Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Header-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
MTR Legal Rechtsanwälte Logo
Contact
Berlin | Dusseldorf | Frankfurt | Hamburg | Cologne | Munich | Stuttgart
Contact

Legal Lexicon

Wiki»Legal Lexikon»Rechtsbegriffe (allgemein)»Payment Cards

Payment Cards

Payment Cards – Legal Definition, Types, and Regulation

Definition and Legal Classification of Payment Cards

Payment cards are physical or digital instruments that enable the holder to carry out payment transactions. They serve as a medium for cashless payments in retail, online services, or for cash withdrawals at ATMs. Legally, they constitute a payment instrument within the meaning of the Payment Services Supervision Act (ZAG). The legal basis for the use and issuance of payment cards is established by national and European legislation, in particular the Second Payment Services Directive (PSD2) and the ZAG.

Payment cards are an integral part of daily payment transactions in Germany and the European Union and are therefore subject to extensive regulatory and civil law provisions. They make a significant contribution to the modernization and increased efficiency of payment systems.

Types and Classification of Payment Cards

Distinction by Functionality

From a legal perspective, payment cards are differentiated based on various characteristics:

  • Debit cards: These cards are directly linked to a payment account held by the cardholder. When a debit card is used, the amount to be paid is debited immediately or within a short period from the cardholder’s account. The legal basis follows from the respective account agreements and the general terms and conditions of the issuing institutions.
  • Credit cards: Credit cards grant the cardholder a credit limit, which is regularly agreed upon with the issuer of the card. The legal framework includes not only payment services but also credit law provisions, since the cardholder is granted short-term credit.
  • Prepaid cards: These are payment cards that can only be used within the limits of a preloaded balance. Prepaid cards are considered a payment instrument under the law, requiring the issuer – often an e-money institution or credit institution – to secure the funds loaded. The main regulations are set by the ZAG and the E-Money Act.

Distinction by Transferability and Personalization

  • Personalized payment cards: These are issued in the name of the holder and are generally non-transferable. Issuance is tied to a clear identification of the user in accordance with the Anti-Money Laundering Act (GwG).
  • Unpersonalized payment cards: These can be purchased and used anonymously, typically for small amounts. Special anti-money laundering limits and due diligence obligations apply.

Distinction by Technology

  • Physical cards: Typically made of plastic (with chip and magnetic stripe).
  • Virtual cards: Digital cards used for payments in the online sector.

Legal Basis and Regulatory Framework

European Regulations

The central legal framework for the issuance and use of payment cards in the European Union consists of the following sets of rules:

  • Payment Services Directive (PSD2): Regulates the requirements for payment services, including payment cards and their issuers.
  • Regulation (EU) 2015/751 on Interchange Fees: Limits the permissible fees between the involved payment service providers.
  • Anti-Money Laundering Directive: Sets out requirements for the identification of cardholders.

National Implementation in Germany

In Germany, the main applicable laws are the Payment Services Supervision Act (ZAG), the German Civil Code (BGB), the Anti-Money Laundering Act (GwG), and the Banking Act (KWG).

  • ZAG: Defines payment services and payment instruments. Regulates licensing requirements for providers and consumer protection.
  • BGB: Contains provisions on the contractual relationship between card issuer and cardholder, in particular regarding liability for misuse (§§ 675c ff. BGB).
  • GwG: Regulates identification obligations when issuing cards, to prevent money laundering and terrorist financing.
  • KWG: Payment card issuers may require a banking license, depending on the business model (e.g., e-money issuer).

Duties and Rights of the Parties Involved

Cardholder

The cardholder is obligated to keep the payment card secure, treat the PIN confidentially, and inform the issuer immediately in the event of loss. In the case of misuse after loss, the cardholder is generally liable up to 50 euros, provided there was no grossly negligent behavior.

Card issuer

Card issuers are subject to extensive information and diligence obligations. They must ensure compliance with technical security standards (including strong customer authentication under PSD2), protect against unauthorized access, and ensure transparency regarding transaction fees.

Points of acceptance

Companies that accept payment cards as a means of payment are required to comply with the legal framework under payment services and data protection law. This includes proper authorization of payments as well as the secure processing of payment data.

Consumer Protection and Liability Issues

The contractual relationship between cardholder and issuer is extensively characterized by consumer protection regulations. This includes in particular the right to a refund of unauthorized transactions, liability limitations in case of loss, and transparency requirements, all of which are enshrined in law.

According to § 675u BGB, the cardholder is generally not liable for unauthorized payments unless they have grossly negligently breached their obligations. The issuer is obliged to reimburse unauthorized debits.

Data Protection Requirements

The processing of personal data in connection with the use of payment cards is subject to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Card issuers are required to limit the collection, storage, and transfer of payment data to what is necessary and to implement appropriate technical and organizational safeguards.

Anti-Money Laundering Aspects of Payment Cards

Payment cards can be misused as an instrument for money laundering or terrorist financing. For this reason, the GwG imposes strict identification obligations, reporting requirements, and the duty to monitor suspicious activities. The purchase and use of unpersonalized prepaid cards is therefore limited to amounts up to 100 euros and is subject to restrictions regarding loading, use, and cross-border transactions.

Sanctions and Legal Consequences of Violations

Violations of regulatory requirements relating to the issuance or use of payment cards may trigger civil claims (e.g. for damages or refunds) and result in administrative fines. Supervisory authorities such as the Federal Financial Supervisory Authority (BaFin) are authorized to monitor and enforce compliance.

