PSD3 – What does this mean for Fraud in the EuroZone?

Blog· 4min July 10, 2023

For those of you who saw any of Glastonbury over the weekend, Elton John's "final" uk performance attracted over 7.3million viewers across the BBC's coverage and whilst the numbers haven't been released yet for attendance in person at the Pyramid Stage, it is reported to be well in excess of the 100,000 that attended Paul McCartney's headline set in 2022.  

To quote, one of Elton's songs from Sunday night:  

Are you ready, are you ready for... PSD3? 

Yes I am, are you? 

What is PSD3 looking to achieve?

Yesterday, 28th June, the European Commission has put forward proposals to "bring payments and the wider financial sector into the digital age". The proposal will amend PSD2 to become PSD3. There are 6 key areas on which the proposals are focused, which are: 


Combat and mitigate payment fraud. 


Improve consumer rights. 


Further levelling the playing field between banks and non-banks. 


Improve the functioning of open banking. 


Improve the availability of cash in shops and via ATMs. 


Strengthen harmonisation and enforcement. 

What does this mean for Fraud?

I want to focus on the first point of combatting and mitigating payment fraud, and within the outlines there are 4 key points called out around fraud (these are available in the factsheet provided by the EU and a link is in the comments).  


MAKE widely available a service to check whether the name of the payee and bank account number match each other, before a transfer is confirmed. 


HELP banks and other PSPs cooperate against fraud through more fraud-related information sharing. 


GIVE victims of fraud a right of refund by their bank or other PSP, in specific circumstances. 


OBLIGE banks to improve customers’ awareness about fraud.  

These 4 areas are strongly aligned to the work that is already underway in the UK to address emerging fraud threats, primarily around APP Fraud. There is a clear lineage between these 4 statements and the UK's current and proposed approach: 


This aligns to the existing Confirmation of Payee (COP) solution which exists for validating the account details prior to sending the payment. COP currently applies to c99% of UK FPS and data shows that where a COP match is not achieved this can be c25 times higher probability of fraud risk than a COP validation. 


The recent white paper, published by the Payments Association and sponsored by Form3, highlights the challenges but the opportunities that exist around appropriate and structured data sharing. This is something that will become more important with initiatives such as Enhanced Fraud Data Sharing (EFDS) and other mechanisms as secure and compliant data sharing provides a significant opportunity to prevent fraud. 


The PSR regulations around reimbursement requirements are ensuring the rights of victims of Fraud are protected and preserved. 


The work done by industry bodies (Take5, StopScamsUK, UKFinance, Payments Association - to name but a few) has provided beneficial in protecting customers through increased awareness. 

What are the details around the IBAN Verification service

The provision of the IBAN verification service is being incorporated into the wider Fraud Pattern and Anomaly Detection (FPAD) functionality which is being built and managed by EBA Clearing.  

The mechanics of the IBAN verification service are very similar to that of COP however the proposals within PSD3 will now extend out this obligation to all credit transfers within the EU. As with COP, the advice is presented to the payer of any discrepancy with the expected payee based upon the details provided. Whether the payer decided to make the payment in the event of an incorrect match to the payee details is the decision of the payer. 

There is one line, in the Q&A’s provided by the European Commission, which indicates there may be challenges around future liability – “The payer will have the right to opt out of the service.” By making this provision of intelligence optional (as opposed to mandated to be presented to the customer) and then aligning this to objective 3 relating to reimbursing customers, this could present a difficult situation around the extent to which a customer understands any implications of opting out of this service.

What happens now?

For PSP’s, the direction of travel is clear in terms of what will become legislation in the future. Start preparing for how you will be able to comply with the broad themes that are to be implemented. 

From a legislative perspective, the next steps are: 


A review of the proposals by European Council and European Parliament 


Once agreed upon, the text and proposal will become enforceable. 


However, a transition period applies for the Payment Systems Regulation 


With respect to enforcement, it is required to implement the directives into national legislation – the timeframe for this will be determined by the EU Legislation. 

As a result, there are no firm timing points confirmed on when this will happen – however, subject to consultation and amendments, the recommendations will become legal requirements for PSPs to follow. 

Written by

Chris Oakley Head of Fraud