Introduction
The digital transformation of recent decades has reshaped almost every segment of social and economic life, but there are few areas in which changes have occurred as rapidly and as profoundly as in payment systems. Traditional payment methods — cash, cheques, and even conventional bank cards — are gradually giving way to digital and mobile solutions, cryptocurrencies, e-money, digital wallets, instant payment systems, and decentralized finance (DeFi). This revolution, however, does not take place in a vacuum; it requires a complex legal framework that must keep pace with innovation, protect consumers, and ensure the stability of the financial system.
The aim of this text is to analyze the key legal aspects of the transformation of the payment system in the digital age. Special attention is devoted to regulatory challenges, the European and international legal framework, issues of security and data protection, crypto assets, the role of central banks, and perspectives for future development.
1. Digitalization of Payments: Technological and Business Context
The digital age has brought accelerated payment processes, their automation, and the ability to conduct transactions in real time. Some of the key technological solutions driving this revolution include:
- E-money and electronic wallets (e-wallets) such as PayPal, Apple Pay, Google Pay, and Revolut.
- Instant payment systems, e.g., SEPA Instant in the EU or Pix in Brazil.
- Cryptocurrencies and blockchain technology, including Bitcoin, Ethereum, and stablecoins.
- By Now, Pay Later (BNPL) models, which are transforming consumer lending.
- Central Bank Digital Currencies (CBDCs) – digital currencies issued by central banks.
These innovations have resulted in the emergence of new market participants — fintech companies, information society service providers, and BigTech platforms — who compete with traditional banks. Consequently, the legal framework must adapt to an increasingly complex network of actors and technologies.
2. European Regulatory Framework: PSD2, PSD3 and the Payment Services Regulation (PSR)
2.1. PSD2 – The Foundation of Modern EU Payment Law
The Payment Services Directive (PSD2), adopted in 2015, represents one of the most significant regulatory reforms in the modern history of European payment services. Its main objectives were to:
- increase the security of digital payments,
- encourage innovation by opening the market to new players,
- strengthen consumer protection,
- introduce strong customer authentication (SCA),
- formally regulate payment initiation service providers (PISPs) and account information service providers (AISPs).
PSD2 enabled open banking, which significantly accelerated the development of digital payments and the fintech sector. Banks can no longer monopolize customer data; instead, they must — subject to user consent — share such data through secure API interfaces.
2.2. The Upcoming PSD3 and PSR – The Next Phase of Regulation
In 2023, the European Commission announced PSD3 and the Payment Services Regulation (PSR), introducing an even stricter and more comprehensive regulatory framework. Unlike directives, regulations apply directly in all Member States, ensuring more uniform implementation.
Some of the key innovations include:
- strengthening the fight against fraud, including the obligation to reimburse victims of impersonation fraud,
- enhancing consumer rights regarding access to and quality of information,
- stricter requirements for access to accounts and API standardization,
- expanding the definitions of payment services and service providers,
- more precise regulation of e-money and related institutions,
- clearer rules regarding so-called screen scraping, which is expected to be fully phased out.
PSD3 and PSR respond to challenges that have emerged in recent years, including the rise of digital fraud, uneven implementation of PSD2, and the rapid development of fintech innovations.
3. Legal Status and Regulation of Crypto-Assets
3.1. Challenges in the Legal Classification of Cryptocurrencies
Cryptocurrencies represent one of the most dynamic yet regulatorily challenging innovations. Their legal nature has long remained undefined in many jurisdictions: are they means of payment, financial instruments, commodities, or digital assets sui generis? Different states have adopted different approaches.
The European Union, through the MiCA (Markets in Crypto-Assets) Regulation of 2023, has established a unified legal framework for:
- crypto assets that are not financial instruments,
- issuers of stable tokens (ARTs and EMTs),
- crypto-asset service providers (CASPs).
MiCA introduces licensing requirements, rules of conduct, consumer protection provisions, capital requirements, as well as strict obligations concerning transparency and anti-money-laundering measures.
3.2. Stable Tokens and Their Legal Significance
Stable tokens, whose value is pegged to fiat currencies, commodities, or a portfolio of assets, are particularly important. They have the potential to play a role equivalent to e-money and can be used for everyday payments.
Because of the risks associated with systemically significant stable tokens, MiCA establishes:
- limits on circulation,
- strict capital reserve requirements,
- supervision by the European Banking Authority (EBA),
- consumer protection rules in case of a depeg.
Through these measures, the EU aims to prevent destabilization of the monetary system and ensure the controlled development of innovation.
4. Instant Payments and Digital Infrastructure: Legal Standards and Challenges
Instant payments enable the transfer of funds between accounts within a matter of seconds. In the EU, the SEPA Instant Credit Transfer (SCT Inst) system is being developed, and its implementation has accelerated significantly since 2024.
The legal challenges include:
- the obligation to ensure availability 24/7/365,
- the prohibition of unjustifiably charging higher fees than for standard transfers,
- real-time fraud-prevention requirements,
- interoperability of systems across different countries and service providers.
In many countries, instant payments have become the most widespread form of digital payment, and a similar trend is expected in Europe as well.
5. Security, Identity, and Data Protection
Digital payments rely on secure technological solutions and resilient systems. Legal regulations must establish minimum standards and supervisory mechanisms.