Future Developments and Legal Challenges

The digitization of payment systems and the introduction of new technologies such as mobile payments and digital payment cards are leading to further differentiation of card-based payment systems. Ongoing adjustments to regulatory and technical standards, particularly concerning data security, consumer protection, and anti-money laundering, continue to be necessary.

Summary

Payment cards are a legally complex and highly regulated payment instrument, playing a central role in German and European payments. The legal framework includes civil law provisions for contractual relations, regulatory requirements for issuers, consumer liability protections, as well as data protection and anti-money laundering rules. Regulatory developments and technological advances ensure that the legal consideration of payment cards remains of great practical importance.

Frequently Asked Questions

What legal requirements must providers of payment cards fulfill in Germany?

Providers of payment cards in Germany are subject to strict legal requirements, in particular from the Payment Services Supervision Act (ZAG), the Anti-Money Laundering Act (GwG), and other regulatory provisions. A core requirement is the obligation for authorization from the Federal Financial Supervisory Authority (BaFin): Companies offering payment services such as the issuance of payment cards require a suitable license as an e-money institution or payment institution. They must regularly demonstrate their reliability, professional suitability, and sufficient own funds. In addition, extensive documentation, auditing, and reporting duties apply, for example regarding customer identification and transaction monitoring, to prevent money laundering and terrorist financing. Compliance with data protection requirements under the GDPR is also mandatory, especially regarding the storage and processing of customer data.

What information obligations do card issuers have towards customers?

Card issuers are legally obliged to comprehensively inform consumers. Under § 675d BGB and the provisions of the ZAG, they must provide the customer with clear information about key contractual terms in good time before contracting. This includes fees, interest rates, cancellation rules, usage limits, security measures, as well as information about liability and blocking mechanisms in case of loss or misuse. Contract changes must be announced in advance. There is also an obligation to provide information about complaints procedures and arbitration bodies. When used cross-border, information about exchange rates and their application must also be provided.

What requirements apply to identifying cardholders?

Under the Anti-Money Laundering Act (GwG), providers of payment cards are required to verify the identity of their customers before a payment card can be issued (know-your-customer principle). This can be carried out via the Postident procedure, video identification, or other secure processes. For anonymous prepaid cards, legal limits are set below which identification is not necessary. These have, however, been successively reduced in recent years to minimize potential for misuse. If the thresholds are exceeded or in case of suspicious transactions, full identification must be performed. There are also record-keeping obligations for collected data.

What liability rules apply in cases of fraudulent card use?

German law governs liability for payment cards in the German Civil Code (§ 675u ff. BGB). Generally, the cardholder is liable up to 50 euros if an unauthorized payment transaction is made as a result of loss, theft, or misuse of the card. However, if the cardholder acts with gross negligence or intent – for example, by disclosing the PIN or delaying the blocking of the card – the liability cap does not apply. Card issuers are required to provide the customer with immediate blocking options and to compensate for damages if the cardholder is not grossly at fault. In the event of technical faults or malfunctions, the issuer is only liable for its own misconduct.

What obligations exist regarding data protection and data security?

Payment card issuers are required under the GDPR, as well as supplementary provisions such as the ZAG, to process the cardholders’ personal data only for a specific purpose and to the necessary extent. An adequate level of data protection must be ensured through technical and organizational measures. Special requirements apply to the transmission of payment information, which must be secured against unauthorized access (e.g., by encryption). Time limitations and deletion requirements apply to storage and archiving of data unless statutory retention periods prevent this. Customers must be informed in detail about the processing of their data and about their rights (e.g. access, deletion, objection).

What must be considered regarding the term and termination of payment card contracts?

Payment card contracts are subject to the general civil law provisions on terms and termination (§§ 305 ff. BGB) as well as to the requirements of the ZAG. Accordingly, a cardholder may terminate an open-ended contract at any time without notice, unless otherwise agreed. A fixed-term contract generally terminates automatically at the end of the term; automatic renewal is only permitted under certain conditions and must be communicated transparently in advance. Terms of termination, such as form (written, electronic), must be clearly communicated to the customer. Upon termination, the return of cards and refunds of credit balances are usually provided for.

What is the legal situation regarding cross-border use of payment cards within the EU?

According to the EU Payment Services Directive (PSD2) and supplementary national regulations, payment cards must be accepted throughout the European Economic Area (EEA) without discrimination, unless special restrictions apply. Payment service providers are required to ensure equal security standards for domestic and cross-border payments. In principle, fees may not be charged solely because a card is issued or used in another EU Member State (SEPA Regulation). In the case of currency conversions, consumers must be informed transparently about the exchange rates applied and any charges incurred. Compliance with anti-money laundering and counter-terrorism financing regulations must be ensured across borders.

What rules apply to the blocking and unblocking of payment cards?

If there is a suspicion of fraudulent use, loss, or theft of a payment card, the issuers are required under ZAG and BGB to immediately and free of charge block the card. Customers must have 24/7 access to a blocking facility (blocking hotline). The unblocking of the card may only take place once the security incident has been clarified and there is no risk of continued misuse. Customers must be informed without delay about the blocking and the reasons for it, provided this does not jeopardize official investigations. The legal basis and the procedure for blocking and unblocking must be explained to the customer in a transparent manner.

Auf dieser Seite

Further term explanations