Electronic and cash payments
EU rules on payments mean that you and your customers can make and receive electronic transactions easily. This means that banks must charge you the same rate for payment in euros across the EU as they do for an equivalent national transaction.
Banks based in EU countries outside the euro area (Austria, Belgium, Cyprus, Estonia, Finland, France, Germany, Greece, Ireland, Italy, Latvia, Lithuania, Luxembourg,Malta, Netherlands, Portugal, Slovakia, Slovenia, Spain.) must also apply this rule, and may not charge more for a payment in euros to/within another EU country than they do for a domestic payment in the national currency.
Card surcharges are not allowed
You're not allowed to charge your customers extra for using a credit or debit card. This applies to all card purchases (in shops and online) made throughout the EU.
Dynamic currency conversion
Do you offer customers a choice between paying by card in their own currency rather than the currency of your country or website?
You must inform them - at the time of purchase - of all charges related to the currency conversion service that you offer. You should express those charges as percentage mark-ups over the latest available euro foreign exchange reference rates issued by the European Central Bank.
Example. Guests at your hotel who hold a foreign payment card can choose to pay for their stay in their home currency. You should convert the bill amount using the ECB rate. And you must inform the guests what percentage mark-up you will charge on top of that amount.
Making a complaint about card surcharges
A ticket sales and distribution company charges its customers €6 for using a credit card when they buy a ticket online. A customer is not happy and complains to their local consumer centre. The consumer centre confirms that the surcharge is not allowed. They contact the ticket company and ask them to immediately remove the surcharge from their online payment tool.
Non-discrimination – payments
You are free to accept whatever payment methods you want, but if your customers want to pay electronically (e.g. direct debit or card-based payment) in a currency that you support, you must accept the payment irrespective of where they or their payment service providers are located within the EU.
Accepting payment by euro debit or credit cards
A customer based in Belgium purchases a new pair of shoes from a German online shop using a Finnish credit card; the German company must accept the payment because their website states that euro credit cards are an acceptable method of payment.
Multi-factor consumer authentication
By December 2020, you must ensure that your e-business is able to perform strong customer authentication, such as two or multi-factor authentication. This means that for every online payment above 30€, your clients will need to use a combination of at least two authentication elements, such as:
- something they have (such as a mobile phone or card reader) AND something they know (such as a PIN or a password)
- something they have (such as a mobile phone or card reader) AND something they are (such as their fingerprint)
- something they know (such as a PIN or a password) AND something they are (such as their fingerprint)
Check how you can meet this obligation with your payment service provider.
Anti-money laundering and terrorist financing rules
Whether acting as a business owner or as an individual, you should apply certain measures when you are entering into a business relationship or carrying out occasional transactions with customers to prevent money laundering and terrorist financing.
These measures apply for a single operation or in several operations that appear to be linked if you are:
- trading in goods, and payments are made or received in cash for €10 000 or more
- carrying out an occasional transaction that amounts to €15 000 or more
- a provider of gambling services involved in the collection of winnings or the wagering of a stake, when carrying out transactions amounting to €2000 or more
In these situations you have to apply customer due diligence, including identifying and verifying the identity of the customer as well as the beneficial owner - that is any person who ultimately owns or controls your customers, or on whose behalf the transaction was conducted. If you suspect any suspicious activity you should report it to the financial intelligence unit (FIU) in your EU country.