Europe’s €4.2 Billion Fraud Problem — And Why Instant Payments Are Making It Worse

Payment fraud across the European Economic Area jumped 17 per cent in a single year. The EU’s own instant payments mandate may be accelerating the problem.

QUICK ANSWER

Payment fraud in the European Economic Area reached €4.2 billion in 2024, a 17 per cent increase from €3.5 billion in 2023, according to the joint EBA-ECB 2025 report on payment fraud. Credit transfer fraud rose 24 per cent to €2.5 billion, while card fraud climbed 29 per cent to €1.3 billion. The EU’s Instant Payments Regulation, which since October 2025 requires all eurozone banks to settle transfers within ten seconds with no cap, has compressed the window for fraud detection from hours to seconds. The EBA’s own assessments show fraud risk in instant credit transfers is up to ten times higher than in standard transfers. Consumers bear 85 per cent of credit transfer fraud losses, though the forthcoming PSD3 regulation is expected to shift more liability to providers.

How much did payment fraud cost Europe in 2024?

In December 2025, the European Banking Authority and the European Central Bank published the 2025 edition of their joint report on payment fraud. The headline figure was stark: total fraud losses across the EEA reached €4.2 billion in 2024, up from €3.5 billion the previous year. That is a 17 per cent increase in twelve months, even as the overall fraud rate held steady at roughly 0.002 per cent of total transaction value. The numbers suggest that Europe’s payments system is not becoming more dangerous on average — it is simply processing so much more volume that the absolute cost of fraud is surging.

The breakdown by instrument tells a sharper story. Fraudulent credit transfers — bank-to-bank payments — totalled €2.5 billion, up 24 per cent year-on-year. Card fraud reached €1.3 billion, a 29 per cent increase. E-money and other instruments, including direct debits and ATM withdrawals, accounted for a further €349 million, rising 26 per cent. In each category, the direction is the same: up, and accelerating.

Why are instant payments more vulnerable to fraud?

The EU’s Instant Payments Regulation, fully enforced since October 2025, requires every eurozone bank to send and receive SEPA instant credit transfers within ten seconds, around the clock, at no extra cost. The previous €100,000 cap has been removed, meaning transfers of virtually any size can now settle in real time. The policy rationale is sound: faster payments improve cash flow for businesses, reduce settlement risk and make Europe’s financial plumbing more competitive. But the regulation has also created what the EBA itself has called a structural vulnerability. Its own assessments show that the risk of fraud in instant credit transfers is up to ten times higher than in standard transfers.

The reason is mechanical. In a traditional SEPA credit transfer, banks have hours or even days to screen transactions for sanctions, anti-money-laundering flags and fraud

patterns. In an instant payment, they have ten seconds. If a transaction is flagged during that window, the bank must either clear it immediately through automated decisioning or reject it outright. There is no option to hold for manual review. Legacy systems built around batch processing and fixed operating windows were never designed for this kind of pressure. For institutions still running on older infrastructure — and many are — the mandate creates an impossible trilemma: speed, compliance, or cost. Pick two.

How are criminals exploiting the new system?

The fraud itself is evolving in response. The EBA-ECB report highlights the growing prevalence of “manipulation of payers” — scams in which victims are tricked into authenticating fraudulent transactions themselves. Because the payment is technically authorised by the customer, it bypasses strong customer authentication protections. Criminals exploit SCA exemptions too, particularly contactless payments under the low-value threshold (which accounted for 79 per cent of all non-SCA card transactions in 2024) and “trusted beneficiary” designations, where victims are coerced into pre-authorising a fraudster’s account. Once instant settlement completes, the money is gone. The report notes that net financial losses grew 23 per cent — faster than the growth of fraudulent transactions — suggesting that funds recovery is getting worse, not better.

Who bears the cost of payment fraud in Europe?

