While payments circulate seamlessly and within seconds across SEPA today, it remains a sobering reality for many European payment professionals that their fraud-fighting efforts are curbed by national borders and sometimes even confined to their own institutions. Fraudsters, however, as the Euro Retail Payments Board (ERPB) recently noted, have long become pan-European and use the same fraud methods in different countries and across borders, because they know the likelihood of coordinated preventative action is low. A report on the preliminary observations on payment fraud data under PSD2, released by the European Banking Authority, confirms that cross-border transactions are especially vulnerable to fraud. While cross-border payments only take a low share of the total payment volume in the EU, their share in the volume of fraudulent transactions is significantly higher.
Although the European political agenda, concerted industry action, consumer demand and other drivers have contributed to a more integrated pan-European payments ecosystem, the regulatory landscape around it is still lacking harmonisation in a number of domains; this hampers Europe-wide fraud prevention and detection activities in particular. Fraud experts across the continent have identified diverging interpretations of the EU General Data Protection Regulation (GDPR) and privacy considerations as some of the key obstacles to pan-European fraud intelligence and data exchange. Banking secrecy requirements, competition law considerations and liability concerns add to the challenges of making fraud fighting efforts as seamless as the payments they are supposed to protect.
Nevertheless, payment service providers (PSPs) and policy makers in Europe, such as the European Commission and the European Banking Authority, have been working to improve fraud detection and reporting locally and across borders. In order to succeed, these initiatives require harmonisation at different levels: aligned regulation around the sharing of fraud data and intelligence across Europe and standardisation of fraud identification and reporting across the ecosystem.
As an important step to ensure that payment fraud experts across Europe use a common vocabulary when joining forces against payments fraud, the Euro Banking Association (EBA) delivered a fraud taxonomy in July 2021 to PSPs and other interested parties across Europe. Developed with the support of fraud experts from financial institutions across Europe, this EBA Fraud Taxonomy categorises fraud types and can be used by PSPs as a common basis for fraud reporting, intelligence sharing and data sharing.
Currently, the first PSPs and communities are preparing to implement the EBA Fraud Taxonomy as part of a try-out phase that started on 1 January 2022. A first annual review cycle is also under way, based on first inputs provided by PSPs and other stakeholders. This will result in an updated version of the taxonomy in June to be deployed and implemented by the end of 2022.
The EBA Fraud Taxonomy has been created in the context of other ecosystem initiatives that are working on ways to facilitate bilateral data exchange: it is aligned with the European Banking Authority Guidelines on Fraud Reporting under PSD2 and is aimed at complementing and supporting the fraud combatting work taken forward by the European Payments Council (EPC).
First practical steps have also been taken with regard to implementing fraud prevention measures at payment initiation on a cross-border level. Many of these initiatives have zoomed in on verifying that the payee details in the transaction are correct. Examples include the SWIFT payment pre-validation service, which enables banks to verify payee account details before an international payment is sent, and the first cross-border Confirmation of Payee (CoP) service. Launched in December 2021 as a result of a collaboration of three solution providers, the service enables involved parties to check that account information entered and intended beneficiary match when initiating cross-border payments between France and the Netherlands.
The pan-European SEPA Request-to-Pay Scheme, launched by the EPC in June 2021, provides an additional barrier to fraudsters and works in a cross-border context. Request to pay is typically based on a four-corner model consisting of the payer, the payee and their respective service providers. When the payee’s service provider receives a request to pay, it authenticates its client and sends an authorisation message with verified payee identification and order reference to the payer’s service provider, who asks the payer for confirmation of the payee’s request prior to the initiation of the related payment. Based on the information delivered in the request to pay exchange and the use of secure messaging channels, each party has additional transparency and certainty before the initiation of the payment that their counterparty is who they claim they are and that payments are not sent to a fraudulent destination.
Overall, both regulators and the private sector have a keen interest in tackling payments fraud on a pan-European level as the number of initiatives on both ends demonstrate. Ecosystem collaboration and harmonisation will remain crucial in getting standards, rules and processes underway.
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.
About Thomas Egner
About Euro Banking Association
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now