On 9 December 2019, the European Payments Council published the 2019 Payment Threats and Fraud Trends Report, which provides an overview of the most important threats in the European payments landscape.

The report provides an overview of the most important threats in the payments landscape, including social engineering and phishing, malware, advanced persistent threats (APT), mobile device related attacks, (distributed) denial of service, botnets and threats related to cloud services, big data, internet of things and virtual currencies. For each threat, apart from a definition and description, the report analyses the impact and context and then suggests controls and mitigations. Annex II of the report includes a matrix listing the threats with the main controls and mitigation measures. The description of the threats is followed by a section in the report that elaborates on fraud related to payment instruments (cards, SEPA Credit Transfer and SEPA Direct Debit), while conclusions are set out in the final section.

The main conclusions in the report regarding payment fraud are as follows:

  • concerning card payment fraud, criminals are changing their approach. Not only by changing to more high-tech frauds like APT, but also some are reverting to old school types of fraud such as lost and stolen, sometimes in combination with social engineering. As e-commerce is still on the rise, card not present fraud remains a significant factor for fraud losses; and
  • for SEPA Credit Transfer and Direct Debit transactions, criminals’ use of impersonation and deception scams, as well as online attacks to compromise data, continue to be the primary factors behind fraud losses. During the past year there has been an increase in authorised push payment fraud.