Login

European Payments Report Overview Part 3 – Open Banking Payment Ecosystem 2026

3. Open Banking Payment Ecosystem 

The Open Banking payment market in Europe is characterised by a competitive and increasingly decentralised infrastructure. The adoption of the revised Payment Services Directive (PSD2) created the legal foundation for Open Banking payments by requiring access to payment accounts for licensed third-party providers, subject to customer consent and security requirements. Since then, Open Banking has become an established part of the European payments landscape, even if implementation quality and market uptake have varied by country and use case.

PSD2, disruptive technologies and competition from the established card ecosystem have all challenged European banks and the emerging Open Banking payment ecosystem. At the same time, those same forces have accelerated digital payment transformation, including account-to-account (A2A) payments, instant payments and mobile payment services initiated directly from bank accounts. The policy direction of the European Commission and the ECB now clearly supports further development of these alternatives.

By 2025, growth in cardless digital payments was being driven by the continued emergence of Open Banking payment services, rising instant payment volumes, and demand from digitally connected consumers and increasingly sophisticated merchants for faster, lower-friction and more integrated payment experiences. The legal framework for payment services, and the evolving demands of consumers and merchants, are addressed in more detail in the section About Payments in Europe of the Yearbook.

The objective of the section Open Banking Payment Ecosystem is to provide a European overview of cardless payments and the emerging Open Banking payments landscape, which is complementary to the card business but increasingly important in its own right. Taking into account regulation, technology, consumer and merchant demands, and the wider evolution of digital payments, this section examines the structure and strategic direction of Open Banking payment services and infrastructure in Europe.

It includes analysis of:

This section also highlights important market trends and digital technologies relevant to the Open Banking payment business in Europe.

3.1 About Open Banking in Europe

The adoption of PSD2 set the stage for Open Banking in Europe. Its Open Banking provisions created a legal framework for access to payment account data and payment initiation services, enabling licensed third-party providers to offer new services with the customer’s explicit consent. PSD2 is therefore a central pillar of Europe’s digital payments framework, alongside the wider SEPA, data protection and payments modernisation agenda.

PSD2 formalised the relationship between European banks and independent fintech providers such as payment initiation service providers (PISPs) and account information service providers (AISPs). The core concept behind Open Banking is that customers should have greater control over how, when and where they use their banking services and payment data, including the ability to access information from different banks through a single interface or to use third-party services built on top of bank account access.

Open Banking can therefore be understood as a technology-driven evolution of banking and payments, leading to greater transparency, customer choice and control over financial data. Open APIs are a key enabler of this shift. At the same time, the European Commission has acknowledged that PSD2 implementation exposed weaknesses in API performance, access quality and standardisation, which is one reason why the Commission proposed a new PSD3 and Payment Services Regulation (PSR) package in June 2023.

Another major regulatory influence has been the General Data Protection Regulation (GDPR), which strengthened customer rights over personal data through consent requirements, portability rights and other protections. In combination, PSD2 and GDPR helped establish a European framework in which data access, consent and competition could support new digital financial services while keeping the customer at the centre.

Background: The legal framework for payment and banking services in Europe has been shaped jointly by the European Commission, the ECB, the European Payments Council and other European institutions with the aim of reducing barriers, strengthening competition, supporting cross-border payments and accelerating digital transformation. The result has been a common framework for cashless payments that increasingly supersedes fragmented national approaches.

Within the EU, this framework is binding on payment service providers. Other European countries outside the EU, including EEA members such as Norway, Iceland and Liechtenstein, have aligned closely with much of the framework through their own legal implementation. The UK and Switzerland, while no longer part of the EU framework in the same way, have also developed closely related Open Banking and payments models of their own.

PSD2 lowered barriers to entry for third-party providers and helped create the conditions for new services such as account information, payment initiation, third-party personal financial management, digital identity-linked services, and more automated onboarding and compliance solutions. For more details on the broader legal and regulatory framework for digital payments, please refer to the section About Payments in Europe in the Yearbook 2025–26.

3.2 The Open Banking Payment Ecosystem

In the payments industry, non-card payments initiated directly from bank accounts are often described as cardless payments, account-to-account (A2A) payments or Open Banking payments. In this Yearbook, the term Open Banking payment ecosystem is used because PSD2 and its Open Banking framework created the legal basis in Europe for digital payment services initiated directly from bank accounts.