The distribution of losses is deeply uneven. For credit transfers, payment service users — ordinary consumers and businesses — bore approximately 85 per cent of total fraud losses in 2024. Banks absorbed the remainder. For card payments, the picture is reversed: customers bore around 38 per cent, with issuers covering the other 62 per cent under existing consumer protections. The imbalance is drawing regulatory attention. The forthcoming Payment Services Regulation, part of the PSD3 package, is expected to shift more liability from consumers to providers, particularly for authorised push payment scams. As we explored in our analysis of how fintechs are challenging Visa and Mastercard, the competitive dynamics of European payments are already being reshaped by regulation. Fraud liability could accelerate that shift further.

How is Europe fighting back against payment fraud?

The industry response is a massive investment in fraud prevention technology. Juniper Research forecasts an 85 per cent jump in global spending on fraud detection and prevention by 2030, from $21 billion in 2025 to $39 billion. AI-driven risk engines that can spot irregular behaviour in milliseconds are becoming essential. EBA Clearing, which operates the pan-European RT1 instant payment system, launched a Fraud Pattern and Anomaly Detection service alongside the October 2025 compliance deadline. Verification of Payee — checking that a recipient’s name matches their IBAN before a payment is processed — is now mandatory, a measure already proven effective in the Netherlands and the UK. But technology alone cannot solve a problem that is partly social engineering. As Europe’s new AML rulebook demands dynamic, behaviour-based risk scoring rather than static checks at onboarding, the compliance architecture of every payment provider in the EEA will need to be fundamentally rebuilt.

What does this mean for Europe’s payments sovereignty?

The fraud crisis intersects directly with Europe’s broader payments sovereignty ambitions. As we reported in our coverage of Europe’s $24 trillion breakup with Visa and Mastercard, the EU is pushing to build domestic payment infrastructure through Wero, the digital euro and a euro-denominated stablecoin consortium. All of these initiatives depend on instant account-to-account rails — the very infrastructure that is now proving most vulnerable to fraud. If Europe cannot secure its real-time payment systems, the entire sovereignty project is undermined. Consumers and businesses will not abandon Visa and Mastercard for domestic alternatives that feel less safe.

The regulatory response is arriving on multiple fronts simultaneously. PSD3 will tighten authentication and expand liability. The EU’s new Anti-Money Laundering Authority, operational from 2025 with direct supervisory powers from July, will oversee high-risk institutions. The Digital Operational Resilience Act requires financial institutions to harden systems and test resilience. As we examined in our analysis of how EU financial rules could reshape fintech, the cumulative weight of these frameworks is turning compliance from a cost centre into a strategic differentiator. The firms that can screen a transaction in milliseconds, detect a social engineering attack in real time and recover funds before they leave the system will define the next generation of European payments. The rest will be paying for fraud — literally.

The €4.2 billion figure is not just a number. It is the price Europe is paying for building a faster financial system before building a safer one. The question now is whether regulation, technology and institutional willpower can close that gap before the next report makes the current one look modest.

Frequently Asked Questions

How much did payment fraud cost Europe in 2024?

Payment fraud in the European Economic Area totalled €4.2 billion in 2024, a 17 per cent increase from €3.5 billion in 2023, according to the joint EBA-ECB 2025 report on payment fraud.

What type of payment fraud is growing fastest in Europe?

Credit transfer fraud grew fastest by value, reaching €2.5 billion in 2024 (up 24 per cent). Card fraud rose 29 per cent to €1.3 billion. The EBA highlights the rapid growth of “manipulation of payers” scams, where victims are tricked into authorising fraudulent transactions themselves.

Why does the EU Instant Payments Regulation increase fraud risk?

The regulation requires banks to settle transfers within ten seconds, 24/7, with no transaction cap. This compresses the time available for fraud screening from hours to seconds. The EBA’s own assessments show that fraud risk in instant credit transfers is up to ten times higher than in standard transfers, because legacy systems were not built for real-time compliance decisioning.

Who pays for payment fraud losses in Europe?

For credit transfer fraud, consumers and businesses bore approximately 85 per cent of losses in 2024. For card fraud, the split is reversed: banks and card issuers absorb around 62 per cent. The forthcoming PSD3 regulation is expected to shift more liability from consumers to payment providers.