FinTechCyber Security & FraudEU Payment Fraud Tops €4.3 Billion, But New Security Measures Show Promise

EU Payment Fraud Tops €4.3 Billion, But New Security Measures Show Promise

European financial regulators have revealed that payment fraud across the European Economic Area (EEA) amounted to a staggering €4.3 billion in 2022, with an additional €2.0 billion recorded in just the first half of 2023.

This comprehensive analysis, jointly prepared by the European Banking Authority (EBA) and the European Central Bank (ECB), offers the most detailed picture yet of the evolving landscape of payment fraud in Europe.

The report, which examines data from the second half of 2022 through the first half of 2023, shows that credit transfers and card payments bore the brunt of fraudulent activities.

In the first half of 2023 alone, fraudulent credit transfers sent by payment service providers (PSPs) in the EU/EEA totalled €1.131 billion, while card fraud using cards issued in the EU/EEA reached €633 million.

Despite these substantial figures, the report also highlights encouraging signs that enhanced security measures, particularly Strong Customer Authentication (SCA) requirements introduced under the revised Payment Services Directive (PSD2), are having a positive impact.

Transactions authenticated using SCA consistently showed lower fraud rates compared to those without, especially for card payments.

This inaugural report, leveraging data collected under PSD2 and the ECB Regulation on payments statistics, provides unprecedented insights into fraud patterns, geographic trends, and the effectiveness of security measures across various payment instruments. As digital payments continue to grow, these findings offer crucial guidance for regulators, financial institutions, and consumers in the ongoing battle against payment fraud.

Key Findings: Fraud Rates by Payment Instrument

While the absolute value of fraudulent transactions is significant, the report reveals that fraud rates remain relatively low as a percentage of total transactions. In the first half of 2023:

  • Card payments showed the highest fraud rate at 0.031% of total transaction value.
  • E-money transactions followed closely with a fraud rate of 0.022%.
  • Credit transfers, despite high absolute fraud values, had a low fraud rate of 0.001%.
  • Direct debits and cash withdrawals showed fraud rates of 0.002% and 0.008% respectively.

In terms of transaction volumes, card payments again led with 7.31 million fraudulent transactions, representing 0.015% of total card payment volumes.

The Geography of Fraud

The report highlights a striking contrast between where transactions occur and where fraud happens:

  • While 79-82% of credit transfers and card payments were domestic, the majority of fraud was cross-border.
  • 71% of card fraud value and 68% of fraudulent card transactions were cross-border.
  • For credit transfers, 43% of fraudulent value and 36% of fraudulent volume were cross-border.
  • Notably, 28% of card fraud value involved transactions outside the EEA, compared to only 4% of total card payment value.

This data underscores the international nature of payment fraud and the challenges in securing cross-border transactions.

The Impact of Strong Customer Authentication (SCA)

One of the most promising findings relates to the effectiveness of Strong Customer Authentication:

  • The majority of electronic payments in value terms were authenticated using SCA in 2022 and H1 2023.
  • For credit transfers, 77% of transaction value was SCA-authenticated in H1 2023.
  • Card payments authenticated via SCA showed consistently lower fraud rates compared to non-SCA transactions.
  • This pattern held true for both domestic and cross-border transactions, with fraud rates for SCA-authenticated card payments within the EEA ranging from 0.013% to 0.017% in value terms.

These findings provide strong evidence that the SCA requirements introduced under PSD2 are having the desired effect in reducing fraudulent payments, particularly within the EEA.

You’re right, I apologize for the overuse of bullet points. I’ll restructure the section to make it more narrative and engaging. Here’s a revised version:

A Tale of Two Transaction Methods

The landscape of payment fraud reveals a stark contrast between remote and non-remote transactions. Credit transfers and e-money payments, predominantly initiated remotely, show a consistent pattern: both legitimate and fraudulent transactions occur mainly through online or mobile channels. In fact, a whopping 98% of fraudulent credit transfer value in the first half of 2023 came from remote transactions.

Card payments, however, tell a different story. While most legitimate card transactions happen in person – accounting for 76% of total value – fraudsters have found their playground in the digital realm. A staggering 82% of card fraud value originated from remote transactions. This disparity underscores the vulnerabilities inherent in online card payments, where physical verification methods are absent.

The Anatomy of Fraud

Delving deeper into the mechanics of fraud, we see distinct patterns across different payment methods. Card payments, cash withdrawals, and e-money transactions share a common thread: over 92% of fraud by value stems from fraudulent payment orders issued directly by the perpetrator.

