On 29 April 2024, the European Banking Authority (EBA) published a draft opinion in which it assesses payment fraud data that has recently become available to the EBA, identifies new types and patterns of payment fraud, and develops proposals to mitigate them. The opinion aims at further strengthening the forthcoming legislative framework under the Third Payment Services Directive (PSD3) and Payment Services Regulation (PSR), as it will enshrine anti-fraud requirements for several years to come and needs to be as future-proof as possible.

In the opinion, the EBA confirms that regulatory measures such as strong customer authentication that the revised Payment Service Directive and the EBA’s Technical Standards have imposed on the payments industry have been successful in achieving the aim of significantly reducing fraud that involves the stealing of customers’ credentials. However, fraudsters have adapted their techniques and are using more complex types of fraud, such as those based on what is commonly referred to as ‘social engineering’. To mitigate these dynamic new fraud types, the opinion is proposing that new security measures are prescribed that are in addition to those articulated in the European Commission’s welcome proposals for the PSD3 and a PSR as well as the provisions that recently entered into force through the Instant Payments Regulation.