To match the speed of instant payments and their increasing adoption throughout Europe, fraud prevention and detection tools not only have to be fast but should also be able to follow fraud across borders and allow relevant parties to join forces in fighting it.
To support industry efforts in this area, the Euro Banking Association (EBA) launched the Expert Group on Payment Fraud-related Topics (EGPF) in 2020 to consider a pan-European fraud intelligence approach.
The objectives of the EGPF are to analyse minimum requirements for enabling a pan-European fraud intelligence approach and to define what fraud information and data could be exchanged as part of this approach.
To facilitate the work on these matters, the EGPF looked into the development of a common vocabulary in relation to payment fraud-related topics, to serve in a pan-European context.
The EBA Fraud Taxonomy now publicly available
The EBA released version 2.0 of the EBA Fraud TaxonomyEBA Fraud TaxonomyEBA Fraud Taxonomy in July 2021 to the financial institutions in the Association’s membership for a first try-out phase with the aim to gather practical experience in deploying a uniform taxonomy at pan-European level.
The first round of the annual review and updating process led to the release of version 3.0 of the EBA Fraud Taxonomy in June 2022 to the EBA members.
In October 2022, the Board of the EBA resolved to make the EBA Fraud Taxonomy publicly available.
The EBA published the EBA Fraud Taxonomy version 3.1 in October 2022, which contains changes to the introduction (only) to bring clarity on the usage rights ahead of 1 January 2023, when version 3.1 will come into effect.
A pan-European approach to payment fraud
The EBA Fraud Taxonomy developed by the EGPF enables – for the first time – a pan-European approach to payment fraud categorisation with the aim to contribute to the combatting of payment-related fraud at a pan-European level.
It is applicable to both payment fraud and card fraud. Implementation of the EBA Fraud Taxonomy could help payment service providers (PSPs) and intelligence-sharing initiatives to better combat payment fraud for the following reasons:
- The taxonomy can play a role in facilitating intelligence and data sharing across national borders.
- It provides a common pan-European vocabulary for fraud types to improve fraud reporting, prevention and detection.
- It supports PSPs in developing effective fraud prevention campaigns for their customers.
The EBA Fraud Taxonomy identifies the following elements relevant to a fraudulent event:
- The initiator identifies who initiates the payment transaction affected by the fraud.
- The method describes the attack vector and specifies the first point of contact between the fraudster and the victim.
- The modus describes the unauthorised and often manipulative action taken by the fraudster and resulting in the loss of money via a payment transaction.
- Labels/tags can be freely chosen by individual PSPs and allow the detecting party to enrich the case with additional categorisation information.
The EBA Fraud Taxonomy has been designed to meet the following objectives:
- Aligning with the European Banking Authority (EBA) Guidelines on Fraud Reporting under PSD2, which have already been implemented by PSPs across Europe.
- Reducing the risk of overlap in the identification of fraud types and, consequently, increasing the accuracy of statistics used to identify fraud trends.
- Facilitating a standardised means to (a) describe the attack vector and specify the first point of contact between the fraudster and the victim (“how”) and (b) describe the unauthorised and often manipulative action taken by the fraudster and resulting in the loss of money via a payment transaction (“what”).
- Ensuring that individual PSPs remain free to choose labels/tags for specific fraud scenarios as they deem fit, for example to align with internal reporting requirements.
- Providing definitions based on authoritative and publicly available sources for the different modi and labels, wherever possible.