17 January 2022
The European Banking Authority (EBA) published today a Discussion Paper on its preliminary observations on selected payment fraud data under the Payment Services Directive (PSD2), as reported by the industry for the years 2019 and 2020. This Paper presents the main findings related to three payment instruments: credit transfers, card-based payments and cash withdrawals and also outlines other patterns that appear to be inconclusive and that would benefit from comments and views from market stakeholders. The responses to the questions raised in the Discussion Paper will support the EBA, the European Central Bank (ECB) and national authorities in interpreting the fraud data that will be reported in future years.
The preliminary patterns suggest that the regulatory requirements developed in relation to payment security are having the desired effect. In almost all instances, the share of fraudulent payments in the total payment volume and value is significantly lower for transactions that are authenticated with strong customer authentication (SCA) than those that are not. The analysis also confirms that fraud is substantially higher for cross-border transactions with counterparts located outside the European Economic Area (EEA) than those conducted inside this area, which is a known pattern of payment fraud.
Finally, while the quality and completeness of the reported fraud data has improved over the four half-yearly reporting periods in 2019 and 2020, the EBA identified several data limitations and, therefore, chose to focus its analysis on the highest quality data reported by the industry, and, therefore, the preliminary observations do not cover the entirety of the geographical scope of the EU nor all payment instruments.
Comments to this consultation can be sent to the EBA by clicking on the "send your comments" button on the consultation page. Please note that the deadline for the submission of comments is 19 April 2022. All received contributions will be published at the end of the consultation, unless requested otherwise.
Article 96(6) of the PSD2 requires the national competent authorities to provide the EBA and the ECB with statistical data on fraud relating to different means of payment that has been reported by the payment service providers. The EBA Guidelines EBA/GL/2018/05 on fraud reporting under PSD2, as revised in 2020, set out the semi-annual reporting requirements of such payment fraud data.