The First and Second Payment Services Directives (PSD & PSD2) regulate liability for losses arising from authorised and unauthorised non-cash payment transactions. Modern fraud methods, such as the use of ‘social engineering’, ‘spoofing’ and ‘phishing’, make it easier for fraudsters to defraud bank customers through bank helpdesk fraud. It is not possible for the customer, under PSD2, to then recover damages from the bank because, in legal terms, there is often an authorised transaction. It is the general view that this should be possible. Dutch banks have therefore set up a goodwill scheme to accommodate its customers anyway. In 2023, the European Commission presented a proposal for the Payment Services Regulation, which would create a third category: the fraudulently authorised non-cash payment transaction. This new category, very similar to the Dutch goodwill scheme, should increase consumer protection.
The study focuses on the question whether a non-cash payment transaction classifies as authorised, fraudulently authorised, or unauthorised and what effect this classification subsequently has on the allocation of liability between bank and consumer.