PSD3 – What does this mean for Fraud in the EuroZone?

Solution

Platform

How it works

Discover unconstrained innovation in the cloud

US

EU

UK

Region

United States

Access ACH and real-time payments with a single API
Schemes

US Instant RTPFedNow

US EPNFedACH

Additional Services

Payment Orchestration

Europe

Unlock the power of SEPA through a single API
Schemes

EU Instant Instant Credit Transfer

EU Direct DebitCredit Transfer

United Kingdom

A single API integration for all UK payment schemes
Schemes

UK Instant FPS

UK BACS

Additional Services

Confirmation of Payee

On-Us Payments

Payment Orchestration

Fraud
Development

Engineering

Engineering

Discover about our work, teams and culture

Api Docs

API Docs

API Tutorials

API Status

Featured readings

ENGINEERING BLOG

Applying the Five W's to Incident Management

Read more

PODCAST

The landscape of hacking

Listen now
Company

About

Approach

Our Story

The Team

Strategic Partners

Customer Stories

Awards

People

Careers

Vacancies

Culture

Latest news

May 29, 2024

Currencycloud Partners with Form3 to Boost Confirmation of Payee Fraud Detection

Press Release

Read more
Resources

News

Payment Insights

Get our latest insights into the world of payments
Press Releases

Read up on our latest announcements

Blogs

Engineering Blog

Catch up on all our latest blogs and events
Culture Blog

Read about our experiences and ESG practices

Featured

PAYMENT INSIGHTS

Form3: AI and Risk Scoring Help Stop Push Payment Fraud ‘in Its Tracks’

Read more

PODCAST

Banking on innovation: A conversation with Mandy Lamb

Listen now

Back to News

PSD3 – What does this mean for Fraud in the EuroZone?

Blog· 4min July 10, 2023

For those of you who saw any of Glastonbury over the weekend, Elton John's "final" uk performance attracted over 7.3million viewers across the BBC's coverage and whilst the numbers haven't been released yet for attendance in person at the Pyramid Stage, it is reported to be well in excess of the 100,000 that attended Paul McCartney's headline set in 2022.

To quote, one of Elton's songs from Sunday night:

Are you ready, are you ready for... PSD3?

Yes I am, are you?

What is PSD3 looking to achieve?

Yesterday, 28th June, the European Commission has put forward proposals to "bring payments and the wider financial sector into the digital age". The proposal will amend PSD2 to become PSD3. There are 6 key areas on which the proposals are focused, which are:

Combat and mitigate payment fraud.

Improve consumer rights.

Further levelling the playing field between banks and non-banks.

Improve the functioning of open banking.

Improve the availability of cash in shops and via ATMs.

Strengthen harmonisation and enforcement.

What does this mean for Fraud?

I want to focus on the first point of combatting and mitigating payment fraud, and within the outlines there are 4 key points called out around fraud (these are available in the factsheet provided by the EU and a link is in the comments).

MAKE widely available a service to check whether the name of the payee and bank account number match each other, before a transfer is confirmed.

HELP banks and other PSPs cooperate against fraud through more fraud-related information sharing.

GIVE victims of fraud a right of refund by their bank or other PSP, in specific circumstances.

OBLIGE banks to improve customers’ awareness about fraud.

These 4 areas are strongly aligned to the work that is already underway in the UK to address emerging fraud threats, primarily around APP Fraud. There is a clear lineage between these 4 statements and the UK's current and proposed approach:

This aligns to the existing Confirmation of Payee (COP) solution which exists for validating the account details prior to sending the payment. COP currently applies to c99% of UK FPS and data shows that where a COP match is not achieved this can be c25 times higher probability of fraud risk than a COP validation.

The recent white paper, published by the Payments Association and sponsored by Form3, highlights the challenges but the opportunities that exist around appropriate and structured data sharing. This is something that will become more important with initiatives such as Enhanced Fraud Data Sharing (EFDS) and other mechanisms as secure and compliant data sharing provides a significant opportunity to prevent fraud.

The PSR regulations around reimbursement requirements are ensuring the rights of victims of Fraud are protected and preserved.

The work done by industry bodies (Take5, StopScamsUK, UKFinance, Payments Association - to name but a few) has provided beneficial in protecting customers through increased awareness.

What are the details around the IBAN Verification service

The provision of the IBAN verification service is being incorporated into the wider Fraud Pattern and Anomaly Detection (FPAD) functionality which is being built and managed by EBA Clearing.

The mechanics of the IBAN verification service are very similar to that of COP however the proposals within PSD3 will now extend out this obligation to all credit transfers within the EU. As with COP, the advice is presented to the payer of any discrepancy with the expected payee based upon the details provided. Whether the payer decided to make the payment in the event of an incorrect match to the payee details is the decision of the payer.

There is one line, in the Q&A’s provided by the European Commission, which indicates there may be challenges around future liability – “The payer will have the right to opt out of the service.” By making this provision of intelligence optional (as opposed to mandated to be presented to the customer) and then aligning this to objective 3 relating to reimbursing customers, this could present a difficult situation around the extent to which a customer understands any implications of opting out of this service.

What happens now?

For PSP’s, the direction of travel is clear in terms of what will become legislation in the future. Start preparing for how you will be able to comply with the broad themes that are to be implemented.

From a legislative perspective, the next steps are:

A review of the proposals by European Council and European Parliament

Once agreed upon, the text and proposal will become enforceable.

However, a transition period applies for the Payment Systems Regulation

With respect to enforcement, it is required to implement the directives into national legislation – the timeframe for this will be determined by the EU Legislation.

As a result, there are no firm timing points confirmed on when this will happen – however, subject to consultation and amendments, the recommendations will become legal requirements for PSPs to follow.

Written by

Chris Oakley Head of Fraud

Currencycloud Partners with Form3 to Boost Confirmation of Payee Fraud Detection

PSD3 – What does this mean for Fraud in the EuroZone?

What is PSD3 looking to achieve?

What does this mean for Fraud?

What are the details around the IBAN Verification service

What happens now?