EU Final Guidelines on Fraud Reporting Under the Payment Services Directive
07/18/2018The European Banking Authority has published final Guidelines on fraud reporting under the revised Payment Services Directive. PSD2 aims to increase the security of electronic payments and decrease the risk of fraud. The Directive, which has applied since January 13, 2018, requires Payment Service Providers to provide, at least on an annual basis, data on fraud relating to different means of payment to their national regulator. The regulators must in turn provide such data in aggregated form to the EBA and the European Central Bank. Existing data reporting practices vary across the EU. The EBA has worked with the ECB to develop these Guidelines to ensure that data is reported consistently and that the data is comparable and reliable.
The final Guidelines are addressed to PSPs, except account information service providers, and to their national regulators. The Guidelines cover payment transactions that have been initiated and executed, including the acquiring of payment transactions for card payments, identified by reference to: (a) fraudulent payment transactions data over a defined period of time; and (b) payment transactions over the same defined period. The Guidelines also set out how national regulators should aggregate the data.
Following the feedback to the EBA's consultation last year on proposed Guidelines, a number of changes have been made, including aligning the requirements with those in the ECB Regulation on payment statistics (ECB/2013/43). The main changes are:
- it had been proposed that quarterly reporting of high-level data would be required with a more detailed set of data on a yearly basis. Instead, the final Guidelines impose one uniform set of reporting requirements on a semi-annual basis;
- country-by-country data breakdowns are no longer required; and
- fraudulent transactions where the payer is the fraudster are no longer within the scope of the Guidelines.
The Guidelines apply from January 1, 2019, except for the reporting of data linked to the exemptions from the requirement to use strong customer authentication provided for in the Regulatory Technical Standards on strong customer authentication (Commission Delegated Regulation (EU) 2018/389), which will apply from September 14, 2019.
View the final Guidelines.
Return to main website.