PSD3: Preparing for the Next Wave of Payments Regulation 

The European payments ecosystem is on the cusp of significant transformation. The upcoming third Payment Services Directive (PSD3) and the accompanying Payment Services Regulation (PSR) signal a new era of tighter oversight, increased liability, and elevated expectations for consumer protection.

For financial institutions across Europe, this evolving landscape presents both a strategic challenge and a competitive opportunity. As regulatory complexity grows, the need for secure, intelligent, and customer-centric communication strategies becomes critical. FICO Customer Communication Services (CCS) is uniquely positioned to help institutions transform compliance obligations into opportunities for differentiation and improved customer engagement.

Why PSD3 Matters for European Institutions

European banks and Payment Service Providers (PSPs) have made significant strides in digital transformation — from real-time payments to open banking. PSD3, however, introduces more stringent requirements that will compel institutions to further evolve their fraud prevention, authentication, intervention and customer engagement strategies.

Key regulatory themes include:

Stronger Consumer Protections: A Shift in Liability and Expectations

One of the most significant shifts introduced by PSD3 is the strengthening of consumer protection measures — particularly around fraud and scams. Under the new directive, Payment Service Providers (PSPs), including banks and lenders, will assume greater liability for fraud-related losses, especially in cases where customers fall victim to increasingly sophisticated Authorised Push Payment (APP) scams.

This evolution reflects a broader regulatory intent: to shift the burden of fraud prevention away from consumers and onto the financial institutions that enable and process digital transactions. As a result, lenders and PSPs will be expected not only to detect and block fraudulent payments in real-time, but also to demonstrate proactive, customer-specific interventions that can prevent harm before it occurs.

Key expectations under PSD3 include:

• Real-time fraud detection mechanisms powered by behavioural analytics and contextual signals.
• Tailored customer outreach at critical decision points — such as during high-risk transactions — with meaningful, non-generic scam warnings.
• Effective dispute management and reimbursement processes, with greater scrutiny over how institutions evaluate customer claims and communicate decisions.

Notably, regulators have emphasised that "boilerplate" or passive warnings will not suffice. Written alerts must be transaction-specific, actively presented, and designed to genuinely influence customer decision-making. This marks a clear departure from the "tick-box" compliance approach of the past and introduces higher standards for both intervention quality and evidentiary accountability - An area where FICO has specialised for over 20-years.

For financial institutions, this means rethinking fraud and scam engagement strategies through a dual lens: regulatory compliance and customer experience. Institutions that fail to act decisively may face increased reimbursement obligations, reputational damage and growing scrutiny from supervisory authorities.

Stricter Strong Customer Authentication (SCA): Raising the Bar on Secure Journeys

PSD3 introduces tighter SCA requirements that go beyond static two-factor methods. Authentication processes must now be contextual, risk-based, and adaptive — dynamically adjusting based on transaction type, user behaviour, and device intelligence.

This evolution calls for intelligent authentication journeys that maintain a seamless customer experience while delivering the enhanced security regulators require.

Broader Regulatory Scope: Extending Oversight to New Players

PSD3 expands regulatory coverage to include technical service providers, digital wallets and third-party platforms — all integral to the European payments ecosystem. These entities must now meet similar standards to traditional PSPs, including:

• Registration or licensing with national authorities
• Implementation of robust risk and fraud controls
• Adherence to secure authentication and data protection requirements

This shift demands tighter oversight from financial institutions partnering with such providers, raising the bar for third-party risk management.

Greater EU Harmonisation: Leveling the Playing Field

PSD3 broadens the definition of regulated entities to include technical service providers, digital wallets, and third-party platforms. These players must now adhere to the same standards as traditional PSPs, including:

• Clearer EBA guidance and definitions
• Enhanced supervisory powers
• Stricter and more consistent enforcement

Exceeding compliance norms will no longer be a differentiator — it will be the baseline. Institutions must remain agile and proactive as new technical standards evolve.

