Copenhagen Economics and the Computer & Communications Industry Association (CCIA Europe) have highlighted significant flaws in the European Parliament’s far-reaching extension of liability beyond payment services providers (PSPs) to include online platforms and electronic communication service providers, such as telecom operators. This change would require these companies to refund victims of impersonation fraud.
According to Article 59 of the proposed Payment Services Regulation (PSR) from the European Commission, PSPs would be held liable for authorized push payment (APP) fraud. However, a recent study by the European Centre for International Political Economy (ECIPE) argues that shared liability could diminish incentives for both PSPs and consumers to proactively prevent fraud. Moreover, restrictions imposed by the General Data Protection Regulation (GDPR) and the Digital Services Act could further obstruct fraud prevention efforts.
ECIPE states, “While the intent to combat fraud is commendable, this model misassigns responsibilities by requiring non-financial entities to monitor fraudulent activities, despite lacking visibility and control over financial transactions. Extending liability to non-financial entities may undermine consumer vigilance and dilute the efforts of payment service providers to maintain awareness of fraud.”
The potential shared liability regime could impose disproportionately high burdens on smaller digital firms, leading to legal uncertainties, costly disputes, and exits from the market. This situation could concentrate the market and lessen competition in digital services, ultimately harming EU and member state initiatives to foster digital start-ups and scale-ups. The negative impact on innovation and entrepreneurship could represent a significant setback for the EU’s broader digital goals.
The CCIA Europe-commissioned study, released this week, supports these views, noting that no EU institution has conducted an impact assessment on the proposed shared liability regime—a global first. Furthermore, it found no evidence to support the proposal, indicating that shared fraud liability among various players would be “unworkable in practice,” given the complex nature of fraud chains. Such a system could foster a culture of “blame shifting.”
CCIA Europe is urging EU Member States, currently finalizing their unified stance on the PSR, to reject this proposal in favor of evidence-based solutions that promote collaboration, ensure legal clarity, and undergo robust impact assessments prior to implementing any new liability frameworks.
Boniface de Champris, senior policy manager for CCIA Europe, stated, “Europe’s approach to payment fraud must be practical and grounded in evidence. In contrast, the European Parliament’s ambiguous proposal jeopardizes consumer trust and innovation without offering proven benefits. This new study highlights the detriments of Parliament’s approach. The network of players combating payment fraud is complex and constantly evolving. Therefore, CCIA Europe calls on EU Member States to advocate for smarter, collaborative solutions in the ongoing legislative discussions regarding the Payment Services Regulation.”
In September 2024, the PSR board announced a maximum reimbursement limit for Faster Payments set at £85,000. The PSR’s requirements were intended to protect individuals who fall victim to scams, covering over 99% of APP claims under the reimbursement cap and incentivizing firms to enhance their fraud prevention measures. This policy took effect on October 7.