1 August 2024
The European Banking Authority (EBA) and the European Central Bank (ECB) published today a joint Report on payment fraud data. The report assesses payment fraud reported by the industry across the European Economic Areas (EEA), which amounted to €4.3bn in 2022 and €2.0bn in the first half of 2023. The Report confirms the beneficial impact of strong customer authentication (SCA) on fraud levels.
The Report examines the total number of payment transactions and the subset of fraudulent transactions in terms of value and volume. In addition to the aggregated values, the Report also presents data based on volumes and also sorted by type of payment instruments, i.e. credit transfers, direct debits, card payments, cash withdrawals, and e-money transactions.
SCA-authenticated transactions featured lower fraud rates than non-SCA transactions, especially for card payments, both in terms of values and volumes. Furthermore, fraud shares for card payments, both in terms of values and volumes, were 10 times higher when the counterpart is located outside the EEA, where the application of SCA is not legally required and may therefore not have been requested. Hence, the report confirms the beneficial impact of the SCA requirements that were introduced by the PSD2 and the supporting technical standards that the EBA had issued in 2018 in close cooperation with the ECB.
The Report also finds that losses due to frauds were distributed differently among liability bearers depending on the payment instrument.
The EBA and the ECB will continue to monitor fraud data and going forward, will publish the aggregate data on an annual basis. This initial rReport presents observations in a descriptive way, while future editions will also include explanations of the data and observed trends.
Background and legal basis
The EBA and the ECB, in their respective roles as supervisory authority of payment service providers and overseer of payment systems, instruments, schemes and arrangements, closely monitor developments in payment fraud. Both the EBA and the ECB thereby rely on statistical information on the volumes and values of payment transactions and corresponding fraud reported by payment service providers (PSPs) located in the EU/EEA.
In accordance with Article 96(6) of PSD2, PSPs are required to report statistical data on fraud relating to different means of payment to their competent authorities (NCAs). NCAs, in turn, are required to provide both the EBA and the ECB with this data in aggregated form. In support of these provisions, the EBA Guidelines on fraud reporting under PSD2 (EBA/GL/2018/05, hereafter “EBA Guidelines”), which apply since 1 January 2019, specify the data that should be reported under the PSD2. In addition, Regulation (EU) No 1409/2013 of the European Central Bank on payments statistics (ECB/2013/43), as amended (hereafter ‘ECB Regulation on payments statistics’), requires PSPs located in the euro area to report inter alia detailed information on payment fraud to their national central banks, which in turn shall share the data in aggregated form with the ECB. Data under both the EBA Guidelines and the ECB Regulation on payments statistics is reported on a semi-annual basis.
This Report, jointly prepared by the EBA and the ECB, presents a comprehensive overview of the latest data collected under the above-mentioned frameworks.
Documents