Mathieu Gitton’s Post

The European Banking Authority (EBA) has unveiled a comprehensive opinion on emerging fraud trends and new #fraud types. 🕵♂️ As to the emerging fraud types, the EBA has observed that fraudsters have started to adapt their techniques to the changing technological and regulatory context. As #SCA has been successful in preventing fraud types based on the stealing of customers’ credentials, new, more complex fraud types emerged or became more widespread in recent years. These new fraud techniques can be separated into three categories: manipulation of the payer, social engineering and technical scam, and enrollment process compromise. To try and mitigate the evolving fraud landscape, the EBA has proposed additional security measures to ensure a robust and future-proof framework for preventing payment fraud in the EU, under the discussion of the #PSD3 / #PSR proposals.

Some nuggets from the recent EBA & ECB report on payment fraud across Europe: 🔐 SCA has been a force for good and is effective at preventing fraud 💳 card payments have by far the highest fraud rates both in value and volume: 📈 0.031% in H1 2023, increasing from 0.026% in H1 2022 or 7.31 million fraudulent transactions out of a total of 48.77 bn total card payments 📱 credit transfer fraud rate by comparison is significantly lower at 0.003% (or 616k fraudulent transfers out of total of 21.81 bn) 💰 credit transfers are often used for high-value payments (AOV €6485), which means that the average value of of a fraudulent credit transfer is higher for credit transfers vs other types of payments, but still significantly lower than the AOV, at €1835 #payments #fraud #cardpayments #report #openbanking https://lnkd.in/dwFMUKUe

🌟 The European Banking Authority (EBA) has issued a Draft Opinion, leveraging new #paymentfraud data and proposing measures to mitigate underlying risks and protect consumers. This strengthens the forthcoming legislative framework under #PSD3 and #PSR, addressing evolving fraud tactics. While current measures like SCA have been successful, the EBA recognizes the need for additional security measures against sophisticated #fraud techniques like '#socialengineering.' This underscores the EBA's commitment to coordinated #financialregulation and #consumerprotection. 📣 We will examine the new types of fraud tackled by PSD3, embedded #SCA, and its challenges for fraud teams during our conference, PSD3/PSR—The Regulatory Update, on November 21. Registration is already open; for more info & registration: https://lnkd.in/e6-qqBPf https://lnkd.in/dgjZkWMR

EBA OPINION ON INSTANT PAYMENTS FRAUD Here is a detailed opinion by the European Banking Authority. A key point is “17. The first is instant credit transfers, also referred to as instant payments, for which the data reported by 18 NCAs for H1 2022, show that the fraud rates in value, besides presenting significant divergences between Member States (MS), are about 10 times higher on average than conventional Credit Transfers (CT).” Instant Payments have ten times the fraud of regular payments.

The European Banking Authority (EBA) published today an Opinion, in which it assesses payment fraud data. The document supports the new security provisions in the upcoming PSD3/PSR legislative framework, advocating for further measures like the mandatory IBAN/Name checks and enhanced fraud monitoring requirements. It emphasizes the need for a balanced approach that protects consumers while holding PSPs accountable for security lapses.   Emerging Types of Payment Fraud: - Instant Payments: High fraud rates compared to traditional credit transfers, partly due to the limited opportunity for PSPs to recover funds post-transaction due to rapid execution times. - Cross-Border Transactions: Significantly higher fraud rates than domestic transactions, attributed to inadequate cross-border cooperation and inconsistent application of SCA. - Authorized Push Payment Fraud: Increasing instances where payers are manipulated into authorizing payments to fraudsters, typically through social engineering techniques. Recommended Security Measures: - Enhanced Authentication: Strengthened procedures for transaction authentication and monitoring, including real-time transaction monitoring for instant payments. - IBAN/Name Checks: Expanded use, especially in cross-border transactions to verify the match between recipient names and account numbers. - Fraud Risk Management Frameworks: PSPs should establish comprehensive frameworks to assess and manage fraud risks actively. - Amended Liability Rules: Clearer definitions between authorized and unauthorized transactions to ensure payers are not unduly penalized for fraud, especially in social engineering cases. - Unified Supervision and Data Sharing: Improved cooperation and data sharing among PSPs across the EU to enhance detection and prevention capabilities. 📖 https://europa.eu/!WqKTVN

As snotty as I can be in my commentary sometimes, I try to keep an open mind when reading any new fraud report. If I'm going to say something crummy, I at least want the report to have a fair shake. Reading this Opinion on payment fraud (https://lnkd.in/gttFSua3) from the European Banking Authority (EBA) was a tough one for me though. Not because it's bad, but because it was worded in a way that just riled me. "Oh really? YOU figured out that instant payments present a higher risk of fraud? YOU figured out the same thing about cross-border payments? Thank goodness for YOU." I did calm down eventually, and the report is fine. This was a me problem, not a report problem. The report basically summarizes what has been covered over the last couple of years around payment fraud. I don't think anything in the report will blow anyone's mind, and some things just don't make sense (transaction monitoring or authentication don't help when social engineering has occurred and the true consumer chooses to make a bad payment), but it's still helpful to have a concise summary of all the findings and opinions. EBA publishes Opinion on new types of payment fraud and possible mitigations (https://lnkd.in/gWwvdBve) #fraud #fraudreport #fraudmanagement #fraudprevention #payments #paymentfraud #banking #banks #instantpayments #appfraud

The EBA has identified new types of payment fraud and proposes measures to mitigate underlying risks and protect consumers from resultant losses The European Banking Authority (EBA) published 29/04/2024 an Opinion, in which it assesses payment fraud data that has recently become available to the EBA, identifies new types and patterns of payment fraud, and develops proposals to mitigate them. This Opinion aims at further strengthening the forthcoming legislative framework under the Third Payment Services Directive (PSD3) and Payment Services Regulation (PSR), as it will enshrine anti-fraud requirements for several years to come and needs to be as future-proof as possible.

The 2024 EBA Report on Payment Fraud, in collaboration with the ECB, reviews payment fraud data from H1 2022 to H1 2023. It highlights a significant reduction in fraud losses, totaling EUR 4.3 billion in 2022 and EUR 2.0 billion in H1 2023. Credit transfers and card payments were most affected, with card fraud primarily involving remote transactions. The report shows the importance of Strong Customer Authentication (SCA) in reducing fraud, while noting higher fraud rates for transactions exempt from SCA. #PaymentFraud #EBA #ECB #SCA #FinancialSecurity

The European Banking Authority (EBA), together with the European Central Bank (ECB), reviewed payment fraud data from the first half of 2022 to the first half of 2023. The report highlights a notable decrease in fraud losses, with EUR 4.3 billion lost in 2022, dropping to EUR 2.0 billion in the first half of 2023. Key findings include: ➡ Credit Transfers and Card Payments -These were the most impacted by fraud. ➡Card Fraud - Mainly occurred during remote transactions. ➡Strong Customer Authentication (SCA) - Played a crucial role in reducing fraud rates. ➡SCA Exemptions - Transactions exempt from SCA had higher fraud rates. The report underscores the importance of implementing Strong Customer Authentication to combat payment fraud effectively. #FinancialSecurity #PaymentFraud #EBAReport #StrongCustomerAuthentication #BankingSecurity Kashnie Naidoo - CSb (SA), CAMS, ACAMS SA Board Member and Regulatory Activist

Inbound transaction monitoring should be table stakes.