Fraud Prevention: EBA Draft Opinion on PSD3 and PSR

The European Banking Authority (EBA) published a noteworthy draft opinion on April 29, 2024, discussing the changing face of payment fraud. By analyzing recently released data, the EBA spots new trends in fraud and suggests ways to stop them. In order to strengthen the upcoming regulatory framework overseen by the Payment Services Regulation (PSR) and Third Payment Services Directive (PSD3), this view is an essential first step. The EBA emphasizes the significance of adjusting to counteract more complex fraud attempts by recognizing the effectiveness of current anti-fraud measures while also identifying the need for additional improvements. The goal of this proactive strategy is to guarantee the efficacy and durability of anti-fraud procedures in the financial industry.

Source

[1]

The EBA has identified new types of payment fraud and proposes measures to mitigate underlying risks and protect consumers from resultant losses | European Banking Authority

European Banking Authority logo

[2]

Regulatory Compliance: EBA Reporting Framework

EBA published guidelines on April 9, 2024, for historical data resubmission to maintain regulatory efficiency. These emphasize proportionality, aiming to streamline processes and maintain data consistency. Precision adjustments aim to reduce resubmissions, ensuring high-quality data for authorities.

GrandAlessandro Micagni

EBA's Insights on PSD3 and PSR Proposals: Combatting Payment Fraud

The European Banking Authority (EBA) published a noteworthy draft opinion on April 29, 2024, discussing the changing face of payment fraud. By analyzing recently released data, the EBA spots new trends in fraud and suggests ways to stop them. In order to strengthen the upcoming regulatory framework overseen by the Payment Services Regulation (PSR) and Third Payment Services Directive (PSD3), this view is an essential first step. The EBA emphasizes the significance of adjusting to counteract more complex fraud attempts by recognizing the effectiveness of current anti-fraud measures while also identifying the need for additional improvements. The goal of this proactive strategy is to guarantee the efficacy and durability of anti-fraud procedures in the financial industry.

Main insights from EBA:

• Impact Assessment of PSD2 Security measures: The European Bank Analyzed (EBA) how well the security measures imposed by PSD2 reduced fraud levels within the European Union, offering important information about how successful these requirements are.

• Finding Emerging Fraud Trends: By utilizing recently released fraud data and working together with NCAs and the European Central Bank (ECB), the EBA found new forms of payment fraud as well as emerging fraud trends that will guide future mitigation measures.

• Additional Anti-Fraud Measures Proposed: The EBA suggested further measures to further combat emerging fraud schemes, with the goal of fortifying the security framework comprehensively. These measures went beyond the measures specified in the PSD3 and PSR proposals, including the IBAN/name-check verification for credit transfers in Euro.

By using these findings, the EBA hopes to support continued regulatory framework improvement and provide strong defense against changing threats related to payment fraud throughout the European Union.

Emerging Fraud Trends in Payment Systems: EBA's view

The European Banking Authority (EBA), in its most recent report, provides insight into how payment fraud is changing even with Strong Customer Authentication (SCA) in place. High rates of fraud continue to exist in some payment instruments and in some geographic areas, which has prompted a closer look at new fraud trends and payment fraud categories.

Key Fraud Trends and New Fraud Types Observed:

• Instant Credit Transfers: When compared to traditional credit transfers, instant credit transfers have much greater fraud rates, according to the EBA's analysis. The precise causes are still being investigated, but some possible contributing variables include PSPs' restricted ability to recover funds in the event of instantaneous fraud and technological limitations with regard to transaction monitoring. This emphasizes how important it is to have strong security measures in place to reduce the fraud threats brought on by the growing use of immediate payments.

• Cross-Border Transactions: Using a variety of payment methods, fraud rates for cross-border transactions are higher than those for domestic ones. This discrepancy is caused in part by inconsistent SCA application and insufficient cross-border cooperation among PSPs, underscoring the necessity of improved cooperation and standardization in the fight against international criminal activity.

• Assignment of Liability: Payment service users (PSUs) and PSPs bear different shares of the fraud losses resulting from payer manipulation, which is more prevalent and includes "Authorized Push Payment" fraud. The difficulty PSUs experience in collecting damages are made worse by varying interpretations of liability regulations and the expansive definition of "gross negligence" under PSD2, which emphasizes the need for more precise definitions and uniform enforcement throughout Member States.

• Regional Disparities: The European Economic Area (EEA) countries exhibit notable variations in fraud rates, which can be attributed to variations in payment services, digital literacy, and supervisory practices. To achieve uniform fraud prevention, addressing these variations calls for standardized supervisory procedures and uniform security measures.

• Emerging Forms of Fraud:

• Manipulation of the Payer: Scammers use social engineering strategies, such as posing as reliable organizations or using personal data stolen from social media sites, to trick victims into sending money.

• Mixed Social Engineering and Technical Scam: Phishing and social engineering are used by scammers to trick PSUs into authorizing fictitious payment orders, underscoring the necessity for increased security and authentication procedures.

• Enrollment Process Compromise: In order to fully seize control of payment accounts and enable numerous fraudulent payments, sophisticated scams try to enroll fraudsters' devices as second-factor authentication. Preventing such schemes requires bolstering enrollment procedures and resolving weaknesses.

Manipulation of the Payer: Social engineering methods are used by scammers toTo sum up, the EBA's findings highlight the complexity of payment fraud and the need for cooperation amongst all parties involved in order to successfully adopt strong security measures and counteract new threats.

PSD3/PSR Structure for Fraud prevention

The Instant Payments Regulation and the enhanced security measures put out in the PSD3/PSR framework by the European Commission are highly praised by the European Banking Authority (EBA). Notable actions include better transaction monitoring, information sharing across PSPs, the requirement for an IBAN/Name check for fast payments, and educational campaigns aimed at increasing fraud awareness. Nonetheless, there's a chance that the IBAN/Name check's phased implementation will momentarily raise fraud risks. The EBA suggests more security measures, such as enhanced PSP security requirements, a fraud risk management framework, modified liability regulations, harmonized monitoring, and EU-wide information sharing, in order to combat changing fraud dynamics. The purpose of these actions is to improve fraud control and prevention inside the EU's payment infrastructure.

Payment Security Requirements: PSR/PSD3 Recommendations

The European Banking Authority (EBA), which is aware of the changing nature of electronic payment fraud and the rise of increasingly complex forms of fraud, supports stricter security regulations for Payment Service Providers (PSPs). To protect customers from fraud and strengthen electronic payment systems, the EBA has put out extensive regulations.

• SCA Clarification: To reduce the possibility of fraud, make sure SCA factors fall into distinct groups.

• Customizable restrictions: In accordance with the principles of the Instant Payment Regulation, permit PSUs to establish daily or per-payment restrictions.

• Real-time TM: Require transaction monitoring prior to execution, particularly for payments made immediately.

• Payee-Side Screening: Demand that the PSP of the payee examine incoming transactions for any unusual trends.

• Device Enrollment: Make sure that appropriate time delays and notifications are in place for new device enrollments.

Addressing Evolving Payment Fraud: EBA's Proposals for PSD3 and PSR

The draft opinion from the EBA emphasizes how important it is to keep improving and modifying regulatory frameworks in order to fight changing payment fraud. Even if current security measures like robust customer authentication work, more needs to be done because sophisticated fraud schemes are becoming more prevalent. The EBA intends to strengthen the next legal framework under PSD3 and PSR by adding new measures to strengthen current ones, guaranteeing strong anti-fraud criteria for the future of electronic payments.