The Second Payment Services Directive (PSD2) is the current set of guidelines that regulates payment services across the European Union and the European Economic Area. This directive is being regularly updated to suit the evolving technology and confront the emerging fraud methods. It is also continuously monitored to ensure its effectiveness.
The results of the most recent inspection became available on January 17, 2022. The European Banking Authority (EBA) shared a Discussion Paper with the public that sheds light on its preliminary observations of selected payment fraud data under the PSD2. Read ahead for the key takeaways from this document.
The payment fraud data covered by the EBA in this analysis was reported by the industry and aggregated by national authorities throughout the years 2019 and 2020.
The observations listed in the Discussion Paper are based on the preliminary patterns that were noticed when analyzing three payment instrument categories:
However, it’s important to note that some of those patterns are still inconclusive and require additional assessment from market stakeholders.
Thus, the Discussion Paper also contains questions that should be answered before April 19, 2022, in support of the research performed by the EBA, the European Central Bank (ECB), and national authorities. The responses received will help interpret the collected payment fraud data and further improve PSD2.
According to the Discussion Paper, the current PSD2 performance trends are:
These key takeaways lead to important conclusions that will become milestones in the improvement of payment security guidelines.
While the observations collected in the EBA Discussion paper are preliminary, it’s already possible to understand and forecast the direction of the payment security efforts in the foreseeable future:
Further attention is most likely to be given to improving the security of cross-border transactions - payments with counterparts outside the EEA.
Non-Remote Card Payments
According to the findings, a lower fraud rate in transactions within the EEA has a correlation with the implementation of SCA, so, if confirmed to be effective, its presence is likely to be strengthened.
Remote Credit Transfers
As opposed to the previous observation, the fraud rate for SCA-authenticated payments in remote credit transfers is higher than in those without it. This topic will be further investigated, but the Discussion Paper points out some of the possible reasons for these figures:
As indicated in the Discussion Paper, in such cases, SCA is not a sufficient fraud prevention measure. This draws up a perspective of reviewing this type of authentication or introducing additional security measures.
Payment Service Users
According to the information provided in the EBA Discussion Paper, in the second half of 2020, PSUs bore 68 percent of fraud losses from fraudulent credit transfers.
This pattern is conflicting with Article 73 of the PSD2, which states that payment service providers should be primarily liable for unauthorized transactions unless the user was caught on fraudulent activity. Besides, the share of the losses borne by the PSUs varies from one EEA country to another.
The Discussion Paper states that such distinctions may be driven by the fact that the PSD2 has been transposed differently across the EU Member States. This makes it possible to suppose that the Third Payment Services Directive (PSD3) would result in the European legislative initiative being applied directly at a national level, avoiding transposition, and taking the form of a Payment Services Regulation (PSR1).
The EBA Discussion Paper has raised important questions regarding the evolution of the PSD2 regulations. Due to the fact that there is a large amount of data to be processed, a lot of stakeholder opinions to be collected, and a variety of payment industry factors to be taken into account, it is yet unclear what exactly the future of the Payment Services Directive will be.
However, with the help of the key trends listed above and by following the updates released by official entities, merchants and PSPs can stay aware of the current situation in the payment industry and be prepared for any upcoming changes.