New regulations like the proposed PSD3 and PSR are raising the bar for fraud prevention in the EU. These upcoming rules aim to better protect consumers and businesses from the growing threat of financial fraud.
Recent regulatory developments require banks in some markets, such as the UK, to reimburse fraud victims quickly when fraud occurs (unless there’s clear evidence of customer negligence). This approach will create a safer banking environment because it ensures customers aren’t left bearing the financial losses from scams. It also encourages banks to invest in better fraud prevention systems.
Three particularly important trends are emerging:
- Enhanced security requirements: The European Commission will be extending the compulsory IBAN/name checking service (Confirmation of Payee) to regular credit transfers, and also reinforcing Strong Customer Authentication (SCA), which is “already producing spectacular results” in reducing fraud.
- Shared liability: The EU is considering following the UK’s approach of split liability between the bank of the payer and the bank of the payee. If done, this would incentivise the receiving bank to combat fraud too, encouraging a more comprehensive approach to fraud detection across the entire transaction chain.
- Improved transparency: PSD3 aims to combat payment fraud by enabling PSPs to “share fraud-related information between themselves” and increasing consumer awareness of how their banks handle fraud and reimbursement. It’s hoped that this will foster accountability within the industry.
- Securing the first critical step of the online payment with Verification of Payee: VoP directly tackles this problem by adding a simple but effective verification step to the payment process.
Meeting these requirements will require significant investment in technology and processes, leveraging technologies such as machine learning and real-time transaction analysis.
Banks and PSPs will need to review their existing systems, update their fraud detection processes and train employees on the new requirements. They’ll also need to develop clear policies on what’s considered ‘normal customer payment behavior’ and establish guidance on the appropriate security checks needed for different transaction types and risk levels.