.svg)
The Euro Banking Association fraud taxonomy aspires to create a pan-EU set of definitions to help banks, fintech and payments operators grapple with the ever-evolving problem. VIXIO speaks to the association to find out more.
Stepping up pan-European cooperation to fight and prevent payment fraud has become a key priority, particularly as the EU’s instant payments ecosystem develops and co-legislators continue to consider proposals for a new regulatory framework.
The growth of instant payments in some markets has also led to a well-documented increase in fraud, such as authorised push payment. Only recently, one source pointed to fraud in the UK as an example of why instant payments should not be used for all payments.
It is concerns such as this which has partly driven the Euro Banking Association to develop a common taxonomy on the matter.
"Instant payments was a driving factor,” Thomas Egner, secretary general at the Euro Banking Association, told VIXIO. “With instant payments, there is instant fraud, and our aim is to help banks provide helpful, good quality information."
Egner continued that the taxonomy should not just be seen as something that can be applied to banking institutions.
"The taxonomy is not just for the banks. We need fintechs, software providers and operators using this as well. I see it as a call to action."
In a first, in October 2022 the association made the fraud taxonomy publicly available. Prior to that, versions of it had not been as easily accessible.
This version of the taxonomy is the third iteration, and came into effect as of January 2023.
Annick Moes, Egner's colleague, further noted that one reason that the taxonomy was made public was that the trade association wanted to get it out to the wider market.
“This ensures we get more feedback and people are more aware. We debated whether there would be a risk to putting this into the market but there was a clear consensus at the level of contributing institutions that this would provide added value."
"The starting point for our practitioners was to look at collaboration and harmonisation opportunities with fresh eyes,” Moes continued. “At the same time, we did not want to duplicate, as we have a lot of overlap in terms of membership with the European Payments Council, where fraud combatting is a key issue too.”
However, she pointed out that no one was picking up the common vocabulary item. “There is a feeling that we will never get to the point of sharing fraud intelligence or data at a pan-EU level without any common language to describe and understand what we are sharing."
What is in the taxonomy?
The taxonomy breaks down a variety of words and phrases that have become common among payments experts in Europe, as well as further afield.
This includes outlining definitions for words such as phishing, smishing and romance scams, as well as terminology that is less commonly used.
This includes shoulder surfing, which is the practice of spying on the user of a cash-dispensing machine or other electronic device to obtain their PIN, and sextortion, whereby scammers use social media platforms and email as forums to threaten to share intimate images or footage of their victims online, unless they give into their demands.
The variety of methods shows just how taxing the prevention and reporting of fraud is for all involved.
"The taxonomy provides a very helpful harmonisation tool to support fraud detection and prevention activities that may take place at a collaborative level,” said Moes, who serves as head of industry issues and cooperation initiatives at the Euro Banking Association.
“It feeds into the general impetus that industry and regulators alike have in wanting to fight payment fraud in the account to account space.”
This has always been one important area that banks have had to worry about, Moes continued. “It is an important cost factor and detrimental to the customer experience, so it has always been front of mind for banks."
She noted that there is very much a consensus that if instant payments are on the rise, the related fraud risks will have to be tackled more effectively.
“It was clear that fraud tools dealing with rising instant payment volumes would need to be better informed in order to keep fraud rates and false positives low."
At present, the association’s fraud taxonomy focuses on identifying the following elements: initiator (who), method (how), modus (what) and labels/tags — the latter of which can be chosen by individual payment service providers.
This is intended to allow them to enrich the case with additional categorisation information on a voluntary basis.
"This is absolutely not mandatory, and is only recommendations. Yet, the taxonomy does propose a vocabulary with the support of experts from roughly 20 EU countries,” said Moes.
“It is something that we recommend for all types of use cases. For example, it can be used for internal reporting purposes and for intelligence or data sharing via local or regional platforms."
The hope is that the taxonomy can reduce the risk of overlap in the identification of fraud types and, consequently, increase the accuracy of statistics used to identify fraud trends.
This fraud taxonomy has also been designed to align with the European Banking Authority's Guidelines on Fraud Reporting under PSD2, which have already been implemented by PSPs across Europe.
Moes pointed out, however, that this is not something that will turn magically into regulation.
"The taxonomy has not been created for regulatory purposes or to influence regulators. Rather, it will help practitioners deal with the topic,” added Egner. “Over the next few years, we expect that our members and other stakeholders will use this taxonomy for different purposes, such as to educate their customers with regard to fraud cases."
