Who is Responsible for Fraud & Unauthorized Transaction Risks?
Did you know that in the EU, financial institutions are almost 100% responsible for fraud and account takeover losses, when dealing with consumers?
Yes, even if the consumer is totally careless and uses "password123" across 250 different platforms and shopping sites 🙁
PSD2 established that the financial institution is always responsible for the risk of unauthorized transactions towards consumers (e.g. natural persons), unless the consumer acted fraudulently. A payment service provider must reimburse the customer for unauthorized payments within ten days or justify the refusal. If the payment service provider can show that the customer acted carelessly and failed to take reasonable steps to protect his/her security, then it can charge the customer up to 50 EUR from the total amount reimbursed (but not more).
Simply speaking, the EU lawmakers took the view that financial services are professionals and should take reasonable steps to authenticate their users and manage the risks of fraud. They are not allowed to shift the blame on consumers for being careless (even when this is the case).
With respect to bank direct debit, consumers have unconditional refund rights for any unauthorized direct debit payments they want to dispute, or, in cases when the debited amount was not known to them in advance (e.g. direct debits for telecom services and similar services) - within 13 months from the debit date.
Please note: for business accounts, commercial activities (e.g. professional forex trading) and corporate clients the level of guaranteed fraud protection is not the same, it must be determined in the Terms&Conditions of each service provider.
Hope this helps!
And in order to be sure you are gathering the right information at the right time from your customers, we have developed the following KYC&Onboarding guide!