The EBA and the ECB have published the 2025 edition of their joint report on payment fraud, offering a detailed assessment of fraud trends across the EEA.
Covering semi-annual data from 2022 to 2024, the report concludes that strong customer authentication (SCA), introduced under PSD2 in 2020, continues to play a significant role in reducing fraud, particularly in card payments. However, it also warns that fraudsters are rapidly adapting their methods, requiring payment service providers and regulators to remain vigilant.
According to the report, total reported payment fraud across the EEA increased steadily over the period, rising from €3.4bn in 2022 to €3.5bn in 2023, before reaching €4.2bn in 2024. The analysis looks at both the overall volume and value of transactions, as well as the subset that were fraudulent, providing a comprehensive view of how fraud is evolving despite existing safeguards.
A key finding is the continued effectiveness of SCA. Transactions verified using SCA were generally far less susceptible to fraud than those without it, with the impact most clearly observed in card payments. The report highlights that card payment fraud was 17 times higher when the payment recipient was located outside the EEA, where SCA is not legally required and is often not applied. This underlines the role of regulatory consistency in fraud prevention and the risks associated with cross-border transactions.
The picture is more complex for other payment types. For credit transfers, the protective effect of SCA was less pronounced, reflecting the growing prevalence of scams that manipulate users into authorising fraudulent transactions themselves. These authorised push payment-style scams have become a major driver of losses, particularly as fraudsters exploit SCA exemptions or social engineering tactics.
Losses varied significantly by payment instrument and geography. In 2024, fraud losses linked to credit transfers reached €2.200bn, representing a year-on-year increase of 16%. Card payments made with cards issued in the EU or EEA accounted for €1.329bn in losses, up 29% compared with the previous year. Notably, payment service users bore around 85% of total fraud losses for credit transfers in 2024, largely due to scams that persuaded them to initiate the transactions themselves.
The report also reiterates the regulatory framework underpinning this data. Under Article 96(6) of PSD2, payment service providers are required to report fraud statistics to national competent authorities, which then share aggregated data with the EBA and ECB. These requirements are complemented by ECB regulations on payments statistics, with data submitted on a semi-annual basis through a single reporting flow.
Looking ahead, the EBA and ECB say they will continue to monitor and publish payment fraud data to support informed policy decisions, as well as supervisory and oversight actions. While SCA remains a cornerstone of the EU’s fraud prevention strategy, the report makes clear that evolving fraud typologies will require adaptive security measures and closer cooperation across the payments ecosystem.
Keep up with all the latest FinTech news here
Copyright © 2025 FinTech Global
