The European Central Bank (ECB) and the European Banking Authority (EBA) have published a joint report on payment fraud, finding beneficial effects of the strong customer authentication (SCA) requirements.
The joint report analyses payment fraud data reported twice a year by payment service providers across the European Economic Area (EEA), covering a range of payment methods, including credit transfers and card payments.
In 2022, fraudulent transactions across the EEA totalled €4.3bn, with €2.0bn reported in the first half of 2023.
Between H1 2022 and H1 2023, credit transfers and card payments had the highest fraud values. In the first half of 2023, fraudulent credit transfers from EU/EEA payment service providers totalled €1.13bn, a 14% decrease from the same period in 2022.
Card fraud involving EU/EEA-issued cards amounted to €633m in H1 2023, showing little change over the reporting periods. Total fraudulent card payments processed by EU/EEA payment service providers were higher at €826m in H1 2023.
In comparison, fraudulent direct debits, cash withdrawals, and e-money transactions were significantly lower, each below €100m in H1 2023.
During the first half of 2023, card fraud involving EEA-issued cards accounted for 0.031% of the total transaction value and 0.015% of the total transaction volume.
E-money transactions showed similar fraud rates, with 0.022% of the value and 0.012% of the volume affected. Fraud rates for other payment methods were notably lower, particularly for credit transfers, which experienced a fraud rate of 0.001% in value and 0.003% in volume.
Remote and non-remote fraud
Electronically initiated credit transfers are primarily conducted remotely, both for overall transactions and fraud.
In each of the three reference periods analysed by the report, around 98% of the total value of these transfers and 99% of the fraud value involved transactions initiated remotely via the internet or another device.
How regulation is helping to fight fraud
The report highlights the beneficial effects of the strong customer authentication (SCA) requirements introduced by the revised EU Payment Services Directive (PSD2) and the related technical standards issued by the EBA in 2018 in collaboration with the ECB.
Furthermore, transactions authenticated through SCA showed significantly lower fraud rates compared to non-SCA transactions, particularly for card payments. Additionally, fraud rates for card payments were 10 times higher when transactions involved parties outside the EEA, where SCA is not a legal requirement.
Losses from payment fraud varied among liability bearers depending on the payment method and country. In the first half of 2023, cross-border transactions accounted for a significant portion of card fraud (71% of the total value), as well as a substantial share of fraud involving credit transfers and direct debits (43% and 47%, respectively).