The Revised Payments Services Directive (PSD2) and Open Banking in the European Union
The revised Payments Services Directive (PSD2), introduced to foster open banking within the European Union, aimed not only at enhancing digital payments but also ensuring consumer protection against potential fraud. Although these measures have largely succeeded in their intended objectives, a persistent rise in fraudulent activities has continued to inflict significant financial losses.A collaborative study by the European Banking Authority (EBA) and the European Central Bank (ECB) revealed that despite a stable incidence of fraud from 2023 to 2024, the overall cost had escalated. In 2024, this figure saw an increase from €3.5 billion in 2023 to €4.2 billion.The implementation of Strong Customer Authentication (SCA) requirements under PSD2 in 2020 was largely effective, as transactions leveraging SCA protocols were less vulnerable to fraud than non-SCA transactions, particularly card payments. However, despite these successes, bad actors adapted their strategies by targeting transactions that do not require SCA or by deceiving consumers into initiating unauthorized payments.
Evolution of Scams and Social Engineering
These sophisticated tactics are part of a broader trend. As fraud defenses have strengthened, criminals have shifted their focus directly to end users through social engineering techniques. These include fake emails from major retailers requesting urgent account actions or fraudulent text messages posing as official communications demanding immediate payments for fictitious tolls or fines.While the primary intent is to trick users into sending money, another emerging trend involves consumers being unwittingly or willingly used as money mules to facilitate illegal transactions.
Adapting to Evolving Threats
This shift highlights the ongoing challenge in keeping up with cybercriminal activities. Even though SCA was implemented just five years ago and has proven effective, criminals can swiftly adjust their strategies without needing to navigate regulatory hurdles like pilot programs or review boards.Organizations need to rethink their approaches to combat fraud effectively, considering innovative solutions beyond traditional methods.
