Guidelines on fraud reporting under PSD2

Status: Under development

The Guidelines, which are addressed to payment service providers and competent authorities, are aimed at contributing to the objective of PSD2 to increase the security of retail payments in the EU.

  • Consultation Paper
Consultation on Guidelines on fraud reporting under PSD2

Summary
02/08/2017

The European Banking Authority (EBA) launched today a public consultation on its draft Guidelines on reporting requirements on statistical data on fraud under the revised Payment Services Directive (PSD2). The Guidelines, which are addressed to payment service providers and competent authorities, are aimed at contributing to the objective of PSD2 to increase the security of retail payments in the EU. The consultation runs until 03 November 2017.
 
Data on payment fraud in the EU is at present difficult to obtain, not reliable, and not comparable across Member States. This does not allow capturing an accurate picture of payment fraud in the EU, including its size, components and development over time.
 
The EBA has developed the proposed Guidelines h in close cooperation with the European Central Bank (ECB) to ensure that the high-level fraud reporting requirements under Article 96(6) of the PSD2 are implemented consistently among Member States and that the aggregated data provided by competent authorities  to the EBA and the ECB is comparable and reliable. 
 
The first part of the Guidelines sets out requirements applicable to all payment service providers, with the exception of account information service providers, while the second part introduces requirements that are applicable to all competent authorities in the EU.
 
The Guidelines define the meaning of ‘fraudulent payment transactions’ for the purpose of the data reporting under these particular Guidelines. The Guidelines also include periodic reporting requirements on payment transactions and fraudulent payment transactions and set out the methodology for collating and reporting data, including data breakdown, reporting periods, frequency and reporting deadlines. The Guidelines leave it to the discretion of the competent authority to decide on the technological aspects of the reporting format and the means of communication.
 
Payment service providers are expected to provide high-level data on a quarterly basis and more detailed data on a yearly basis. The level of data breakdown will depend on the payment instrument used and the payment service provided. Competent authorities are expected to provide the EBA and ECB with aggregated data following the same data breakdown used by individual payment service providers.

Consultation process

Responses to this consultation can be sent to the EBA by clicking on the ‘send your comments' button on the website.
 
All contributions received will be published following the close of the consultation, unless requested otherwise. Please note that the deadline for the submission of comments is 03 November 2017 and that no attachments can be submitted.
 
A public hearing will take place at the EBA premises on Thursday 05 October 2017 from 2:00 to 3.30pm UK time. 

Legal basis

Article 96(6) of Directive 2014/65/EU (PSD2) requires payment service providers to “provide statistical data on fraud relating to different means of payment to their competent authorities”. It also requires competent authorities to provide aggregate data to the EBA and the ECB.