The EU’s Instant Payments Regulation (IPR) requires all payment service providers (PSPs) in the eurozone to offer their customers the ability to send and receive instant payments 24 hours a day, seven days a week, 365 days a year. Already, EU PSPs must allow the receiving of real-time transfers. They now have until October to provide customers with the ability to send instant payments within just 10 seconds.
While the IPR is a step forward in improving payment efficiency and customer convenience, it also introduces new fraud risks. The shorter transaction time limits the window for fraud detection, making it easier for fraudsters to execute scams before banks can intervene.
A BioCatch case study from another European country already offering real-time payments found:
• Nearly a third of all fraud cases in Q4 2024 originated from a single person-to-person P2P payment platform.
• Fraud cases on that channel more than doubled (a 110% spike) in one year.
• Fraudsters leveraged the speed of instant payments to bypass traditional security controls, withdrawing stolen funds before fraud teams can react.
PSR1 and PSD3: A game-changer with risks
The Instant Payments Regulation (IPR), combined with the upcoming Payment Services Directive 3 (PSD3) and the Payment Services Regulation 1 (PSR1) is already transforming digital banking. These regulations aim to enhance competition, strengthen fraud prevention, and boost consumer awareness. But while they introduce many security benefits, they also bring new fraud challenges.
What PSR1/PSD3 brings to the table:
• Enhanced fraud prevention measures: Strengthened Strong Customer Authentication (SCA) and mandatory fraud monitoring.
• Expansion of open banking: Increased accessibility for third-party providers (TPPs), raising concerns about security gaps.
• Customer awareness: Payment service providers must also focus on educating customers about potential security threats and fraud risks, including phishing, identity theft, and other cybersecurity threats.
Progress creates new challenges
The shift to instant payments presents significant challenges for banks and PSPs, requiring operational, regulatory, and customer engagement adjustments.
1. Operational overhaul
• Legacy banking systems and operation teams must evolve to support 24/7/365 fraud monitoring and customer support.
• Real-time payments require real-time fraud detection.
2. Regulatory compliance under PSR1 and IPR
• Banks must implement Verification of Payee (IBAN-name checks) before transferring funds.
• New regulations also potentially shift liability from victims to banks for scams where customers are manipulated into authorising transactions.
• Additionally, instant payments must be offered at no extra cost, adding financial pressure on banks to fund fraud prevention efforts.
3. Customer awareness and social engineering risks
• Many customers lack knowledge of scams disguised as bank notifications, government communications, or crypto investment offers.
• As such, fraud education must go beyond basic security tips and focus on recognising subtle psychological manipulation tactics used by criminals.
The switch from defence to offense
Traditional fraud defenses react to threats using transaction and device data. The new fraud tactics of today (and tomorrow demand proactive prevention methods.
1. Behaviour-based solutions go further, analysing user interactions (mouse movements, typing patterns, navigation habits, and more) to identify anomalies indicating fraud before the transaction’s approved.
2. Crucially, these solutions also do so in real-time, using machine learning models to identify suspicious transaction patterns instantly, allowing the financial institutions deploying them to shift from reactive to proactive detection.
3. Fraud isn’t just a problem for individual banks. It’s an industry-wide challenge. Collaborative fraud intelligence networks allow financial institutions to share real-time threat data, improving the ability to detect large-scale fraud operations before they escalate.
4. Banks must also rethink their fraud awareness campaigns to move beyond generic warnings instead offering interactive fraud education integrated into banking apps, real-time alerts explaining why a transaction might be risky, and stronger verification steps for high-value transactions.
Staying ahead
As outlined in our 2025 Digital Banking Fraud Trends in Germany report, the fraud landscape is evolving at an unprecedented rate. German financial institutions cannot afford to rely on outdated fraud detection methods. With real-time payments becoming standard, fraudsters will continue refining their tactics, making proactive fraud prevention essential.
By leveraging behavioral intelligence, real-time AI analysis, and industry-wide collaboration, banks can not only comply with new regulations but also establish a safer, more secure digital banking environment.
The question isn’t whether fraud will continue to evolve—it’s whether your bank will be ready for the next evolution.