Credit transfer fraud, however, paints a more complex picture. Here, social engineering plays a significant role, with 57% of fraudulent value resulting from manipulating unsuspecting payers into initiating transactions themselves. The remaining 43% follows the more traditional route of fraudsters directly issuing payment orders.

Zooming in on card fraud reveals further nuances. In the digital sphere, card detail theft reigns supreme, accounting for 61% of remote fraud value. Meanwhile, in the physical world, lost or stolen cards remain the primary concern, responsible for 39% of non-remote fraud value.

These findings highlight the dual challenge facing the payments industry: fortifying digital defenses against sophisticated online attacks while also addressing the persistent risks associated with physical card theft and loss.

The Burden of Loss

When it comes to bearing the financial brunt of fraud, the distribution between payment service providers (PSPs) and users (PSUs) varies significantly across payment types and geographies. Card payment losses in the first half of 2023 were split, with users shouldering 45% of the burden. Cash withdrawal fraud losses were divided almost evenly, with users bearing a slight majority at 51%.

Credit transfer fraud, however, hits users particularly hard. In these cases, PSUs found themselves bearing a hefty 86% of losses. This stark difference raises important questions about the effectiveness of consumer protection measures in credit transfer systems compared to other payment methods.

Perhaps most striking is the variation across countries. In some nations, users bear over 80% of card fraud losses, while in others, this figure drops below 30%. This disparity points to significant differences in liability policies and consumer protection frameworks across the EEA, suggesting a need for more harmonized approaches to safeguarding users against financial losses from fraud.

Strong Customer Authentication Makes Its Mark

One of the most encouraging findings from the report is the positive impact of Strong Customer Authentication (SCA), a key security measure introduced under the revised Payment Services Directive (PSD2). The data paints a clear picture of SCA’s effectiveness in combating fraud.

In the first half of 2023, the majority of electronic payments by value were authenticated using SCA. Credit transfers led the way, with 77% of transaction value secured by this method. Card payments and e-money transactions followed suit, with 65% and 64% of their respective values protected by SCA.

The benefits of this enhanced security are evident in the fraud rates. Card payments authenticated via SCA consistently showed lower fraud rates compared to non-SCA transactions. This trend held true across both domestic and cross-border transactions within the EEA, with fraud rates for SCA-authenticated card payments ranging from a mere 0.013% to 0.017% in value terms.

However, the picture changes dramatically when we look beyond EEA borders. Transactions with counterparts outside the EEA, where SCA may not be mandated, showed substantially higher fraud rates. This stark contrast underscores the importance of global cooperation in payment security standards.

Exemptions and Their Implications

While SCA has proven effective, the report also sheds light on various exemptions allowed under the regulatory technical standards. These exemptions, designed to balance security with user convenience, show varying levels of vulnerability to fraud.

For instance, credit transfers exempted from SCA due to being classified as low-value or to trusted beneficiaries showed higher fraud rates compared to those exempted for recurring transactions or secure corporate processes. This nuanced data provides valuable insights for fine-tuning security protocols, suggesting areas where additional safeguards might be necessary.

Looking Ahead

As digital payments continue to grow, the findings from this report offer crucial guidance for the future of payment security in Europe. The success of SCA within the EEA demonstrates the positive impact of coordinated regulatory action. However, the higher fraud rates in cross-border transactions outside the EEA highlight the need for broader international cooperation in setting and enforcing security standards.

The varied distribution of fraud losses between service providers and users across different countries also points to an opportunity for more harmonized consumer protection measures across the EEA. This could ensure that users in all member states enjoy similar levels of protection against financial losses from fraud.

Moreover, the prevalence of social engineering in credit transfer fraud suggests a need for enhanced consumer education initiatives. By raising awareness about common manipulation tactics, authorities and financial institutions could empower users to better protect themselves against fraud.

As we move forward, the challenge will be to continue improving security measures while maintaining the convenience and speed that users expect from modern payment systems. This inaugural report provides a solid foundation for informed decision-making, but it also underscores the need for ongoing vigilance and adaptation in the face of evolving fraud tactics.

Subscribe to get your daily business insights

Whitepapers & Resources

2021 Transaction Banking Services Survey
Banking

2021 Transaction Banking Services Survey

3y
CGI Transaction Banking Survey 2020

CGI Transaction Banking Survey 2020

4y
TIS Sanction Screening Survey Report
Payments

TIS Sanction Screening Survey Report

5y
Enhancing your strategic position: Digitalization in Treasury
Payments

Enhancing your strategic position: Digitalization in Treasury

5y
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

6y