Copenhagen Economics and the Computer & Communications Industry Association (CCIA Europe) have revealed flaws in the European Parliament’s unprecedented extension of liability beyond payments services providers (PSPs) to online platforms and electronic communication service providers, such as telecom operators, who would also have to refund victims of impersonation fraud.
Article 59 of the Payment Services Regulation (PSR), as proposed by the European Commission, seeks to make PSPs liable for APP fraud. However, a recent study by the European Centre for International Political Economy (ECIPE) states that shared liability would reduce incentives for PSPs and consumers to actively prevent fraud. In addition to this, limitations imposed by GDPR and the Digital Services Act would doubly hinder fraud prevention efforts.
The ECIPE writes: "While the intent to address fraud is commendable, this model misallocates responsibilities by requiring non-financial entities to oversee fraudulent activities, despite their lack of visibility and technical control over financial transactions. Extending liability to non-financial entities risks undermining consumer vigilance and diluting payment services providers’ efforts to maintain fraud awareness.
"A shared liability regime covering non-financial entities would also disproportionately burden smaller 'digital' firms, leading to legal uncertainties, costly legal disputes, and market exits. This would not only drive market concentration and reduce competition in digital services but also undermine EU and Member State efforts to support Europe’s lagging digital start-ups and scale-ups. The resulting harm to innovation and entrepreneurship would be a significant setback to the EU’s broader digital ambitions."
The study commissioned by CCIA Europe, released this week, agrees with this sentiment and adds that no EU institution conducted an impact assessment of the shared liability regime proposed by MEPs - a global first. Further to this, no evidence was found to underpin this proposal and shared fraud liability among multiple players would be "unworkable in practice, as no single player has sufficient visibility into the complex fraud chain. It would introduce a culture of ‘blame shifting’".
CCIA Europe urges EU Member States that are finalising their common position on the PSR, to reject this proposal and to adopt evidence-based solutions that enhance collaboration, ensure legal clarity, and undergo thorough impact assessments before introducing any new liability frameworks.
Their senior policy manager, Boniface de Champris, says: "Europe’s approach to payment fraud must be practical and evidence-driven. By contrast, the European Parliament’s ambiguous proposal jeopardises consumer trust and innovation without delivering any proven benefits. This new study clearly demonstrates the harms of Parliament's approach. The chain of players fighting payment fraud is extremely intricate and constantly evolving. That’s why CCIA Europe calls on EU Member States to champion smarter, collaborative solutions in the ongoing legislative discussions about the Payment Services Regulation."
In September 2024, the PSR board decided that the maximum reimbursement limit for Faster Payments would be £85,000. The PSR’s requirements were expected to provide protections to people who fall victim to scams – with over 99% of APP claims covered by the reimbursement cap, and also giving firms financial incentives to improve their fraud prevention controls. This came into effect on 7 October.