Compliance guide to payment systems: law and regulation

Compliance guide to payment systems: law and regulation

Online payment regulations and fiscal compliance

Any valid and reliable payment system must operate in accordance with certain global regulations and compliances. Currently, there are three massive payment laws around the globe that moderate online and mobile payment: 

  • Payment Card Industry Data Security Standard
  • General Data Protection Regulation
  • Second Payment Services Directive
Payment Card Industry Data Security Standard PCI DSSGeneral Data Protection Regulation GDPRSecond Payment Services Directive PSD2
DescriptionA set of rules that protect the cardholder’s sensitive data during online payment and within the payment services.A privacy and security law that protects the personal data of people in the European Union, including the UK and France.A regulation that aims to increase the competition and involvement in the payments industry, and to protect the cardholder’s data.
Who must be compliantAny business or organization in the world that processes, stores or transmits the cardholder’s data.Any business or organization that collects, stores, or transmits automatically or manually personal data of the EU citizens.Any payment service or payment service provider in the European Union and European Economic Area.

Card network regulations

There are various card associations or card brands such as Visa, MasterCard, American Express that are responsible for issuing bank cards in any currency – GBP, EUR, USD, etc. And, besides that, they also implement their own set of regulations for online payments. 

These card regulations have a goal to secure card-not-present transactions and payments. They have a form of obligatory security checks for every merchant that accepts card payments.

A merchant must require the following data from a cardholder during the online payment:

  • Name
  • Credit card number
  • CVV code
  • Email address

Know Your Customer processes

Know Your Customer or simply KYC is a set of requirements in the finance industry that obligates various institutions to confirm the identity of a person during business relationships, along with measuring the risks. Know Your Customer is a part of an anti-money laundering or AML policy created by banks, and it is used often in payment regulations.

KYC verification is traditionally performed by independent sources of documents, data, and information. To pass the verification, every customer must submit the identity proof and the address proof.

Today, with the advanced technology, a customer can be asked to pass the eKYC, which is the same set of checks that just requires electronic private data such as face recognition, fingerprint, and so on.

Anti-money laundering

AML laws are established to prevent criminals from posing non-legally gained money as lawful income. It is a must for a financial institution to study customer payments and transactions for the traces of money-laundering activity.

The institutions have to examine the source of large money amounts, check suspicious money moves, report fund transactions exceeding $10,000, and keep a record of it. When it comes to Money-laundering investigation they do include a precise studying of financial records for the inconsistencies and suspicious activity.


What is a payment law?

Several payment regulations in the world moderate the way fin institutions have to deal with customers’ data, described in the article.

What is payment in business law?

It is an act of an agreement, which includes the delivery of funds or its equivalent for the concrete item or service.

What are the payment obligations?

For the fin institutions, there are various payment compliances to obey. Each would regulate the way a business deals with the private data of a customer. Within the EU there are three main compliances: Payment Card Industry Data Security Standard, General Data Protection Regulation, and Second Payment Services Directive.