Authorized Push Payment Fraud: Suggestions for the Draft Payment Services Regulation

This article addresses the rising prevalence of Authorized Push Payment (APP) fraud in the digital payment landscape and the need for new regulations by the EU legislature. APP fraud, where the payment service user (PSU) authorizes a payment under the influence of a fraudster, presents a growing issue that is inconsistently addressed under the current EU Payment Services Directive (PSD2). The article analyses existing legal frameworks and case law across various EU Member States, highlighting inconsistencies in the interpretation of authorized and unauthorized transactions. It emphasizes the need for the EU legislature to clarify liability for payment service providers (PSPs) in the proposed Payment Services Regulation (PSR) regarding APP fraud. The authors advocate for a harmonized approach where PSPs are held liable for APP fraud, particularly in cases of bank impersonation fraud. The authors further suggest that the definition of ‘gross negligence’ in the context of APP fraud should be clarified. They also propose that if PSPs take on greater responsibility for fraud monitoring and prevention in order to improve safety of payment transactions this should be balanced with the privacy and autonomy of the PSU. Key conclusions include the necessity for the EU legislature to ensure a uniform interpretation of authorised transactions and clarify the potential for national liability rules. Additionally, the authors recommend that liability for APP fraud should not be limited to bank impersonation fraud but should also cover other scenarios of payment fraud, provided the fraudster abuses the trust in the payment system by convincing the PSU that he needs to take action to keep his funds safe.