Payer or payee's liability for unauthorised payment transactionsU.K.
77.—(1) Subject to paragraphs (2), (3) and (4), a payment service provider which is liable under regulation 76(1) may require that the payer is liable up to a maximum of £35 for any losses incurred in respect of unauthorised payment transactions arising from the use of a lost or stolen payment instrument, or from the misappropriation of a payment instrument.
(2) Paragraph (1) does not apply if—
(a)the loss, theft or misappropriation of the payment instrument was not detectable by the payer prior to the payment, except where the payer acted fraudulently; or
(b)the loss was caused by acts or omissions of an employee, agent or branch of a payment service provider or of an entity which carried out activities on behalf of the payment service provider.
(3) The payer is liable for all losses incurred in respect of an unauthorised payment transaction where the payer—
(a)has acted fraudulently; or
(b)has with intent or gross negligence failed to comply with regulation 72 (obligations of the payment service user in relation to payment instruments and personalised security credentials).
(4) Except where the payer has acted fraudulently, the payer is not liable for any losses incurred in respect of an unauthorised payment transaction—
(a)arising after notification under regulation 72(1)(b);
(b)where the payment service provider has failed at any time to provide, in accordance with regulation 73(1)(c) (obligations of the payment service provider in relation to payment instruments), appropriate means for notification;
(c)where regulation 100 (authentication) requires the application of strong customer authentication, but the payer's payment service provider does not require strong customer authentication; or
(d)where the payment instrument has been used in connection with a distance contract (other than an excepted contract).
(5) In paragraph (4)(d)—
“distance contract” means a distance contract as defined by regulation 5 of the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (other definitions) M1;
“excepted contract” means a contract that—
falls to any extent within regulation 6(1) of those Regulations (limits of application: general); or
falls within regulation 6(2) of those Regulations.
(6) Where regulation 100 requires the application of strong customer authentication, but the payee or the payee's payment service provider does not accept strong customer authentication, the payee or the payee's payment service provider, or both (as the case may be), must compensate the payer's payment service provider for the losses incurred or sums paid as a result of complying with regulation 76(1).
Marginal Citations
M1S.I. 2013/3134. Regulation 6 was amended by S.I. 2015/1629.