The European Banking Authority (EBA) and the European Central Bank (ECB) have jointly published the 2024 Report on Payment Fraud, providing a critical analysis of data from the European Economic Area (EEA).
The report offers a comprehensive overview of fraud levels across credit transfers, card payments, direct debits, cash withdrawals, and e-money transactions.
It also details the role of Strong Customer Authentication (SCA) in mitigating fraud risks, underscoring the importance of this security measure for payment service providers (PSPs) and users alike.
Below are the key findings, particularly focusing on the evolving landscape of payment fraud and the vital role of SCA in ensuring secure transactions.
Overview of Payment Fraud Levels
The report reveals that the total value of fraudulent transactions across the EEA amounted to €4.3 billion in 2022 and €2.0 billion in H1 2023. The most significant portion of fraud in 2023 stemmed from credit transfers and card payments, which jointly contributed to the majority of fraudulent activity.
Credit Transfer Fraud: The value of fraudulent credit transfers hit €1.131 billion in H1 2023, representing a 14% reduction compared to the same period in 2022. Despite this decline, credit transfers continue to be a target due to their large volume and high transaction values.
Card Fraud: Fraudulent transactions using cards issued in the EEA amounted to €633 million in H1 2023, with card fraud primarily involving remote transactions. Interestingly, remote fraud accounts for 82% of card fraud in value, yet remote card payments only represent 24% of overall card transactions.
In comparison, direct debits, cash withdrawals, and e-money transactions have relatively lower fraud levels, with fraud rates for direct debits showing a slight increase in 2023.
Fraud by Payment Instrument
Different payment instruments exhibit distinct fraud trends. In terms of fraud rates:
Card payments show the highest fraud rate at 0.031% of total card payments in value and 0.015% in volume for H1 2023.
E-money transactions follow closely, with 0.022% fraud in value and 0.012% in volume.
Fraud rates for credit transfers, direct debits, and cash withdrawals remain low, largely due to strong fraud prevention measures.
Key Fraud Types
The report identifies two main types of fraud:
Remote Fraud: Fraudulent transactions initiated remotely (e.g., via the internet or mobile apps) account for most fraud incidents, especially in card and e-money transactions. Notably, card details theft plays a major role, constituting 64% of remote card fraud in volume.
Manipulation of the Payer: A more prevalent issue for credit transfers, this type of fraud occurs when fraudsters manipulate the payer into initiating a fraudulent transaction. This category accounted for 57% of total credit transfer fraud in value for H1 2023.
Strong Customer Authentication (SCA) as a Fraud Deterrent
A key highlight of the 2024 report is the undeniable impact of Strong Customer Authentication (SCA) on fraud reduction.
Under the Payment Services Directive 2 (PSD2), the EBA and ECB have implemented SCA as a mandatory security measure for electronic payments.
The data in the report clearly demonstrates that transactions authenticated using SCA consistently exhibit lower fraud rates across all payment instruments.
SCA and Credit Transfers: Approximately 77% of credit transfers were authenticated via SCA in H1 2023, resulting in a low fraud rate of 0.001%. The importance of SCA becomes even more apparent when comparing fraud rates for non-SCA transactions, which are three to five times higher in some cases.
SCA and Card Payments: Although 65% of card payments were authenticated using SCA, fraud rates for non-SCA card transactions were significantly higher. For instance, remote card transactions without SCA experienced fraud rates of 0.108% or more, compared to 0.017% for SCA-authenticated transactions.
Moreover, the report illustrates that exemptions to SCA, such as contactless payments or low-value transactions, often correlate with higher fraud risks. As a result, PSPs are urged to rigorously apply SCA where applicable to reduce vulnerabilities.
Geographic and Liability Insights
The geographical analysis reveals that most fraudulent transactions occur across borders, particularly for card payments.
About 71% of card payment fraud in H1 2023 involved cross-border transactions, with 28% originating outside the EEA. This underscores the global nature of payment fraud and the importance of secure international transaction systems.
Another critical finding is the division of liability for fraud losses. The report shows that:
Payment service users (PSUs) bore 86% of fraud losses for credit transfers in H1 2023.
For card payments, 45% of losses were shouldered by PSUs.
PSPs and other entities (such as insurance providers) typically share the burden of losses, especially in markets where regulatory protections for consumers are robust.
The Road Ahead for Payment Security
The EBA and ECB Report on Payment Fraud concludes that while the overall outlook for payment fraud appears stable, vigilance remains essential.
The widespread adoption of SCA under PSD2 has proven effective in reducing fraud, particularly within the EEA. However, non-SCA transactions and cross-border payments still present significant risks, and fraudsters continue to exploit gaps in security.
As digital payments evolve, so too must the strategies for combating fraud. The report advocates for continued monitoring of fraud trends and the consistent application of SCA.
Regulatory bodies and industry players alike must collaborate to ensure that new payment innovations remain secure and that consumers are protected from emerging threats.
The post Report: A deep dive into payment fraud in the EU appeared first on Payments Cards & Mobile.