Do you like cookies? 🍪 We use cookies, just to track visits to our website, we store no personal details. By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service.
The European Commission's European Payments Package, consisting of the third Payment Services Directive (PSD3) and the new Payment Services Regulation (PSR), represents the most significant overhaul of EU payments regulation since PSD2 in 2015. Together, the directive and the regulation aim to modernize the payments landscape, enhance consumer protection, improve fraud prevention, and ensure a more consistent supervisory environment across member states.
Payment fraud in Europe is a growing concern. The European Central Bank and European Banking Authority reported EUR 4.3 billion in fraud losses in2022, with another EUR 2.0 billion lost in just the first half of 2023. Online and cross-border transactions account for much of the problem, underscoring the urgent need for stronger safeguards. For financial institutions, the reforms go far beyond a box-ticking compliance exercise.
They will shape the way companies manage fraud risks, handle customer data, build partnerships, and interact with regulators. For those of us working in financial crime compliance, the message is clear: PSD3 and PSR will require deeper integration of fraud prevention into the broader financial crime framework.
What are PSD3 and PSR?
PSD3 will replace PSD2 as the legislative backbone for payment services in the EU. Its role is to set out the overarching principles and requirements for national transposition. In contrast, PSR is a directly applicable regulation, designed to eliminate the patchwork of national interpretations that complicated PSD2's implementation.
The goals of the package are wide-ranging but can be grouped into four themes:
Stronger consumer protection
PSD3 reinforces consumer rights through stronger authentication and greater transparency. It extends Strong Customer Authentication (SCA) to mobile wallet registrations and clarifies when exemptions apply, reducing confusion and risk. The directive also requires clearer disclosure of ATM and cash withdrawal fees, ensuring users understand costs upfront. These updates aim to boost confidence and fairness in digital payments across the EU.
Tougher Fraud Prevention
Fraud prevention is a central focus of PSD3. Payment providers must now verify that a recipient’s name matches the IBAN before completing a transfer, helping to combat spoofing scams. Institutions are also required to detect suspicious payment behavior and share information about active fraud cases. Together, these measures strengthen the EU’s ability to identify and prevent financial crime.
Boosting Access and Innovation
PSD3 promotes fair competition and innovation in open banking. It removes the need for banks to maintain dual access interfaces, simplifying data access for third-party providers. Consumers gain control through a new dashboard showing which companies can access their financial data. The directive also requires banks to justify and allow appeals of service refusals, improving access for non-bank payment firms.
Constant Supervision Across the EU
To ensure fairness across member states, PSD3 harmonizes supervision and licensing rules. It mandates clear reasoning when banks deny access to payment systems and establishes consistent EU-wide guidelines for SCA exemptions. Member states must adopt the directive within eighteen months, promoting a unified and balanced payments market.
How will the reforms change the payments landscape?
Among the most significant developments are the tougher fraud prevention requirements. Strong Customer Authentication, already a PSD2 hallmark, will become even more central. Liability rules will be expanded, making institutions more accountable for fraudulent transactions where authentication is weak or absent. Firms will also be obliged to participate in fraud data-sharing initiatives, ensuring that intelligence is exchanged across the market to identify and disrupt emerging threats.
Customer data access and protection are another focus area. PSD3 and PSR reinforce the open banking framework by standardizing APIs and strengthening rules around consent management. This gives consumers greater clarity and control over who can access their data, while placing new responsibilities on institutions to ensure that sharing is both secure and transparent.
Operational resilience and governance requirements are also set to rise. Institutions will face stricter obligations for risk management, incident reporting, and internal oversight. These changes align with the broader regulatory trend, exemplified by the Digital Operational Resilience Act (DORA), toward embedding resilience into the DNA of financial services.
Finally, the scope of who needs a license to provide payment services will broaden, while licensing standards will be harmonized across the EU. The directly applicable nature of the PSR reduces national discretion and creates a more level regulatory environment, which will be particularly relevant for Fintechs and cross-border players.
What does this mean for financial crime compliance?
Although PSD3 and PSR are not explicitly anti-money laundering measures, their fraud prevention provisions intersect closely with financial crime compliance. Fraud monitoring will increasingly need to be integrated with AML systems so that unusual patterns are identified consistently across different types of financial crime. The requirement to share fraud data presents both an opportunity and a challenge.
On one hand, it promises richer intelligence for tackling fraud. On the other, firms will need to manage the tension between mandatory sharing and data privacy rules under GDPR. Clear policies, robust governance, and transparent communication with customers will be essential. Reporting obligations are also becoming more demanding. Regulators will expect faster and more granular reporting of fraud incidents and operational disruptions. This will require tighter escalation processes, improved data capture, and a culture of accountability within institutions. The expansion of open banking will bring greater reliance on third-party providers. Financial institutions will need to strengthen their frameworks for managing compliance risks in these partnerships, ensuring that fraud and AML standards are applied consistently across the ecosystem.
1
Gap Assessment Preparation should begin with a comprehensive gap assessment, comparing current PSD2 compliance measures against the requirements of PSD3 and PSR. Fraud detection, authentication controls, and reporting processes are obvious starting points, but institutions should also look at governance structures and third-party risk management.
2
Technology Updates Technology upgrades will be critical. Stronger authentication tools, advanced fraud analytics, and secure data-sharing platforms will all be needed to meet regulatory expectations. At the same time, policies and processes must be updated to reflect new rules, ensuring that operational resilience, reporting, and governance frameworks are aligned.
3
Collaboration Institutions should also embrace collaboration. Fraud does not respect institutional boundaries, and the regulatory push toward intelligence sharing is a recognition of that fact. Active participation in industry-wide initiatives will not only meet compliance obligations but also strengthen collective defenses.
4
Training and Awareness Staff training and awareness will round out the preparation process. Fraud patterns are evolving rapidly, and compliance teams, customer-facing staff, and senior management all need to understand their roles under the new regime.
Could compliance be an opportunity rather than a burden?
While much of the focus will inevitably fall on compliance, forward-looking institutions will see opportunities as well. Stronger fraud protection can become a driver of customer trust at a time when confidence in digital payments is critical. Smarter authentication and monitoring solutions can improve user experience, reducing friction while safeguarding transactions.
The enhanced monitoring and reporting infrastructure required by the new rules can also generate valuable insights. Data analytics, when applied beyond compliance, can inform product development, risk strategy, and customer engagement. Finally, institutions that demonstrate leadership in secure data sharing and open banking will be well-positioned as trusted partners in the evolving payments ecosystem.
What comes next?
The European Payments Package will reshape the EU payments landscape in profound ways. For financial institutions, it means stricter fraud prevention rules, stronger consumer protection, and greater harmonization across the single market. For compliance teams, it demands deeper integration of fraud prevention into the financial crime framework, alongside enhanced governance and resilience.
The institutions that act now by assessing gaps, upgrading systems, embedding collaboration, and training their people will not only meet the new regulatory requirements but also seize the chance to build trust, resilience, and strategic advantage in a rapidly evolving market.
Are financial sanctions and embargoes effective in deterring rogue states? Learn the history of sanctions, the pros and ...
TransactionTue 28 February 2023
Experts in risk management and regulatory compliance
Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.
We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.
Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.
Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.
![[IMAGE TITLE]](https://pideeco.be/assets/images/articles/content/EPP-tougher-fraud-prevention.png)
![[IMAGE TITLE]](https://pideeco.be/assets/images/articles/content/EPP-whats-next.png)
-806688168.jpg)
