Cashback, in the days of refund problems to the appIO: the PSD2 update is activated

To date, more than 10 million 345 thousand Italians have downloaded theappIO, the application of public services that in fact represents a single access point to interact in a simple and secure way with the local and national Public Administration, directly from the smartphone. Essential application to be able to participate in the Cashback program (all cards and applications are accepted here).

In the only Cashback experimental phase, which opened on December 8 and closed on December 31, attended by more than 3 million people, obtaining more than 222 million refunds, already paid directly to the current accounts of Italians, for an average amount of 69 euros each. Only 3% of the total went to the maximum amount of 150 euros (here are the indications on what to do for those who have not yet received the refund).

However, after the squeeze against cunning, it seems increasingly clear direction of the new Draghi Government to say goodbye to the State Cashback, diverting the approximately 5 billion allocated to the provision by the Conte government towards other measures. Given that several analysts consider it only a palliative, with a quite marked populist touch, the plan was, however, especially appreciated by the public.

Problems with the appIO

But just on the day the refunds were closed, Monday, March 1, theappIO has stopped working properly and it gave many problems to those who had to use it. After two days, the situation has not yet been unlocked.

In fact, opening the appIO, as you can see in the screenshot below, in the part dedicated to Cashback the words:

In-app payment services and add-on methods are temporarily unavailable.

The reason? It is not an actual glitch or mistake, but a update of the pagoPA system necessary to implement the new requirements of the Payment Services Directive, the so-called PSD2, a European Union standard designed to make online payments even more secure.

What is the Payment Services Directive (PSD2)?

The new Payment Services Directive (PSD2) (you can download it in full in Italian here) is a European legislation that aims to Safer and more comfortable money and payment management.. Its aim is to encourage innovation by opening up to third parties, including companies outside the banking system, called TPPs, and increasing competition.

Transposed into the Italian legal system with Legislative Decree 218 of December 15, 2017, which entered into force on January 13, 2018, among the main novelties is the introduction into the payment market of new potential operators, the so-called third parties, that, Upon request and express authorization of the client, you can obtain information and process payment orders in current accounts.

The Regulation specifies:

• strict customer authentication requirements;
• strong authentication application exemptions based on the level of risk associated with the service provided, the amount and / or frequency of the transaction and the payment channel;
• confidentiality and integrity requirements for personalized security credentials;
• the requirements of common and secure open communication standards for the purposes of identification, authentication, notification and transmission of information, as well as the implementation of security measures, between the different payment service providers involved (i.e. ASPSP, PISP, AISP , CISP).

What’s changing for customers: the new third parties

The most novel areas of PSD2 with respect to the first directive on payment services are related to the new security procedures to access the online account and electronic payments and the new payment services offered in the area of ​​electronic commerce and online purchases from banks. and new market operators.

In accordance with the PSD2 Directive, therefore, it will be possible, for example, to grant access to the current account, with total security, to these third parties, none of whom will be able to access the accounts without a specific authorization from the holder:

• Online Payment Order Service (PIS): You can make a payment online through a different payment service provider than the one with the account.
• Account Information Service (AIS)– Aggregate information can be obtained about one or more online accounts that are also in different banks
• Confirmation of availability of funds (CAF): Card payment service providers (CISP) will be able to check the availability of funds in your account before making a payment.

The new regulated operators – PISP / AISP / CISP – then provide services in parts of the payment chain, accessing information in customers’ online accounts.

How third-party accounts are accessed

Access to third-party services can only take place with the explicit consent of the user, delivered and notified to the Bank for the rooting of the account. To allow a user to use the services provided by Third Parties, the bank with which they have an online account must provide access:

• through a dedicated channel (the so-called application programming interface – API) or
• allowing the third party direct access to the same online channels of the Bank used by the Client.

In both cases, the security of communication and the exchange of information between the bank and third parties must be guaranteed, respecting the privacy of the client.

What services change

Transactions made through:

• remote channels (eg bank transfers, telephone recharges);
• credit, debit and prepaid cards;
• POS.

PSD2, on the other hand, has no impact on domestic collections (MAV, bank bulletins, Ri.Ba.) since they are already regulated by PSD1.

More security in online payments

The other great news refers to the reinforcement of security measures in the field of online payment services. Since September 14, 2019, new methods of customer authentication (SCA) and authorization of online payments have been introduced.

PSD2 presents theobligation of banks and other payment service providers to implement two or more factor authentication systems of different types. Username and password alone are no longer sufficient to access accounts online or to make a payment and therefore must be accompanied by at least one additional authentication element of a different type, such as a fingerprint or use of a personal device, such as a smartphone. .

In addition, for remote transactions an additional unique code which dynamically links the amount and the payee.