How FICO Can Help European Institutions Succeed Under PSD3

FICO Customer Communication Services (CCS) provides a best-in-class solution to meet these evolving requirements — blending compliance with customer engagement to protect both the institution and the consumer.

1. Real-Time, Omni-Channel Communication

FICO CCS delivers real-time, interactive intelligent messaging across SMS / RCS, voice, email, push notifications and secure in-app channels — ensuring customers receive timely, relevant alerts through their preferred method. In mobile-first markets, this flexibility is essential for meeting high expectations around speed, security, and convenience.

Beyond basic delivery, CCS enables two-way communication and can be tailored to individual customer preferences — including accessibility considerations for those with specific needs, such as visual or cognitive impairments which further highlights the requirement for organisations to employ omni-channel strategies. This ensures compliance with PSD3’s emphasis on meaningful, consumer-specific engagement while reinforcing trust and inclusivity across the digital banking experience.

2. Contextual Authentication and Proactive Scam Intervention

FICO CCS enables financial institutions to embed real-time, interactive customer messaging directly into Strong Customer Authentication (SCA) flows and post-payment engagements — delivering tailored fraud warnings, confirmation prompts, and scam-specific interventions based on transaction type, risk indicators and customer behavior.

This contextual approach allows institutions to comply with PSD3’s more stringent SCA and fraud reimbursement requirements while preserving a seamless, low-friction user experience — essential in digitally advanced European markets. By leveraging real-time data points such as payment purpose codes, merchant details and behavioral risk signals, CCS can ingest these signals and provide Scam & Fraud specific dynamic customer dialogues that can:

• Warn customers of potential scam tactics at the point of interaction
• Ask targeted questions to verify payment legitimacy
• Provide a critical pause or "second chance" to cancel or review suspicious transactions
• Change strategy sequencing to escalate customers suspected to be at risk of APP fraud to specialised call centre queues for further guidance and support

Already embraced by several Tier 1 banks, this approach is proving instrumental in strengthening regulatory compliance and elevating customer protection. By enabling more personalised, context-aware engagement, institutions are not only reducing liability but also fostering greater trust and transparency with their customers. Notably, when deploying intelligent conversational strategies where CCS delivers a  four-message scam intervention sequence, response data reveals that 50% of customers who ultimately reconsider their payment decision respond by the 2^nd verification message, with an additional 17% responding after the 3^rd, and another 17% after the 4^th.

This reinforces that single verification messages are no longer suitable and directly supports the direction of PSD3, which encourages firms to move beyond generic warnings by adopting more persuasive messaging strategies that prompt genuine customer reflection and behavioural change.

3. Built-In Fraud Defences Designed for the PSD3/PSR Era

FICO CCS is underpinned by decades of fraud innovation, specifically engineered to close the communication security gaps that fraudsters increasingly exploit in an automated, real-time environment. As PSD3 and the PSR shift greater liability to Payment Service Providers for fraud-related losses — particularly in cases of Authorised Push Payment scams — secure, intelligent communication is no longer optional; it’s essential!

Key CCS fraud prevention capabilities include:

• Short code + SMS/Voice carousel case matching techniques to protect against spoofing and impersonation attacks — a significant risk in digital-first markets globally.
• SIM swap detection to flag and respond to compromised devices before fraud can occur, preventing fraudster from controlling the customer responses
• Scams Signal behavioural analytics, leverages real-time network intelligence to dynamically assess contextual risk indicators—such as detecting unusually long inbound calls coinciding with payment attempts—to uncover signs of customer coercion or scam-related activity. When elevated risk is detected, FICO CCS automatically tailors the engagement strategy in real time, seamlessly shifting channels or escalating to human intervention to safeguard the customer. UK banks deploying Scam Signal in tandem with intelligent communication orchestration are seeing industry-leading outcomes: between 30% to 40% Average Detection Rate (ADR) across both Payments and Cards including up to a 55% reduction in false positives, and a reduction in scam-related losses exceeding 44%. This represents a genuine breakthrough in Authorised Push Payment (APP) fraud protection, combining advanced behavioural insight with intelligent customer engagement.