5.1. Strong Customer Authentication (SCA)
PSD2 introduces two- or three-factor authentication using:
- something the user knows (PIN, password),
- something the user has (mobile phone, token),
- something the user is (biometrics).
SCA significantly reduces the risk of fraud, but it can slow down payments and increase operational costs. The legal challenge lies in balancing security with user experience.
5.2. GDPR and Data Processing in Payment Services
Payments generate sensitive personal data, including location, consumer habits, and financial patterns. In a digital system with many intermediaries, the risks are higher.
Key legal obligations include:
- lawful processing and data minimization,
- transparency towards users,
- protection against unauthorized access,
- reporting of data breaches,
- contractual relationships between data controllers and processors.
In the context of open banking, the issue of transferring data to third parties is particularly important.
Top of Form
6. Anti-Money Laundering (AML) and Counter-Terrorism Financing
Digital payments and crypto-assets carry significant risks of misuse for money laundering purposes. Therefore, the European legal framework includes:
- AMLD5 and AMLD6, which extend obligations to crypto-asset service providers,
- the development of a new AML Regulation and the establishment of the EU AML Authority (AMLA),
- the obligation to implement KYC (Know Your Customer) processes and monitor suspicious transactions.
In the digital environment, particularly with instant payments, AML systems must operate automatically and in real time, requiring sophisticated algorithms and regulatory oversight.
7. CBDC – Central Bank Digital Currency and Its Legal Implications
7.1. The Concept of CBDC
Central banks worldwide are exploring the introduction of digital currencies (CBDCs), and the European Central Bank is developing the digital euro project.
CBDCs have the potential to:
- facilitate payment transactions,
- increase monetary sovereignty,
- provide an alternative to private digital tokens,
- reduce costs and accelerate transactions.
7.2. Legal Issues of the Digital Euro
The main challenges include:
- defining its legal nature: is it legal instrument like cash?
- privacy concerns and transaction monitoring,
- ownership limits to prevent destabilizing banks,
- interoperability with existing systems,
- regulation of offline payments.
Countries such as China and Nigeria have already introduced CBDCs, providing examples of potential legal models.
8. BigTech in Finance: Regulatory Challenges
The entry of technology giants such as Apple, Google, Meta, or Alibaba into the payments sector is reshaping the market and increasing the concentration of power. BigTech platforms possess:
• huge user databases,
• advantages stemming from large volumes of relevant data,
• technological superiority,
• global reach.
Regulators are concerned with:
• preserving market competition,
• preventing data misuse,
• mitigating systemic risk,
• ensuring fair market access.
Through the Digital Markets Act (DMA), the EU seeks to limit the dominance of digital “gatekeepers,” including in the payments sector.
9. National Regulatory Approaches and Global Diversity
Although payment processes are global, legal frameworks differ significantly:
• EU – a highly harmonized and strictly regulated system.
• USA – a fragmented approach, with different rules at the federal and state levels.
• China – strong state oversight and the dominance of private platforms such as Alipay and WeChat.
• Global South – rapid development of digital payments, often outpacing legal reforms.
This diversity creates challenges for cross-border payments and international regulatory harmonization.
10. Consumer Rights in Digital Payment Systems
Digitalization raises new consumer protection issues, including:
• the right to simple and effective dispute resolution,
• transparency of fees and charges,
• the right to a refund in cases of fraud,
• liability of service providers in the event of technical errors,
• equal access for vulnerable groups.
Regulatory reforms aim to ensure that speed and innovation do not undermine fundamental consumer rights.
11. Legal Challenges and Future Trends
Some of the key challenges shaping the future of the payment system include:
11.1. Balancing Innovation and Regulation
Overly strict regulation can stifle innovation, while regulation that is too weak can increase risks for consumers and the financial system.
11.2. Regulatory Arbitrage
Differences in legal systems allow fintech companies to relocate to less regulated jurisdictions, thereby undermining the stability of the global system.
11.3. Artificial Intelligence in Payment Systems
AI is used for fraud detection, credit scoring, and service personalization, but it also raises issues related to algorithmic discrimination, decision-making transparency, and regulatory oversight.
11.4. Privacy versus Security
The faster a payment is processed, the less time there is for verification, which increases the risk of fraud as well as the demand for monitoring. The legal framework must protect privacy without compromising security.
Conclusion
The revolution in payment systems in the digital age is bringing transformative changes that affect individuals, companies, banks, and states. Digital payments have become standard, while technological innovations such as instant payments, crypto-assets, open banking, and potential central bank digital currencies signal further shifts ahead.
However, technological innovation cannot reach its full potential without a stable, clear, and adaptable legal framework. The European Union is leading this process through PSD2, the upcoming PSD3/PSR reforms, and a unified regulatory approach to crypto assets through MiCA. At the same time, global diversity requires coordination to make cross-border payments faster, safer, and more transparent.
The digital age calls for continuous dialogue between technological innovators, regulators, financial institutions, and consumers. This is the only way in which it will be possible to build a payment system that is at once modern, functional, secure, and legally compliant — a system that will respond to the challenges and needs of the digital society of the 21st century.
Author: Aleksandar Sajic
