Blog Posts Process Analysis

Will PSD2 Increase Authorised Push-Payment Fraud?

Blog: Enterprise Decision Management Blog

PSD2 with question mark

The European Banking Authority have just published their final report and guidelines on fraud reporting under PSD2. There’s much to digest and understand, but one thing that stands out for me is categories of fraud that must be reported.

While PSPs don’t need to report ‘payer acting fraudulently’ — also known as first-party fraud — they are required to report fraud that involves ‘manipulation of the payer,’ in other words authorised push-payment fraud. In line with other fraud reporting, PSPs will have to report this in two categories: when strong customer authentication has been used and when it hasn’t.

To date, reporting of authorised push-payment fraud has been ad-hoc and generally doesn’t involve reporting to any formal body.  The EBA says that PSPs have a responsibility to identify such cases and calls out the use of transaction risk analysis to do so.

The fraud reporting requirements of PSD2 mean that PSPs must overhaul their processes and be ready to report fraud by January 2019. This challenging deadline will be further complicated by the inclusion of authorised push-payment fraud.

By definition, strong customer authentication will not make any difference to a fraud where the accountholder has been manipulated into providing that authentication. Strong customer authentication makes some kinds of fraud more difficult and criminals will be looking for the next opportunity. Could it be that they turn their attention to types of fraud where strong customer authentication doesn’t offer protection, such as authorised push-payment fraud?

Getting Ready to C0mply

A further layer of complexity is added when real-time payment schemes are considered. While the use of Faster Payments in the UK has been near-ubiquitous for some time, many European nations are rolling out new schemes now, including the cross-border SEPA CT Inst. This raises two challenges:

None of this means that PSPs can’t be ready for the reporting and strong customer authentication requirements of PSD2, or that they can’t manage fraud where strong customer authentication doesn’t offer protection.  We recommend a three-pronged approach:

  1. Prepare by understanding what your fraud rates are now across all payment mechanisms. Where you would like to use transaction risk analysis to secure payments in addition to strong customer authentication, understand how your fraud rates relate to fraud basis points laid out in PSD2. Use trusted, expert advisors to build and implement a plan that will drive down fraud rates where it is most important to do so – before PSD2 strong customer authentication is mandatory.
  2. Research and implement solutions that can help you to meet both the reporting requirements and the need to drive down fraud rates using transaction risk analysis. You may need to deploy transaction risk analysis across more payments – do you have solutions that can scale to the volumes and speeds needed?
  3. Be ready to adapt. PSD2 and the impact on fraud will be an evolving situation for some time to come. We don’t yet know what impact new players such as PISPs and AISPs will have on the data you are reliant on for managing fraud. New payment mechanisms such as SEPA CT Inst will also mean making fraud decisions based on little historical data. Look for those solutions that can adapt rapidly to changing fraud patterns, and can use a range of supervised and unsupervised machine learning models for the best outcomes.

For more information about PSD2 and how we can help you visit

The post Will PSD2 Increase Authorised Push-Payment Fraud? appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples