecutor or University Lecturer, which will give you peace of mind and confidence, as you will have the best team—competitive and highly qualified—to achieve your objectives and meet your needs.x

We are at your disposal for whatever you may need. You can reach us by phone at IN DIEM Lawyers on (+34) 901 900 071. For urgent matters, you can reach us on the IN DIEM 24-hour Emergency Lawyers number: (+34) 610 667 452.

Did you know that IN DIEM Lawyers offers an online service and an urgent service?

We offer our clients the possibility of being assisted via video call or videoconference, as well as by telephone, according to their preference, so that assistance is as personal as possible, with immediate response, and without the need to travel. This service is complemented by communication via email, which facilitates the review and delivery of documentation.

Likewise, we offer urgent and 24-hour services for our corporate clients, handling national and international contracting transactions.

For more information on the Online Legal Advisory Service HERE, and on the 24-hour and Urgent Service, HERE.

IN DIEM 24-hour emergency lawyer - Seville Malaga Huelva Madrid Las Palmas Dos Hermanas Mairena Coria de Rio — Online Legal Advice

Would you like to know more about In Diem Lawyers? Here is this short introductory video…

You will find us in Seville, Madrid, Las Palmas de Gran Canaria, Malaga, Tomares, Coria del Rio, Dos Hermanas, Mairena del Alcor, Estepona, Marbella, Mairena del Aljarafe… we will be pleased to assist you…!!