These advanced capabilities align directly with PSD3’s emphasis on real-time, consumer-specific fraud interventions and can be used as evidence to demonstrate the kind of secure, tailored and proactive approach regulators now expect from PSPs in mitigating APP fraud risk.

4. Comprehensive Auditability for Regulatory Assurance

FICO’s CCS platform maintains detailed, tamper-proof audit trails of every customer interaction — capturing timestamps, fraud risk signals, message content, delivery status, channel used and customer responses across the full engagement lifecycle. This level of traceability is critical under PSD3 and the PSR, which place greater emphasis on transparency, consent management, and accountability in customer communications.

Whether it involves authentication prompts, fraud warnings, or scam interventions, CCS provides institutions with the evidentiary framework needed to:

• Demonstrate adherence to SCA requirements and fraud prevention protocols
• Prove that timely, relevant communications were securely delivered and acknowledged
• Support regulatory investigations or customer reimbursement claims with auditable records
• Ensure consistency with data protection and consent obligations under GDPR
• Show that all decisions are evidenced, ethical and transparent to avoid any bias or discrimination.

This not only helps financial institutions meet evolving compliance standards but also strengthens operational governance and reduces legal exposure in high-risk scenarios, such as Authorised Push Payment fraud disputes.

5. Customer-Centric Compliance

The CCS platform is built with flexibility at its core, empowering business analysts to easily expand data models and integrate new data items. This enables organisations to rapidly re-design dynamic strategy flows and tailor message content with precision and at the speed of business. Instead of relying on passive disclosures or generic warnings, CCS supports personalised, timely communications that enhance customer trust and protect brand integrity — even during high-stakes or time-critical interactions.

Real-World Insight: Lessons from the Field

As a former Solution Success Manager for FICO Customer Communication Services, I’ve seen firsthand how well-executed communication strategies can significantly elevate both the customer experience and organisations operational efficiency. Whether it was a contextual fraud warning triggered during payment execution, or a dynamic authentication prompt embedded within a mobile banking journey, the results were consistent: increased customer engagement, reduced fraud losses, and a measurable uplift in trust.

In practice, FICO CCS regularly delivers digital engagement rates exceeding 70%, with institutions adopting the full breadth of CCS capabilities now achieving up to 95% automated resolution. These results translate directly into bottom-line value—clients have reported fraud loss reductions of over 30% and a return on investment as high as 39:1 – highlighting the significant opportunities available to Institutions who implement the right solution and approach.

CCS is uniquely positioned to help organisations meet these evolving expectations. It brings together advanced fraud protection, omni-channel orchestration, and the ability for business analysts to tailor communication strategies — all within a single platform. This empowers institutions to present regulators with a complete, auditable view of the circumstances behind every customer decision and response whilst offering confidence to regulators that robust and adequate fraud controls were in place.

In today’s PSD3 environment — where liability is shifting and consumer expectations for seamless, secure interactions are rising — communication security can no longer be an afterthought. Tailored, real-time engagement isn’t just a value-add; it’s a strategic necessity.

Turning Regulation into a Competitive Advantage

PSD3 introduces new pressures — but also new possibilities. Financial institutions that embrace proactive, real-time customer engagement will not only meet compliance obligations but deliver better outcomes for their customers.

FICO CCS empowers European banks and PSPs to move beyond compliance — to lead with innovation, trust, and operational excellence.

Learn How FICO CCS Can Support Your PSD3 Strategy

• Explore FICO Customer Communications Services for Fraud
• Read What Is PSD3? 4 Ways It Impacts Fraud Prevention
• Review the FICO 2024 Global Scams Impact Survey
• Learn about FICO’s award-winning scam detection model and award-winning Scam Signal