Europe okays new rules for online fraud protection and data hacking: What the ‘Payment services deal’ says

TOI Tech Desk / TIMESOFINDIA.COM / Nov 27, 2025, 18:45 IST

Text Size

Small
Medium
Large

New EU consumer protection measures will hold banks and payment providers more accountable for fraud and data breaches. Consumers will no longer bear the brunt when security fails, with providers liable for unauthorized transactions and impersonation scams. This aims to bolster fraud prevention and eliminate hidden fees across the EU.

Europe okays new rules for online fraud protection and data hacking: What the ‘Payment services deal’ says

The European Union (EU) has agreed to new consumer protection measures following an agreement reached between EU member states and the European Parliament. The deal introduces new rules designed to force banks and payment service providers (PSPs) to enhance fraud prevention, eliminate hidden fees and enhance protection against data leaks. The new legislation aims to shift liability toward financial providers and online platforms.“On Thursday morning, Parliament and Council negotiators agreed on the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3),” the European Commission said in a statement.“The regulation aims to harmonise payment services and strengthen fraud prevention across the EU. It applies to payment services provided by banks, post-office giro and payment institutions, as well as technical service providers supporting payment services, and in some cases electronic communications providers and online platforms. The directive seeks to ensure fair competition among payment service providers (PSPs), by addressing authorisation and supervisory powers, and to improve access to cash, particularly in remote areas,” it added.

EU makes banks and service providers answerable to fraud and hacking

The core of the new rules focuses on ensuring consumers are not left responsible when security measures fail:The rules say that service providers have to offer spending limits and blocking measures to reduce the risks of fraud.

This means that if a fraudster initiates or changes a transaction, “it will be treated as [an] unauthorised transaction and the PSP will be liable for the full fraudulent amount.” Moreover in case of impersonation fraud, where a scammer pretends to be a company employee and tricks the customer into approving a payment, the service provider must refund the full amount if the customer reports the fraud to the police and informs their PSP.“In addition, advertisers of financial services must show very large online platforms and search engines that they are legally allowed (or officially exempt) in the relevant country to offer those services, or that they are advertising on behalf of someone who is,” the Commission added.

About the AuthorTOI Tech Desk

The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

End of Article