Guidelines on fraud reporting under PSD2

The Guidelines, which are addressed to payment service providers and competent authorities, are aimed at contributing to the objective of PSD2 to increase the security of retail payments in the EU.

Documents

EBA Guidelines on fraud reporting – Consolidated version updated on 22 January 2020
Guidelines amending EBA GL on Fraud reporting under PSD2
Compliance table (Updated 9 April 2021)
Compliance table for Amending Guidelines (Updated 9 April 2021)

Links

News

EBA consults on fraud reporting requirements under PSD2

02 August 2017

The European Banking Authority (EBA) launched today a public consultation on its draft Guidelines on reporting requirements on statistical data on fraud under the revised Payment Services Directive (PSD2). The Guidelines, which are addressed to payment service providers and competent authorities, are aimed at contributing to the objective of PSD2 to increase the security of retail payments in the EU. The consultation runs until 03 November 2017.

Data on payment fraud in the EU is at present difficult to obtain, not reliable, and not comparable across Member States. This does not allow capturing an accurate picture of payment fraud in the EU, including its size, components and development over time.

The EBA has developed the proposed Guidelines h in close cooperation with the European Central Bank (ECB) to ensure that the high-level fraud reporting requirements under Article 96(6) of the PSD2 are implemented consistently among Member States and that the aggregated data provided by competent authorities to the EBA and the ECB is comparable and reliable.

The first part of the Guidelines sets out requirements applicable to all payment service providers, with the exception of account information service providers, while the second part introduces requirements that are applicable to all competent authorities in the EU.

The Guidelines define the meaning of ‘fraudulent payment transactions' for the purpose of the data reporting under these particular Guidelines. The Guidelines also include periodic reporting requirements on payment transactions and fraudulent payment transactions and set out the methodology for collating and reporting data, including data breakdown, reporting periods, frequency and reporting deadlines. The Guidelines leave it to the discretion of the competent authority to decide on the technological aspects of the reporting format and the means of communication.

Payment service providers are expected to provide high-level data on a quarterly basis and more detailed data on a yearly basis. The level of data breakdown will depend on the payment instrument used and the payment service provided. Competent authorities are expected to provide the EBA and ECB with aggregated data following the same data breakdown used by individual payment service providers.

Consultation process

Responses to this consultation can be sent to the EBA by clicking on the ‘send your comments' button on the website.

All contributions received will be published following the close of the consultation, unless requested otherwise. Please note that the deadline for the submission of comments is 03 November 2017 and that no attachments can be submitted.

A public hearing will take place at the EBA premises on Thursday 05 October 2017 from 2:00 to 3.30pm UK time.

Legal basis

Article 96(6) of Directive 2014/65/EU (PSD2) requires payment service providers to "provide statistical data on fraud relating to different means of payment to their competent authorities". It also requires competent authorities to provide aggregate data to the EBA and the ECB.

Press Release

EBA updates its guidelines on fraud reporting under PSD2

22 January 2020

The European Banking Authority (EBA) publishes today an amendment to its 2018 guidelines on fraud reporting under the revised Payment Services Directive (PSD2). The changes reflect some consequential amendments to the reporting templates under the guidelines as a result of clarifications provided more recently by the European Commission on the application of strong customer authentication (SCA) to certain type of transactions.

More specifically, the amendment introduces two new data fields for reporting transactions where SCA is not applied for reasons other than an exemption to SCA under the Commission Delegated Regulation (EU) 2018/389, with the aim of ensuring that these transactions are reported in a consistent and correct manner across the EU/EEA.

In addition, some editorial changes to the guidelines were introduced for greater clarity.

A consolidated version of the updated guidelines is published alongside the amending guidelines for convenience purposes.

Application date

The amendments will apply to the reporting of payment transactions initiated and executed from 1st July 2020.

Legal basis

These amending Guidelines have been drafted according to Article 16 of the EBA Regulation and in fulfilment of the EBA mandate under Article 96(6) of Directive (EU) 2015/2366 on payment services in the internal market (PSD2).

EBA publishes final Guidelines on fraud reporting under PSD2

18 July 2018

The European Banking Authority (EBA) published today its final Guidelines on fraud reporting under the revised Payment Services Directive (PSD2). These Guidelines, which the EBA developed in close cooperation with the European Central Bank (ECB) and which are addressed to payment service providers and competent authorities, are aimed at contributing to the objective of PSD2 of enhancing the security of retail payments in the EU.

These Guidelines require payment service providers across the 28 EU Member States to collect and report data on payment transactions and fraudulent payment transactions using a consistent methodology, definitions and data breakdowns.

Having assessed the responses received to the consultation paper (CP) it had published in August 2017, the EBA decided to make a number of changes to the Guidelines and related annexes. In particular, the final Guidelines now no longer require quarterly reporting of high-level data and a more detailed set of data on a yearly basis, but the reporting of a uniform set of data on a semi-annual basis instead.

The geographical scope of the data, too, has been reduced in size and complexity compared to the draft Guidelines that had been proposed in the CP, as the Guidelines do no longer require country-by-country data breakdowns and there is now a uniform geographical breakdown (instead of three different ones). In addition, fraudulent transactions where the payer is the fraudster are no longer within the scope of the Guidelines. Furthermore, jointly with the ECB, the EBA has made particular efforts further to align the Guidelines with related reporting requirements, in particular with the ECB Regulation on payment statistics (ECB/2013/43).

Legal basis and background

These Guidelines have been drafted in accordance with Article 96(6) of Directive (EU) 2015/2366 on payment services in the internal market (PSD2), which states that "Member States shall ensure that payment service providers provide, at least on an annual basis, statistical data on fraud relating to different means of payment to their competent authorities. Those competent authorities shall provide EBA and the ECB with such data in an aggregated form".

Consultation Papers

Consultation on Guidelines on fraud reporting under PSD2

Summary 02/08/2017

The Guidelines define the meaning of ‘fraudulent payment transactions’ for the purpose of the data reporting under these particular Guidelines. The Guidelines also include periodic reporting requirements on payment transactions and fraudulent payment transactions and set out the methodology for collating and reporting data, including data breakdown, reporting periods, frequency and reporting deadlines. The Guidelines leave it to the discretion of the competent authority to decide on the technological aspects of the reporting format and the means of communication.

Consultation process

Responses to this consultation can be sent to the EBA by clicking on the ‘send your comments' button on the website.

A public hearing will take place at the EBA premises on Thursday 05 October 2017 from 2:00 to 3.30pm UK time.

Legal basis

Article 96(6) of Directive 2014/65/EU (PSD2) requires payment service providers to “provide statistical data on fraud relating to different means of payment to their competent authorities”. It also requires competent authorities to provide aggregate data to the EBA and the ECB.

Public Hearing

Note: A Public Hearing is related to this consultation but is not visible to public users since the date is past

News

EBA consults on fraud reporting requirements under PSD2

Consultation process

Legal basis

Press contacts

Press Release

EBA updates its guidelines on fraud reporting under PSD2

Application date

Legal basis

EBA publishes final Guidelines on fraud reporting under PSD2

Legal basis and background

Press contacts

Consultation Papers

Consultation on Guidelines on fraud reporting under PSD2

Summary 02/08/2017

Consultation process

Legal basis

Public Hearing