The Opinion, grounded in the EBA's mandate to ensure the integrity of financial activities, evaluates recent payment fraud data and identifies emergent patterns and methodologies employed by fraudsters.
Key findings of the Opinion underscore the effectiveness of existing regulatory measures, such as Strong Customer Authentication (SCA), in curbing traditional forms of fraud centred around credential theft. However, the EBA warns of a paradigm shift towards more sophisticated tactics, including the alarming rise of 'social engineering' schemes, where fraudsters exploit human psychology to manipulate individuals into divulging sensitive information.
To address these dynamic challenges, the EBA is advocating for the implementation of additional security measures to complement existing regulations outlined in the PSD3, the PSR, and the Instant Payments Regulation (IPR). These proposed measures aim to fortify the forthcoming legislative framework and ensure its resilience against future threats.
The Opinion, grounded in legal mandates delineated in Regulation (EU) No 1093/2010, empowers the EBA to deliver a coordinated approach to regulating and supervising emerging financial activities. It underscores the EBA's commitment to proactively safeguarding the integrity of the EU's financial ecosystem.
In response to the EBA's recommendations, stakeholders across the payments industry are expected to engage in dialogue and collaborate with regulatory authorities to enact robust measures that uphold the security and trustworthiness of payment systems.
With payment fraud evolving at an unprecedented pace, the EBA's proactive stance signals a concerted effort to stay ahead of fraudsters and uphold the integrity of the European financial landscape for years to come.
The EBA supports new rules proposed by the EU Commission to make online payments safer. They like the idea of checking account numbers and names to prevent fraud, especially for cross-border transactions. They also think it's a good idea for banks to share information about fraud and teach customers how to spot scams.
However, the EBA raises concerns about the phased implementation of the IBAN/Name check requirement across the EEA. This approach could potentially lead to increased fraud levels during the interim period if adequate security measures are not implemented.
Given the evolving nature of fraud, the EBA proposes additional security measures to ensure a robust and future-proof framework for mitigating payment fraud in the EU. These measures include:
reinforced security requirements for PSPs to enhance transaction authentication procedures and detect vulnerabilities in the payment process.
implementation of a fraud risk management framework by PSPs in addition to mandatory security requirements.
revision of liability rules to differentiate between authorized and unauthorized transactions and clarify the concept of "gross negligence."
strengthened and harmonised supervision of fraud management, leveraging existing fraud data collected under PSD2.
establishment of appropriate security requirements for a single EU-wide platform for information sharing to prevent and detect potentially fraudulent payment transactions.
In conclusion, the EBA is actively working to enhance the security of online payments across the European Union. While supporting recent proposals to tighten regulations and prevent fraud, the EBA remains vigilant about potential gaps in implementation that could leave consumers vulnerable. By advocating for additional security measures and clearer rules, the EBA aims to create a robust framework that safeguards the integrity of the EU's financial ecosystem. Through collaboration with regulatory authorities and stakeholders in the payments industry, the EBA seeks to ensure that payment systems remain resilient against evolving threats and maintain the trust of consumers.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now