Trust is the New Currency

By Jay Floyd, Director of Payments Intelligence & Financial Crime at ACI Worldwide

Jay Floyd, Director of Payments Intelligence & Financial Crime at ACI Worldwide, explores why PSD3 and PSR1 are a step forward—but not the finish line—in building a secure, collaborative payments ecosystem. 

Trust is everything.

It’s the invisible infrastructure of the financial system. It’s what allows a consumer to tap their phone at a checkout without hesitation or a business to send a high-value payment across borders in seconds. However, in today’s digital economy, where fraud is on the rise and payments are moving faster than ever, many are discovering that trust is a fragile commodity.

Nowhere is this more evident than in Europe’s rapidly evolving payments landscape. The European Commission’s latest proposals—the Payment Services Directive (PSD3) and the new Payment Services Regulation (PSR1)—mark a pivotal moment in the EU’s digital finance journey. These reforms are designed to modernise the regulatory framework, strengthen consumer protections, and accelerate the shift toward a more open and competitive payments ecosystem.

But while these proposals move the conversation forward, they don’t go far enough. The ambition to restore trust and drive adoption of instant payments and open banking services is clear, but the way to get there remains incomplete.

If Europe is to lead with confidence, it must go beyond compliance and build a model of digital trust that’s embedded in the way the ecosystem operates.

Fragmented defences in a hyperconnected world

Fraud is no longer a siloed threat. It moves quickly, crosses borders, and increasingly originates outside the traditional payments infrastructure—through spoofed messages, fake investment ads, or manipulated phone calls. In 2024 alone, European consumers lost billions to such scams, with ACI’s latest Scamscope report forecasting that global Authorised Push Payment (APP) scam losses will reach $7.6 billion by 2028.

These losses erode consumer confidence and even threaten the adoption of instant payments as well as other digital innovations across the region, like the WERO wallet. Yet, under the current framework, banks are still expected to absorb the financial loss, even when the fraud begins elsewhere. Social media platforms, telecoms providers and other digital intermediaries—where much of this fraud is initiated—often escape regulatory scrutiny. This imbalance is not just unfair. It’s unsustainable. Without shared liability, there’s little incentive for non-financial actors to strengthen their defences. And without coordinated action, the ecosystem remains fragmented and reactive.

Some Member States are beginning to shift the dial. In Sweden, the Swedish Financial Supervisory Authority has proposed stronger monitoring and a reallocation of liability to drive safer design. Germany is also making progress through its digital policy and investment in fraud prevention technologies. But across much of the EU, the burden still falls squarely on financial providers, even as the threat landscape evolves.

Meanwhile, other critical gaps persist. Recent reports show that fraudsters are increasingly exploiting gaps in cross-border Verification of Payee (VoP) implementation and the lack of real-time intelligence sharing. PSD3/PSR1 introduces a legal basis for voluntary data exchange—but without shared infrastructure, incentives or clear governance, uptake will remain limited. And as underground value transfer systems like Hawala continue to move billions beyond the reach of regulated institutions, the need for cross-sector intelligence sharing becomes crucial.

As instant payments, open banking and digital wallets become the norm, trust becomes the key to adoption. The question now is: how do we embed trust at scale, in a way that’s smart, shared and sustainable?

A new model for digital trust

The answer starts with recognising that trust isn’t built through regulation alone. It’s built through the way the ecosystem collaborates, shares responsibility and responds to risk in real time. PSD3/PSR1 lays important foundations, but to truly future-proof Europe’s payments landscape, we need to go further.

First, fraud intelligence must become a collective asset, not a competitive advantage. While PSD3/PSR1 introduces a legal basis for voluntary data sharing, this must now be translated into practical, real-time protection. Cross-collaboration and central infrastructures should be required to offer fraud intelligence services on fair and transparent terms, ensuring that institutions of all sizes can access actionable insights.

This intelligence must also evolve with the threat landscape, covering not just traditional fraud signals but emerging risks like spoofed websites, remote access software and underground value transfer systems. To make this work, the ecosystem needs to work better together and establish clearly defined responsibilities. This means everyone from banks and Payment Service Providers to telecoms and digital platforms, all embracing anonymised signal sharing that upholds GDPR and privacy-preserving models while enabling effective detection.

Second, VoP must be elevated from a compliance requirement to a foundational layer of trust. To achieve this, it should be mandated not just for SEPA credit transfers but across all relevant payment types—including digital wallets and app-based payments—with consistent, real-time implementation across Member States. This requires a unified framework of technical standards and shared EU-level directories to guarantee interoperability and coverage.

But VoP must be part of a broader, data-driven approach to fraud prevention. That means requiring all payment institutions to use certified fraud detection tools and contribute to a standardised, EU-wide reporting framework. Through reports, the EU can guarantee better benchmarking, more informed policymaking and a clearer picture of where fraud is evolving.

Finally, the liability model must be rebalanced to reflect where fraud actually originates. A smarter model would distribute liability more equally across the payment chain, making sure that all actors—from banks to telcos to digital platforms—are incentivised to invest in prevention. This should be supported by coordinated public awareness campaigns, which remain one of the most cost-effective defences against social engineering. And crucially, it must be underpinned by the same real-time intelligence sharing infrastructure.

Together, these measures represent more than regulatory fine-tuning—they form the connective tissue that links detection, prevention and accountability across the ecosystem.

A call to change

PSD3/PSR1 mark a critical step forward, but this is only the beginning. If Europe is to lead in digital finance, it must move beyond regulatory alignment and embrace a new model of trust: one that’s embedded not just in policy but in practice.

That means recognising fraud is no longer a challenge any single institution can solve alone. It’s a systemic challenge that demands systemic solutions grounded in collaboration, shared responsibility and real-time intelligence. The future of payments will be shaped not just by how fast or accessible they are, but by how confidently people can use them.

Building that confidence requires more than compliance. It requires vision, partnership and decisive action. Now is the time for banks, fintechs, regulators and infrastructure providers to come together to respond to and outpace fraud—and by doing so, shape a payments ecosystem that’s accessible, resilient and trusted by design.