SEPA Instant Payments – How will mandating real-time payments and the new Payment Service Regulation change the fraud landscape for European FIs?

Freddy Arthur, EMEA Fraud Strategy Leader
SEPA Instant Payments - How will mandating real-time payments and the new Payment Service Regulation change the fraud landscape for European FIs?

SEPA is the Single Euro Payments Area, covering Euro denominated payments for 36 countries in Europe. Whilst most European countries have had access to SEPA Instant Credit Transfers (SCT Inst) since November 2017, they have not been widely adopted as quickly as had been hoped. This is about to change thanks to a new mandate from the European Commission (EC). 

The proposal, which received the first set of approvals in November 2023, will require payment service providers (PSPs) in the region to provide SEPA Instant Credits to their customers where they currently allow slower SEPA Credit Transfers (SCTs). The exact dates are still to be confirmed1, but financial institutions (FIs) are already preparing for such changes towards the end of 2024. In addition, Switzerland will also have its own instant payments system beginning in August 2024. 

This EC Mandate proposes the following: 

  • All PSPs accepting and receiving SEPA instant credit transfers in Euros (with targeted exclusions) 24/7/365 at no premium to slower payments
  • Provide a service to check that the payee IBAN & Name match and inform the customer of discrepancies (similar to the U.K’s Confirmation of Payee service)
  • Undertake EU sanctions screening at least once a day 

While this is a reduction in processing time to seconds for most payments and will be welcomed by consumers across Europe, many PSPs are less keen. They have witnessed a high level of fraud and scams associated with Instant Payments, especially in the U.K., where Faster Payments have been in place since 2008. The U.K. had unauthorised remote banking fraud losses2 of £163 million and authorised fraud losses of £485 million in 2022. 

SEPA SCT Inst usage lags far behind countries such as the U.K.’s use of real-time payments. According to the EC, in 2022, around 14% of SEPA transactions (a rise from 11% the year before) were sent instantly3; most SCT payments used the slower rails, taking a business day to arrive. Whereas the U.K. had approximately 58%4 via faster payments at around 4 billion payments in 2022. 

This is important from a fraud perspective: Instant payments increase the volume of payments dramatically due to the cannibalisation of existing rails and creates organic growth. This results in high volumes of genuine payments right from the start, making detection more difficult. The irrevocability of instant payments also increases losses, as it reduces the recovery opportunities available to slower payment rails. 

If that wasn’t enough to contend with, European PSPs must also consider the upcoming PSD3 & European Payment Services Regulation (PSR). 

The PSR5 promises to bring in the requirement for EU PSPs to refund consumer victims of a defined scope of authorised frauds or scams. Article 59 specifies that where the PSP is impersonated via their name, phone number or email address, the PSP must refund them within 10 days, unless they have been grossly negligent or involved in the fraud. Currently, there is no distinction made between credit transfers and card payments, so this should apply equally to both. This requirement is more limited than the upcoming U.K. requirement, to refund consumers for any authorised fraud type via faster payments. However, this could change before it comes into effect. 

Within the PSR, Article 57 places liability on a PSP if it does not provide the consumer with a warning of IBAN to Name mismatches, or if they use any exemptions to Strong Customer Authentication (SCA) available to them. Article 83 (3), also tackles the issue regarding mule accounts, for which they are recommending the sharing of the unique identifier of a payee (subject to information sharing agreements between PSPs) where there has been sufficient evidence to assume that there was a fraudulent transaction. 

All these changes in the regulatory sphere mean that in the EU, much like in the U.K., there is likely to be significantly greater levels of fraud with increased liability for the PSPs themselves.  

So, how can firms get ready for the onslaught of additional fraud? 

European PSPs need to invest in a multi-stranded instant payments fraud capability to detect and prevent unauthorised, authorised and mule accounts. This can be achieved by implementing: 

  • A real-time fraud detection engine that profiles all transactions, both monetary and non-monetary and covers both outbound and inbound payments to prevent onward transmission of funds
  • Multiple Machine Learning models to detect unauthorised, authorised and mule accounts, supported by feedback loops to improve performance
  • Technologies such a Federated Transfer learning to bring insight from peers
  • Enriched third-party data such as device intelligence, behavioural biometrics, telco data, known bad lists and other external intelligence
  • A range of responses, such as allow in real time, delay, in journey and/or out-of-band messages, referral to dedicated team and declining the payment
  • Orchestration strategies for risk-based Strong Customer Authentication capabilities to add the right amount of friction at the right time
  • Strong linked analysis capabilities to highlight potential mule groups and fraudulent claims
  • Well-staffed and trained operations teams with the right tools to manage alerts and cases effectively and efficiently
  • Capability to prioritise fraud claims for triage and investigation to meet refund timescales, whilst reducing liability 

Firms that start investing now will be able to offer their customers the benefits of SEPA instant credit transfers while keeping their total cost of fraud to a manageable level. 

Click here to learn about NICE Actimize’s payment fraud solutions.  

1 Subject to EU legal processes. Text proposes that within 6 months of becoming law firms must be able to receive and within 12 months be able to send.

2 UK Finance Fraud the Facts 2023.

3 Work on instant payments in Europe advances (

4 Faster Payments and Direct Credits totalling approx. 5.7bn payments in 2022. Source

5 Not to be confused with the U.K.’s Payments Systems Regulator

Speak to an Expert