EBAday 2025: Strategising for instant payments and financial crime

The first panel, 'Implementing Instant Payments: Strategies and Challenges', was moderated by Rita Camporeale, European Payments Council, and featured the following speakers: Anne-Fleur Felissent, Société Générale; Arantza Yague, HSBC; Craig Ramsey, ACI Worldwide; and Katja Heyder, EBA Clearing.

Camporeale began by outlining the Instant Payments Regulation and the urgency it imposes on European organisations as we have already passed the first deadline. The new version of the SEPA Instant Credit Transfer (SCT Inst) scheme will come into force on 5 October 2025, along with the Verification of Payee (VoP) scheme, meaning financial organisations have a full schedule in the upcoming five months. So how have organisations approached implementation?

Felissent outlined three steps with which Société Générale approached their own implementations of various transformation projects: First, the design of the offer and addressing the customer journey, meaning the app, banking tools, and end to end processes. Second comes the technical integration, ensuring the real-time checks and fraud filtering, as well as the interfacing and connection of the APIs. Lastly, testing.

Yague highlighted the difference between retail and corporate that she’s observed. “Firstly, the pricing is going to make corporates more keen to make use of instant payments. Equally, the fact that there is no €100,000 cap is going to allow them to make treasury payments of any amount, but the corporate journey is very different to that of the consumer. Crucially, it’s going to be more of a file journey.”

Ramsey highlighted his perspective on industry adoption and readiness as a technical service provider. “By 2028, we’re expecting 13% of all payments in Europe to be instant payments. It’s not just about preparing for the IPR, it’s about truly understanding what’s going to change in the business as we move forward in terms of actual readiness. I’m going to go out on a limb here: I don’t think most banks have implemented a solution for IPR that will still be around in three years’ time. I think many have put sticking plasters over their systems in order to be compliant.”

Heyder of EBA Clearing gave insight into what has happened since the first IRP deadline, including the ability to receive instant credit transfers among others, has passed in January of this year. “You can see the increase accelerating, and you can see the first impact of the IPR. However, the SCT Inst is still growing itself, so I don’t think we can really talk about a migration. Individual banks are on their way, but it’s not yet an industry migration.”

An open-ended poll question revealed a mind-map of the audience’s most prominent challenges of implementing instant payments. Liquidity, fraud prevention, VoP, and fund recovery emerged as the biggest struggles.

Felissent commented: “I would have also chosen liquidity as one of the main challenges, especially when the cap on instant payments will be removed. Today, banks do not have 24/7 access to their liquidity in central banks, so there is the issue to source this liquidity. In addition, the account dedicated to instant payments is not remunerated,” adding an extra layer of complexity for treasurers when it comes to optimisation.

The other large issue that PSPs are facing is fraud. Ramsey emphasised that the rise in fraud is not because of instant payments per se, but because of the nature of fraud in itself. “We see fraud focus on instant payments because it’s a new thing. Whenever a new scheme has been launched, suddenly there’s fraudulent activity there. A lot of people say you need to educate the populace, but that’s not going to help. The populace always thinks its educated right up until the point they realise they’ve become a victim of fraud.”

And while VoP is one measure to help with fraud prevention, it will not solve the whole fraud puzzle. “We’re seeing that fraud in SCT Inst is nine times higher than in SCT,” Heyder commented. “The [VoP] deadline is the first challenge, because October is just around the corner. But VoP in itself will not stop fraud. Looking at the data, 10% of fraudulent transfers would not pass VoP, but on the other hand, 50% of fraudulent transactions would pass VoP. The challenge banks will face is how to keep the good friction.

The question of fraud prevention strategies was then picked up by the next panel.

Financial crime and fraud in payments

As financial crime evolves, so must payments security. Moderated by Deepa Sinha, BAFT, the panel titled 'Financial Crime and Fraud in Payments' featured Damien Dugauquier, iPiD; Evert Vandenbussche, KBC Global Services; Monika Jacob-Schnitzius, Deutsche Bank; and Olivier Jolyon, EBA Clearing.

Jacob-Schnitzius began with a short summary of how financial crime has evolved over the last five years. What we have been experiencing, is “a fundamental change in which crime, including financial crime, is committed. Financial crime is being shaped by global instability, market uncertainty, digitisation, and emerging technology. Digital platforms and technology are facilitating criminal systems. You can even say that a shadow industry has developed over the years, with professional fraudsters developing methods to steal data and sell it. The fact that a term like ‘fraud as a service’ exists speaks for itself.”

Dugauquier elaborated: “I live in Sinapore, which is where people have lost the most amount of money to scams over the past few years. We’re talking about, on average, $4000 per citizen, per year—which is the equivalent of a monthly salary. It really is very prevalent in life. It didn’t used to be like that, so what changed? For one, Covid has removed the fear of spending money online, which fraudsters are exploiting. But mainly, the business case for scammers is too good. Scammers aren’t based in Singapore, they have built scam centres, which are also linked to other types of crime, such as kidnapping and human trafficking.”

Vandenbussche highlighted the complexity of generative AI as deepfakes are becoming increasingly harder to identify. One of the means of effectively working against this is “working together, making use of services like FPAD, to share data and intelligence. We have to go beyond the boundaries of the transactions that we see taking place in the scope of our functions.”

Jolyon emphasised the necessity of building “AI models that will help detect fraud and patters very early in the game. That’s what we’re doing with FPAD, detect patterns and feed information to banks that can then use it in their own systems to detect fraud. Technology will play a key part in orchestrating all that information, and then as a next step will be sharing the information.”

Yet the panelists highlighted regulatory hurdles when it comes to effective data sharing—namely the balance between fraud prevention and data privacy. Dugauquier commented: “We often like to blame the banks for everything, but it’s not fair that banks are caught between data privacy and then also becoming more liable for fraud. If banks should protect their customers, we then also need to let them exchange more data to make this possible.”

Speaking on the topic of liability, the conversation turned toward the changing liability for authorised push payment (APP) fraud. “APP fraud payments are fundamentally based on social engineering, which is why it’s so difficult to catch,” highlighted Vandenbussche. “On a European level, I understand we want to make banks more liable, and I do think they have a role to play in that. On the other side, a lot of these scams are going through social media, so there is a lot of other industries that should also take measures to prevent this scale of scams. As a PSP you cannot handle that [alone].”

Summarising what’s next, the panellists agreed that the future of identifying fraud lies in technology and industry collaboration. Jacob-Schnitzius commented: “Fighting financial crime and fraud is no longer a competitive advantage. It must be a collaborative effort amongst banks, industry, and authorities.”

Dugauquier aptly finalised: “Fraud is a little bit like a bottle of ketchup. If you squeeze somewhere, it goes somewhere else.”