BioCatch blog channel

Browse topics

Refund first, argue later: EU court opinion supports case for behavioral intelligence in ATO detection

Written by:

Jonathan Frost

Refund first, argue later: EU court opinion supports case for behavioral intelligence in ATO detection featured image

A recent opinion from the advocate general of the Court of Justice of the European Union (CJEU) in Case C-70/25 may reshape the economics of fraud prevention for European banks. The opinion interprets the EU’s Payment Services Directive (PSD2) as requiring banks to immediately refund victims of unauthorized transactions, including those resulting from phishing or social engineering attacks. Banks may recover losses only after refunding and only if they prove customer fraud or gross negligence.

Although the final judgment is pending, the advocate general’s reasoning signals a clear trend in Europe: Banks will soon bear liability for unauthorized payment fraud unless they can demonstrate the customer is grossly negligent.

This has significant implications for financial institutions. If reimbursement becomes the default for unauthorized payment fraud, banks will bear the financial losses and must invest more in pre-transaction fraud prevention.

Here, behavioral intelligence is not just useful but strategically essential.

Court signals stronger consumer protection

The advocate general’s opinion addresses a common scenario in modern financial crime: phishing attacks that enable fraudsters to initiate unauthorized transactions from a customer’s account.

Historically, reimbursement disputes focused on customer negligence (such as clicking phishing links or sharing credentials), with banks often citing perceived negligence as justification for denying customer reimbursement.

The interpretation in Case C-70/25 challenges this approach. It states:

  • Banks must refund unauthorized transactions without delay.
  • Customer negligence cannot be used as grounds for delaying reimbursement.
  • A bank may refuse immediate reimbursement only if it has reasonable grounds to suspect customer fraud and has reported this suspicion to the relevant authorities.

This flipflops the typical sequence of fraud disputes to 1.) refund first, and then 2.) investigate responsibility. This creates a regulatory system prioritizing real-time consumer protection over lengthy disputes.

Economic consequences for banks

From a policy perspective, this approach demonstrates a broader European regulatory philosophy: Financial institutions are best placed to manage fraud risk within the payment ecosystem.

Operationally, it dramatically alters the economics of fraud. If banks are required to reimburse most victims of unauthorized transactions, fraud losses shift from being partially borne by customers to becoming a direct cost borne by the institution.

This shift creates strong incentives:

  • Fraud losses increase.
  • Reimbursement obligations accelerate.
  • The tolerance for false negatives in fraud detection drops sharply.

In other words, the business case for stronger preventive controls grows significantly.

Where traditional fraud controls fall short

Many legacy fraud monitoring systems rely heavily on rules-based controls and transaction monitoring. These systems typically focus on spotting anomalies in payment characteristics, such as unusual amounts, destinations, or transaction velocity.

While still important, these signals are increasingly inadequate against evolving AI-powered fraud threats. Modern account takeover (ATO) fraud in particular frequently involves attackers who:

  • Possess valid credentials
  • Use compromised devices or legitimate authentication flows.
  • Mimic normal transaction behaviors.

In these scenarios, the transaction itself may appear legitimate, but the real signal lies not in the payment but in the user's behavior within the digital banking environment.

Detecting fraud before it happens

Behavioral intelligence analyzes how users interact with devices or applications instead of only the transactions those users perform.

A few (of the 3,000) examples of these behavioral signals include:

  • Typing cadence and touch dynamics
  • Mouse motion and interaction patterns
  • Device orientation and interaction speed
  • Session navigation behavior

These behavioral signals form a unique digital fingerprint for each legitimate user. During account takeovers, even with correct credentials, attackers’ behavioral profiles rarely match those of the genuine customer. This enables banks to detect suspicious sessions before fraudulent transactions occur.

Crucially, behavioral intelligence detects fraud where traditional controls fail, including:

  • Credential phishing attacks
  • Malware-driven account takeover
  • Remote access scams
  • Social engineering incidents

These are precisely the types of fraud that drive unauthorized payment disputes under PSD2.

Renewed regulatory focus on detection

The advocate general’s opinion reinforces the regulatory expectation that banks detect fraud earlier in the transaction lifecycle. This is consistent with broader developments across Europe, including:

  • The move toward real-time payments compressing response windows
  • The introduction of stronger consumer reimbursement rights
  • Rising expectations around financial institutions employing advanced technology to reduce fraud risk

Together, these trends signal a shift from judging fraud prevention by minimum compliance to evaluating the effectiveness of banks’ detection capabilities. Behavioral intelligence sits squarely within this paradigm.

A tale of two jurisdictions

The developing EU framework invites comparison to the United Kingdom.

The UK operates one of the world’s most robust reimbursement systems. Recent regulations on authorized push payment scams have led to reimbursement rates of around 98% of reported cases. Consequently, banks have significantly increased investment in fraud detection technologies and cross-industry intelligence sharing.

The EU may now be heading in a similar direction for unauthorized payment fraud. If the court ultimately follows the advocate general’s opinion in Case C-70/25, European banks could face reimbursement obligations that increasingly resemble the UK model. This shift brings the same strategic requirement: Fraud must be stopped before funds move.

From compliance to capability

Ultimately, this case’s significance extends beyond legal interpretation. It shows a structural change in how responsibility for fraud is allocated within the digital economy. Where customers once bore significant risk, regulators increasingly place responsibility on institutions that control payment infrastructure.

For banks, fraud prevention is no longer just about compliance. It is a core economic capability. Behavioral intelligence represents one of the most effective tools available to meet that challenge. By analyzing user behavior and not just transactions, banks can detect account takeover attacks in real time, reduce fraud losses, and meet growing regulatory expectations.

As reimbursement obligations expand, this capability is no longer optional. It is becoming essential.

Recent Posts

Tax scams, APP fraud, Volvo, and the three-point seatbelt
March 17, 2026 Tax scams, APP fraud, Volvo, and the three-point seatbelt
Read article
Money mules in the midmarket: A growing threat Money Mules
March 10, 2026 Money mules in the midmarket: A growing threat
Read article
The value of precision in account opening
February 26, 2026 The value of precision in account opening
Read article