Impersonation fraud in payment services is a growing concern
as fraudulent techniques continuously evolve, adapting to new security measures
and regulatory frameworks. The increasing number of fraud cases highlights the
need for a robust and clear liability regime. This article examines the current
and proposed regulatory approaches in the Directive (EU) 2015/2366 of the
European Parliament and of the Council of 25 November 2015 on payment services
in the internal market (PSD2) and in the Proposal for a Regulation of the
European Parliament and of the Council on payment services in the internal
market (PSR Proposal), focusing on the rights and obligations of each party in
the payment services contract, as well as the specific liability rules that
apply to non-authorised payment transactions. These rules consist of the
allocation of responsibility between provider and user based on the fulfilment
of their obligations. After analysing these aspects, the article explores key open
questions and assesses whether the proposed regulatory framework is capable of
providing definitive solutions or if uncertainties will persist.