Member States shall ensure that, without prejudice to Article 71, where a payment transaction is unauthorised the payer's payment service provider refunds the payer immediately and, at the latest, by the end of the following business day after noting or being notified of the transaction, except where the payer's provider has reasonable grounds to suspect fraud and communicates those grounds in writing to the relevant national authority. The provider shall, where applicable, restore the debited payment account to the state it would have been in had the unauthorised transaction not taken place and ensure the credit value date is no later than the date the amount was debited.

Where the transaction is initiated through a payment initiation service provider, the account servicing payment service provider shall refund immediately and by the end of the following business day and, where applicable, restore the debited account. If the payment initiation service provider is liable it shall immediately compensate the account servicing payment service provider on request for losses or sums paid as a result of the refund, including the amount of the unauthorised transaction. In accordance with Article 72(1), the burden is on the payment initiation service provider to prove that, within its sphere of competence, the transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency. Further financial compensation may be determined in accordance with the law applicable to the contract between the payer and the payment service provider or the contract between the payer and the payment initiation service provider.