New data suggests Europe’s biggest payments fraud problem is no longer card-not-present crime but credit transfer scams, where customers authenticate correctly and still send money to criminals.
Europe’s payments fraud landscape is being reshaped by a familiar pattern to anyone working in risk and fraud operations: the strongest security controls are not always the point of failure.
A joint report from the European Banking Authority (EBA) and the European Central Bank (ECB) found that total payment fraud across the European Economic Area (EEA) reached $4.94bn (€4.2bn) in 2024, up 17% year-on-year, with the largest losses concentrated in credit transfers (€2.5bn) and card payments (€1.3bn).
According to the report, manipulation of the payer accounted for more than half of the total value of fraudulent credit transfers, and the share increased sharply from 2023 to 2024. In practical terms, the dominant threat is increasingly impersonation-led scams and social engineering that persuades customers to authenticate a payment and send money, rather than unauthorised account takeover.
The report stresses that, relative to the scale of payments activity, fraud rates remain low and broadly stable. Across all instruments, the annual fraud rate remained around 0.002% of transaction value during 2022–2024.
Credit transfers also have among the lowest fraud rates in percentage terms. Yet their losses dominate because the underlying transactions can be higher value, leaving more room for fraudsters to extract meaningful sums quickly. EBA and ECB Report on Payment F…
For payment firms, that creates a challenge as a “low rate” can still translate into a large operational and reputational burden when the average fraudulent transaction is expensive, hard to recover, and contentious in disputes.
SCA’s success, and its blind spot
The EBA-ECB analysis points to a beneficial impact from strong customer authentication (SCA) under PSD2, particularly for electronic payments within the EEA.
However, the credit transfer findings highlight a blind spot. The report notes that fraud rates for credit transfers can be higher for SCA-authenticated transactions, which it suggests likely reflects the fact that SCA is more consistently applied to higher-risk or higher-value payments.
The broader point is uncomfortable for the industry; authentication can confirm who is initiating a payment, but it cannot, on its own, confirm whether the payer is being deceived.
Liability is skewed towards users, especially for credit transfers
The report also draws out how fraud losses fall unevenly between payment service users (PSUs) and providers. In 2024, users bore around 85% of total credit transfer fraud losses, compared with 38% for card payments and 53% for direct debits and cash withdrawals.
The authors note that loss-sharing varies significantly by instrument and by country, shaped by different liability regimes and redress mechanisms.
While the report’s hook is the growth of credit transfer scams, it also reiterates a structural issue for card fraud – geography.
Most payments are domestic, but a substantial share of card fraud is cross-border, and the report highlights that card fraud rates are far higher when the counterparty is outside the EEA, where PSD2’s SCA requirements may not apply.
