Back

Shifting Scam Liability : Payment Services Directive 3 (PSD3) Obligations for the EU

PSD3 is moving scam liability from consumers to institutions. This report covers what European banks need to build, evidence, and share before a payment is made, not after.

Shifting Scam Liability : Payment Services Directive 3 (PSD3) Obligations for the EU

PSD3 and the EU Payment Services Regulation are moving scam liability off consumers and onto the institutions that process, facilitate, and profit from the infrastructure scammers exploit. The UK went first, and the October 2024 APP reimbursement regime made clear that reimbursement is just the visible part; the harder operational shift is what institutions need to prove they knew before the money moved. PSD3 takes that logic further. Pre-payment monitoring, receiving-side accountability, and cross-institution intelligence sharing are all on the table. The problem is that most bank fraud controls still trigger at the payment event, and by then the scammer has already coached the victim through every friction point. The scam journey starts days or weeks earlier, across telco networks, social platforms, and encrypted messaging apps, long before a payment instruction arrives. This report breaks down what PSD3 requires, what the UK's experience reveals about the operational shifts ahead, and why institutions that wait for final compliance deadlines will be building their fraud stack under pressure.

Thank You!
Your Submission has been received! Please check your email
Oops! Something went wrong while submitting the form.
Preview
1 of 3
No items found.