Contact Us

Disruptive Competition Project

655 15th St., NW

Suite 410

Washington, D.C. 20005

Phone: (202) 783-0070
Fax: (202) 783-0534

Close
Menu
Menu

Reducing Payment Fraud in the EU: Why the PSR Needs to Strike the Right Balance

· January 15, 2025

Tags

Credit: Farion_O

Main takeaways

  1. Shared fraud liability under the EU’s proposed Payment Services Regulation would undermine cooperation between banks, telecoms, and online platforms
  2. Practice shows that mandatory reimbursement mechanisms increase fraud
  3. Tackling fraud effectively requires cooperative and educational approaches instead

Payment fraud is a global challenge, with fraudsters employing increasingly sophisticated methods to exploit vulnerabilities in the payment ecosystem. The European Union has taken steps to address this issue by proposing updates to its regulatory framework for payments, including a new Payment Services Regulation (PSR). 

And while the goal of reducing payment fraud is widely supported by the digital, telecom and payment sectors, the shared liability regime proposed by the European Parliament risks making the PSR counterproductive. Indeed, various studies highlight the dangers of this approach and offer alternative solutions to tackle fraud, while avoiding the unintended consequences of Parliament’s PSR position.

1. Payment fraud challenge

The EU’s existing payment regulations have successfully mitigated basic forms of fraud, such as the unauthorised use of stolen card details. However, fraudsters have shifted to more advanced tactics in recent years, particularly to so-called Authorised Push Payment (APP) scams. In APP fraud, users are manipulated into authorising payments to accounts controlled by malicious actors. Common scenarios include fraudsters impersonating trusted institutions or individuals in order to convince consumers that their bank account is compromised, or exploiting personal relationships through romance scams.

A major challenge in addressing APP fraud lies in its multi-faceted nature. Fraudsters often exploit gaps across various sectors – including banking, telecoms, and online platforms – and use multiple communication channels to perpetrate their schemes. Tackling such fraud requires a coordinated, cross-sectoral approach built on trust, cooperation, and education.

The European Commission’s initial proposal for the PSR aimed to make payment service providers liable when malicious actors impersonating their employees trick users into approving payments. Members of the European Parliament (MEPs), however, have proposed changes that mark an unprecedented extension of fraud liability. It would extend liability to online platforms and telecom operators, who would now be required to reimburse fraud victims, and cover a much broader range of scams.

2. Risks of Parliament’s liability regime

Three recent studies shed light on the risks of the shared liability regime proposed by Parliament, providing valuable insights and actionable fixes. A study conducted by Copenhagen Economics emphasises that shifting liability between banks, telecom operators and online platforms would undermine cooperation, which is essential for combating fraud. The authors found that businesses already invest heavily in fraud prevention to maintain user trust and comply with existing regulations. Extending liability risks creating a culture of blame-shifting instead of fostering collaboration, Copenhagen Economics stresses.

Secondly, in a recent Policy Brief the European Centre for International Political Economy (ECIPE) highlights the legal incoherence of a shared liability regime. ECIPE concludes that such a regime potentially conflicts with EU regulations such as the Digital Services Act (DSA) and the ePrivacy Directive, as well as other rules that govern data protection, content moderation, and the responsibilities of online platforms and telecom companies. This would only create more confusion for businesses and consumers, according to the authors. 

Policy expert Zach Meyers also authored a study, which he summarised in this op-ed for a broader audience, pointing out that the proposed liability rules would create a “new ‘honeypot’ for scammers” as guarantees of reimbursement would dramatically increase the number of fraud incidents. Meyers’s research shows that countries that introduced mandatory reimbursement schemes, such as the United Kingdom, suddenly saw much higher fraud rates – with guaranteed refunds incentivising fraudulent claims and blame-shifting.

Indeed, it has become clear that the shared liability model proposed by the European Parliament would introduce numerous challenges. Trust and information-sharing between banks, telecom firms, and online platforms are critical to detecting and preventing fraud. By contrast, shared liability rules will lead to over-reporting or defensive practices, where entities prioritise protecting themselves over proactive fraud prevention. 

Fraudsters may also exploit reimbursement schemes, while users are likely to become less vigilant – assuming they will be compensated anyway, regardless of their actions. Ultimately, the cost of mandatory reimbursement will very likely be passed on to consumers through higher fees or reduced service quality.

3. Smarter ways to fight payment fraud

To effectively combat payment fraud, EU policymakers should consider addressing legal barriers that hinder collaboration across sectors right now, such as data-sharing restrictions under the General Data Protection Regulation (GDPR). Promoting voluntary cross-industry initiatives like the Tech Against Scams coalition, which brings together stakeholders to share best practices and intelligence, can also significantly enhance the fight against fraud in smarter ways. 

At the same time, strengthening consumer education remains critical. Investing in awareness campaigns to help consumers recognise and avoid scams in the first place has proven effective. Empowering consumers with tools, such as transaction warnings and fraud-reporting mechanisms, integrated into banking apps and online platforms can further bolster their vigilance for example.

Evaluating the effectiveness of current regulations, such as the DSA and NIS2 Directive, should be prioritised by the EU institutions before introducing new rules. Policymakers must ensure that these laws are fully implemented and enforced across EU Member States to provide a baseline of protection. 

Adopting technology-neutral and outcome-focused regulations that give businesses flexibility to tailor fraud-prevention measures to their unique circumstances will also contribute to a more effective approach. Frameworks like the European Banking Authority’s suggested fraud risk management framework would allow firms to experiment with innovative solutions and prioritise those measures that prove most effective.

Conclusion

While the EU’s ambition to tackle payment fraud is commendable, the shared liability regime tabled by MEPs risks undermining the very collaboration needed to address the issue. By focusing on trust-building, consumer education, and the effective implementation of existing rules and tools, EU policymakers can create a much more robust framework. 

The fight against fraud should not be about creating more blame-shifting, but fostering a unified effort to protect Europe’s consumers and economy. A smarter, more collaborative approach will ensure that the EU can remain a leader in both innovation and security.

European Union

DisCo is dedicated to examining technology and policy at a global scale.  Developments in the European Union play a considerable role in shaping both European and global technology markets.  EU regulations related to copyright, competition, privacy, innovation, and trade all affect the international development of technology and tech markets.

Popular Articles