The EU-Originated Revised Payment Services Directive (PSD2) Has Made Monetary Privacy Increasingly Elusive • Technical Politics

15 February 2020 - 07:48
Business / Commerce / Money and Markets / Privacy
976

Privacy is a foundational right.

Without privacy, society cannot function.

Without your own private space, private thoughts, private speech and private actions, we can function as full citizens, and instead are made depressive or neurotic.

While privacy is imporant in all walks of life, it is essential for certain activities and professionals, including journalists, corporate whistleblowers, government critics, inventors, investors, police detectives, security professionals, and public figures: privacy keeps their families safe; their inventions secret; and, their corruption pieces from being quashed before they can be printed.

Many other rights from freedom of speech, freedom of movement and free assembly depend on you having a right to privacy, and both privacy in the absolute sense and these related rights depend on you being able to make a private transaction.

It has been said for some time that nothing digital is private. For all that, we should not welcome further attempts to restrict online privacy.

The Revised Payment Services Directive (PSD2), which came into UK law as ‘The Payment Services Regulations 2017‘ require online payments companies to secure strong customer authentication. According to the law, ‘strong customer authentication’ means “authentication based on the use of two or more elements that are independent, in that the breach of one element does not compromise the reliability of any other element…”, namely “(a) something known only by the payment service user (“knowledge”); (b) something held only by the payment service user (“possession”); (c) something inherent to the payment service user (“inherence”)”.

Section 75 puts the onus on the payment service provider to prove that they have gained strong customer authentication before allowing a transaction in the event that the transaction is disputed.

In reality, this and other provisions mean that payment services providers are highly-incentivised to comply.

This is why Paypal, for instance, has announced that “In order to access your PayPal business account after March 31st 2020, you will need to ensure you have an up-to-date mobile phone number associated to your account.”

The largest players typically welcome such regulation not only because they view it as diminishing fraud, but also because compliance is disproportionately burdensome for small players stifling competition and strengthening their monopolistic grip on the market, in this case the payment services providers.

The beauty of cash is that it is highly democratic. Even a child can set up a lemonade stand and start collecting pocket money. Businesses can get their start without becoming immediately in thrall to the bank. You can give to unpopular organisations or buy a book on gout without worrying about who will find out.

Today, monetary privacy is increasingly under threat.

There is a legitimate government interest in going after terrorists, fraudsters and organised crime, and that naturally involves gaining court orders to investigate their finances. But entangling all of society in a giant cobweb and big government and big business surveillance of daily life is not the answer.

The present UK Government’s record on civil liberties might best be described as mixed. Let’s hope that powerful voices step forward in Parliament to make the case for privacy, monetary and otherwise.

Author: David McHutchon

Article Licence: CC BY-ND 4.0

Picture by William Iven from Pixabay.