top of page

PSD3 and PSR: Key Pillars for Fraud Prevention (Part 2)

  • Writer: Sigita Zavišienė
    Sigita Zavišienė
  • May 29
  • 2 min read

Updated: Jun 8


Real-time mandatory Verification of Payee (VoP) – central fraud prevention tool


PSPs must provide real-time verification of the payee before the payer authorises a credit transfer. This verification is based on the payee’s name and unique identifier, such as an IBAN. If there is a discrepancy between the payee’s name and the unique identifier, the PSP must immediately alert the payer before the transfer is authorised.


❗Under the PSR proposal, VoP would also cover credit transfers denominated in non-euro EU Member State currencies, such as PLN, HUF and others. For example, a German PSP initiating a PLN credit transfer to a Polish account may need to be able to verify the account ownership with the Polish payee’s PSP in real time.


Liability shift: PSPs impersonation


Under PSD2, if the customer technically authorised the transaction, even after being manipulated by a fraudster, the customer is generally not entitled to reimbursement. The PSR proposal introduces a targeted liability shift for impersonation fraud:

1. Spoofing liability: if a fraudster impersonates the consumer’s PSP, for example by pretending to be a PSP employee, and the consumer is tricked into authorising a payment, the PSP would be liable to refund the full amount, subject to safeguards.

2. Burden of proof: the consumer’s PSP must prove that the consumer acted fraudulently or with gross negligence.


EBA guidance: the EBA is expected to issue guidance on the factual circumstances to be considered when assessing possible gross negligence by the consumer.


Would activities of Facebook/Meta fall within a scope of PSR?


Facebook would be covered in its capacity as a very large online platform / hosting service provider. Under PSR Facebook may have obligations in relation to fraudulent financial-services content and advertising, including cooperation with PSPs and verification of advertisers of regulated financial services. If fraudulent content on Facebook leads to payment fraud, the PSR links potential compensation claims by PSPs to the Digital Services Act liability framework.


Mandatory fraud information sharing


Fraud data sharing under PSR is mandatory but conditional: PSPs must share only necessary data, only through information-sharing arrangements, and only where suspicion of fraud is objectively justified.


Transaction monitoring by the payee’s PSP


The payee’s PSP must also carry out transaction monitoring before funds are made available to the payee.


Fraud controls apply on both sides of the transaction: before execution by the payer’s PSP and before fund availability by the payee’s PSP.


Need advice on PSD3/PSR requirements? Contact us: Sigita Zavišienė



bottom of page