Blog

EBA adopts decision on reporting of payment fraud data under the PSD2

3min Read · 4 Jul 2022
payment data open banking

The European Banking Authority (EBA) has recently adopted a decision on the reporting by competent authorities of payment fraud data under the Payment Services Directive (PSD2).

Competent authorities shall report to the EBA the payment fraud data under the PSD2, as specified in the EBA Guidelines on fraud reporting, via the European Centralised Infrastructure of Data (EUCLID) and according to the EBA Data Point Model (DPM).

 

Scope of the decision

It covers the reporting to the EBA of aggregated statistical data on fraud from competent authorities designated under PSD2 in accordance with Article 96(6) of PSD2 and the EBA Guidelines on fraud reporting under PSD2.

 

Data to be reported

  • The competent authorities referred to in Article 1 shall report to the EBA the data required in Article 96(6) of PSD2, in accordance with the EBA Guidelines on fraud reporting under PSD2.
  • Each competent authority should report only one file including data of all payment service providers within their jurisdiction and revise the information included therein where needed in accordance with guideline 3.2 of the EBA Guidelines on fraud reporting under PSD2.
  • Where the ECB has submitted data referred to in paragraph 1 to the EBA and that data submission is in line with the data specifications set out in the EUCLID Decision, the relevant competent authorities shall, without prejudice to Article 4 (data quality), refrain from submitting those data.

 

Date of submission

Competent authorities shall submit to the EBA the data referred to in Article 2 on a semi-annual basis, by 30 June for the reporting period ending on 31 December of the previous year, and respectively by 31 December for the reporting period ending on 30 June of the same year

 

Data quality

  • With the submission of the relevant data to the EBA, the competent authorities warrant that the data has undergone rigorous internal controls and quality checks, as per the technical specifications provided by the EBA (including the EUCLID specifications mentioned in the EUCLID Decision and the validation rules set in the EBA Guidelines on fraud reporting under PSD2). Where the competent authorities cannot warrant this for a particular set of submitted data, the competent authorities shall draw the EBA’s attention thereto.
  • The EBA shall make the results of applied EBA validation rules available to the competent authorities by 25 July and 25 January of each year.
  • In addition to the EUCLID specifications and the EBA validation rules published by the EBA, the EBA may conduct additional quality checks of the data received to ensure consistency, which may then require revisions from the competent authorities.
  • Competent authorities shall submit the required data revisions to the EBA without undue delay.

 

Confidentiality and technical specifications

  • All data submitted to the EBA according to this Decision shall be covered by the EU law framework of professional secrecy and confidentiality as applicable to the EBA. Access to this data shall be provided in conformity with the EBA Regulation on fraud reporting under PSD2.
  • The data referred to in this decision shall be regarded as information submitted through EUCLID and the EUCLID Decision shall apply.
  • All the data submissions via EUCLID of data referred to in Article 2 shall be according to the EBA Data Point Model (DPM).
  • For the reporting of the data referred to in Article 2, the EBA will provide an Excel template to be filled in by the competent authorities. The Excel file will contain a tool that will generate a XBRL-CSV file to be submitted to the EBA. Alternatively, the competent authorities will be able to report the data by submitting XBRL-XML files.
  • Competent authorities shall not submit data other than as foreseen in Article 2 unless they have previously obtained the EBA’s consent.

 

This decision is without prejudice to the EBA’s power in accordance with Article 35 of the EBA Regulation on fraud reporting under PSD2 to request the competent authorities to submit other data or data from institutions not falling under Article 1.

This decision enters into force immediately.

 

Read more

 

Source: EBA

Useful Resources See All
Press Release Six major banks in Luxembourg select LUXHUB as their VOP service provider
#PAYEE VERIFICATION PLATFORM
4min Read · 8 Apr 2025
Blog Why an Open Banking expert is the ideal partner for VOP
#Payee Verification Platform
3min Read · 6 Feb 2025
Press Release LUXHUB obtains ISO 27001 certification
2min Read · 13 Feb 2025