he way that the banks have to treat their customers is set out in the “Payment Services Regulations”. The current Regulations are called PSR2017 and came into effect in mid-Jan 2018. The previous version was PSR2009.
The first link below will take you to PSR2017. It is a PDF and I suggest that you download it before trying to read it. If you open it after you’ve downloaded it, you can search for individual words by typing the word that you want in the top right-hand corner, and it will list every section with this word. Try typing in authenticated. You can also search for phrases by putting the words in “….”. Try typing in "gross negligence”.
It is a long and complex document but you might find it helpful to look at Regulations 67 to 77, and Reg 90.
The second link is to a document called: FCA (Financial Conduct Authority) Payment Services and Electronic Money - Our Approach.
The document explains how the banks should implement PSR2017. It is about twice the length of PSR2017 (because it is explaining it) so I suggest a few helpful points that you might want to look at::
- Section 8.151 (refers to Reg 67) says: "For consent to be valid it must be clear, specific and informed.” So, in my view, in order to give consent (or authority) for a payment to be valid it must show the value of the payment and at least some information about where the payment is going. Creating a New Payee is not the same as giving consent for a payment to that Payee.
- Section 8.174 (refers to Reg 72) talks about writing down your PIN.
- Sections 8.191 and 8.192 (refer to Reg 75) talk about using the “payment instrument’. This means what you use to make the payment, i.e. a card, a phone APP, or online from your computer.
- Section 8.220 (refer to Reg 77) talks about customer liability for losses and has an interesting reference to the phrase “must have”!
- Sections 8.289 to 8.296 (refer to Reg 90) deal with situations where the payment goes to the “wrong” account. See 8.293 about asking for details of the receiving bank account. See also 8.296 which makes it clear that Reg 90 applies to cases of APPF..
(Note: “Payment Service Provider” means your bank.)