PART 7Rights and Obligations in Relation to the Provision of Payment Services
Authorisation of payment transactions
Payment service provider's liability for unauthorised payment transactions76
1
Subject to regulations 74 and 75, where an executed payment transaction was not authorised in accordance with regulation 67 (consent and withdrawal of consent), the payment service provider must—
a
refund the amount of the unauthorised payment transaction to the payer; and
b
where applicable, restore the debited payment account to the state it would have been in had the unauthorised payment transaction not taken place.
2
The payment service provider must provide a refund under paragraph (1)(a) as soon as practicable, and in any event no later than the end of the business day following the day on which it becomes aware of the unauthorised transaction.
3
Paragraph (2) does not apply where the payment service provider has reasonable grounds to suspect fraudulent behaviour by the payment service user and notifies a person mentioned in section 333A(2) of the Proceeds of Crime Act 2002 (tipping off: regulated sector) M1 of those grounds in writing.
4
When crediting a payment account under paragraph (1)(b), a payment service provider must ensure that the credit value date is no later than the date on which the amount of the unauthorised payment transaction was debited.
5
Where an unauthorised payment transaction was initiated through a payment initiation service provider—
a
the account servicing payment service provider must comply with paragraph (1);
b
if the payment initiation service provider is liable for the unauthorised payment transaction (in relation to which see regulation 75(2)) the payment initiation service provider must, on the request of the account servicing payment service provider, compensate the account servicing payment service provider immediately for the losses incurred or sums paid as a result of complying with paragraph (1), including the amount of the unauthorised transaction.