PSD2 and fraud monitoring – the evolution of secure payments in Europe

Written by Partisia | 2025.11.03

The Payment Services Directive 2 (PSD2) fundamentally changed how banks and payment providers detect and prevent fraud. Introduced to enhance consumer protection and encourage innovation, PSD2 required every financial institution operating in the EU to reengineer its transaction monitoring systems.

Fraud prevention is no longer a standalone function. It’s now embedded into authentication, transaction analytics, and regulatory reporting. PSD2’s strong customer authentication (SCA) and real-time monitoring requirements have forced a complete shift toward continuous, data-driven fraud management.

The PSD2 framework

PSD2, enacted in 2018, modernized the EU’s payment ecosystem by enabling open banking — the secure exchange of customer data between banks and third-party providers. Its key provisions directly impact fraud detection:

Strong Customer Authentication (SCA): mandatory multi-factor authentication for digital payments.
Transaction Risk Analysis (TRA): dynamic assessment of transaction risk to enable SCA exemptions.
Real-time monitoring: continuous evaluation of payment behavior to identify anomalies.
Incident reporting: regulated procedures for communicating security breaches to authorities.

The directive made fraud detection a technical, regulatory, and operational discipline all at once.

How PSD2 changed fraud monitoring

Before PSD2, fraud monitoring relied on post-transaction reviews and static rule sets. The directive introduced risk-based, real-time analysis that combines authentication data, behavioral signals, and payment metadata.

Key shifts include:

From static to dynamic: algorithms adjust thresholds and risk scores continuously.
From siloed to integrated: payment data, authentication events, and device data now feed a unified fraud engine.
From detection to prediction: AI and analytics forecast risk instead of reacting after losses.
From compliance to resilience: monitoring systems now serve both regulatory and security objectives.

These capabilities support not just regulatory reporting, but the broader goals of operational resilience under DORA and AMLD6.

Fraud types targeted under PSD2

According to the European Central Bank’s 2024 Payment Fraud Report, PSD2 has significantly reduced card-not-present fraud, but new threats continue to evolve. Common risks include:

Account takeover through phishing or malware.
Synthetic identities combining real and fake data.
Transaction manipulation via compromised APIs.
Fraudulent third-party payment initiation.

To combat these, PSD2 requires payment service providers (PSPs) to maintain adaptive transaction monitoring systems that continuously learn and adapt.

The role of Transaction Risk Analysis (TRA)

TRA allows institutions to grant SCA exemptions for low-risk payments based on cumulative fraud rates and behavioral analytics. The approach enables smoother user experiences while maintaining security.

To qualify for exemptions, firms must demonstrate:

Proven fraud rates below defined thresholds.
Continuous, AI-supported monitoring.
Clear escalation and reporting mechanisms.

This balance between usability and compliance is what drives most modern fraud monitoring innovation today.

“PSD2 didn’t just tighten authentication; it changed how institutions think about trust. Fraud detection has moved from rule-based control to continuous intelligence.”
- William Morris, Lead Enterprise Account Executive - UK

This insight captures the strategic nature of PSD2 — it’s as much about data integration as it is about security.

Cross-regulatory connections

PSD2 does not exist in isolation. It connects directly to other EU compliance frameworks:

AMLD6 and AMLD5, which define the broader anti-money laundering architecture.
EBA Guidelines on Financial Crime Risk, which extend monitoring obligations.
DORA, which ensures resilience in fraud detection systems.
FATF Recommendations, which provide the international benchmark for AML and CTF compliance.

Challenges in PSD2 fraud monitoring

Even with modern tools, PSD2 implementation remains complex:

Integrating multiple authentication and monitoring systems.
Managing third-party access through open banking APIs.
Complying with data protection requirements under GDPR.
Maintaining consistent risk thresholds across jurisdictions.

According to PwC’s European Payments Survey 2024, nearly 60% of European PSPs cite inconsistent fraud thresholds across national regulators as a barrier to full PSD2 compliance.

Partisia’s perspective

PSD2 created a new standard for secure and transparent payment monitoring — but it also introduced new data sharing and privacy challenges. Partisia’s privacy-preserving data collaboration platform allows financial institutions to meet these dual obligations.

Using Multi-Party Computation (MPC), banks and payment providers can:

Correlate transaction data across institutions without exposing customer details.
Train fraud detection models collaboratively and securely.
Meet both PSD2’s transparency obligations and GDPR’s privacy restrictions.

This makes PSD2 compliance practical and scalable, enabling real-time monitoring that is secure, compliant, and future-proof.

View full post