Approval of the new EU Instant Payments Regulation!
On 7th February 2024, the European Parliament formally approved the new Instant Payments Regulation.
Under the new regulations for instant payments (also known as real-time payments), all European payment providers are required to give their customers the option to conduct Euro-denominated credit transfers that are completed within ten seconds from the time of approval. This service must be available at any time and on any day. Most importantly, fees for instant payments must not exceed those of traditional credit transactions, which typically take several days to process.
The European payment industry celebrates!
The European payment industry is hailing the introduction of instant payments as a major technological innovation in payments, viewing it as a significant enhancement to customer experiences. According to them, Instant Payments are expected to further digitalise the payment landscape, introduce innovative solutions, and lay the groundwork for a pan-European payment solution, while also boosting market competition. Especially as non-bank payment institutions (e.g., e-money institutions, including future regulated stablecoin issuers, also known as e-money token issuers) will be granted direct access to central bank payment systems (e.g., SEPA) under the new legislation.
The often overlooked threat coming with Instant Payments - APP scams.
Only occasionally is it discussed that the rollout of instant payments will most likely result in a significant surge in Authorised Push Payment (APP) fraud incidents for both consumers and businesses in the European Union in the coming years. Although experience suggests that it has become a relevant cause of fraud losses in countries with
a large share of instant payments.
This is particularly concerning because the European Union already lacks the essential capabilities to fight online fraud efficiently.
Authorized Push Payment Fraud
Online fraudsters invariably rely on (fiat or crypto) payment providers to facilitate access to their ill-gotten gains.
Authorised (Push) Payment fraud involves fraudsters tricking their victims into willingly making large bank transfers to them. In many cases, this happens via social engineering across social media networks or via telephone (as seen in Gal Bara´s boiler room, where people convinced victims to deposit money into fraudulent trading websites using money mules all over Europe).
Experience suggests that instant payments are a valuable instrument for this type of fraud, as they allow for the real-time transfer of funds to a bank account (or a succession of bank accounts), which an immediate cash-out can then follow, because the e-funds become available to the beneficiary right away. This quickly places the transaction out of the reach of the involved PSPs and responsible authorities.
A notable example recently highlighted by the media involves scammers who deceived a multinational company into transferring approximately US$26 million by using deepfake technology to impersonate senior executives.
Extent of Authorized Push Payment fraud
For the UK (67 million inhabitants), often referred to as the headquarters of online fraud, UK Finance released in its Annual Fraud Report that over GBP 1.2 billion wasugh financial fraud in 2022. UK Finance split this figure into unauthorized fraud losses across payment cards, remote banking, and cheques that reached £726.9 million in 2022 and authorised push payment fraud losses reaching £485.2 million. However, these figures are based on reported fraud cases. According to new research released by National Trading Standards (NTS), 73% of UK adults – or 40 million people – have been targeted by scams, with 35% – or 19 million – losing money because of this criminal offense. The average amount victims lose is £1,730, but the study found that fewer than a third (32%) report the crime to the authorities.
According to “ScamScope Fraud Report,” a new report, Authorised Push Payment (APP) scam losses are on the rise and expected to climb to $6.8 billion — a combined compound annual growth rate (CAGR) of 11% — by 2027 across six leading real-time payment markets (U.S., U.K., India, Brazil, Australia and Saudi Arabia)
According to the ScamScope Fraud Report, the increase in real-time payment transactions correlates with an increase in authorised Push Payment Fraud across these six leading real-time payment markets.
The UK’s high APP fraud cases correlate with the introduction of Faster Payments in 2008. Brazil’s instant payment scheme, PIX, has a high adoption rate, and India introduced its Instant Payment scheme, UPI, in 2016. High APP fraud rates plague all these countries.
APP scam losses in the U.S. are projected to increase by 9% from 2022 to 2027, according to the ScamScope Fraud Report. However, real-time payments adoption fueled by the FedNow Service (US Real-Time Payment Scheme is projected to surpass this growth, with a remarkable 41% CAGR.
In Europe, we lack reliable data on Authorised Push Payment (APP) fraud cases. We have encountered figures such as €380 million and €1.6 billion, but none appear trustworthy. Considering that the European Union’s population exceeds 440 million, the research conducted by our organisation, which focused on data from only 1,300 European victims, revealed that APP fraud had exceeded €50 million in 2018 alone across approximately 15 fraudulent websites. Consequently, the reported numbers of €380 million and €1.6 million are significantly inaccurate.
Eliminating the de-risking issues for Payment Institutions and e-money Institutions
Although no or only a few statistical materials are available about the extent of the App fraud going on in Europe, the European authorities keep pushing the new Instant Payment scheme.
Consequently, European authorities will also tackle the issue of de-risking that non-bank payment institutions have recently faced. Banks frequently refuse to onboard Payment Institutions and e-money Institutions as customers due to the higher risks associated with them.
On 16 June 2023, the European Banking Authority (EBA) published a report on money laundering/terrorist financing (ML/TF) risks associated with Payment Institutions (EBA/REP/2023/18), confirming the increased risk linked to these institutions.
Furthermore, the surge in Payment Institutions in Europe following Brexit has exacerbated the situation.
Considering that in Europe, supervision of Payment Institutions and enforcement of Anti-Money Laundering (AML) regulations by National Competent Authorities is often insufficient in practice, the decision to grant access to central bank payment systems to questionable Payment Institutions and e-money Institutions (such as Wirecard and Payvision B.V.) aggravates the situation.
Thus, Europe risks reinforcing its reputation as a “Wonderland” for scammers.