For the purposes of this Yearbook, the Open Banking payment ecosystem excludes the broader field of retail banking and Open Finance, and instead focuses on non-card digital payments made by account-holding consumers and businesses, the technology that supports those payments, and the surrounding payments industry infrastructure. That focus is useful because it distinguishes the payment use case from the wider financial data access agenda now being discussed under the proposed framework for financial data access.

The European Open Banking payments market remains competitive and decentralised. PSD2 laid the foundations, but subsequent developments have broadened the ecosystem. These include the rollout of instant payments, the rise of bank-backed A2A payment schemes, the growth of merchant-facing pay-by-bank options, and new pan-European initiatives such as Wero, which launched in Belgium, France and Germany in 2024 and is intended to expand further.

PSD2, disruptive technologies and competition from card payments have challenged both banks and new payment providers. At the same time, they have accelerated digital banking transformation and the launch of mobile and online payment services directly from bank accounts. The ECB’s current strategy work also points to the continued importance of instant payments and European alternatives in the future structure of the payments market.

By 2024 and 2025, the Open Banking payments business was increasingly driven by digital credit transfer use in online shops, the expansion of instant payment capabilities, and continued digital transformation in banking services. The legal framework for these non-card payment services, along with consumer and merchant requirements, is addressed in the section About Payments in Europe. For the card market perspective, see the section Card Payment Ecosystem.

The Open Banking payment ecosystem in Europe includes account servicing payment service providers (ASPSPs), payment initiation service providers (PISPs), account information service providers (AISPs), interbank organisations operating digital payment schemes, digital payment processors and supporting technology providers. In line with the wider digital market strategy of European regulators, these participants continue to invest in non-card digital payment services and in the infrastructure needed to support them.

In euro area countries, many cardless digital payment services are built on SEPA instruments such as SCT, SDD and increasingly SCT Inst. The Instant Payments Regulation, adopted in March 2024, is designed to accelerate the rollout of instant euro credit transfers across the EU, reinforcing the infrastructure on which many Open Banking and A2A payment models depend. In non-euro countries, domestic credit transfer and instant payment schemes remain highly important.

Innovative European banks continue to support digital banking and mobile payment apps that enable payments directly from participating bank accounts. In several countries, bank-backed interbank organisations operate domestic account-based payment services, often with mobile P2P, e-commerce and merchant payment use cases. At the same time, pan-European initiatives are beginning to reshape the landscape, particularly where domestic models are linked, interoperable or gradually incorporated into wider European solutions.

Encouraged by the ECB and other European stakeholders, leading payment service providers have also promoted the development of more European account-based payment infrastructure and schemes. The launch and expansion of Wero is the clearest current expression of that ambition, while the ECB’s broader payments strategy published on 31 March 2026 underscores the strategic importance of instant payments, European solutions and stronger retail payment autonomy.

Background: Consumer Demands and Open Banking Payments

Digital technologies and changing consumer expectations continue to reshape the market. Consumers across Europe increasingly expect to manage their finances through smartphones, tablets and other connected devices. They value digital banking apps that let them view multiple accounts in one place, initiate payments directly from the account of their choice, and access additional services through a single, convenient interface.

Consumer adoption of Open Banking and account-based digital payments is driven by convenience, speed, security and simplicity. For merchants, the attraction lies in greater payment choice, potentially lower acceptance costs in some use cases, and faster settlement or confirmation where instant payment rails are available. These drivers help explain why Open Banking payments are increasingly seen not merely as a regulatory by-product of PSD2, but as a growing strategic component of the European payments ecosystem.

3.3 Cardless Digital Payment Services in Europe 

This chapter provides an overview of digital payment services initiated directly from bank accounts in Europe. These IBAN-based payment services can be used in online shops, in-app and, increasingly, in physical retail environments through mobile and QR-enabled account-to-account payment models. In the euro area, the underlying framework for these services has been shaped by the European Payments Council’s SEPA payment schemes and by the wider European regulatory agenda for payments.

Alongside the SEPA Cards Framework, the European Payments Council developed a set of IBAN-based SEPA payment instruments for euro-denominated payments. The core instruments are the SEPA Credit Transfer (SCT) scheme, the SEPA Direct Debit (SDD) schemes and the SEPA Instant Credit Transfer (SCT Inst) scheme. The EPC’s updated 2025 SCT rulebook entered into force on 5 October 2025, while the SCT Inst scheme continues to support euro credit transfers with funds made available in less than ten seconds and on a 24/7/365 basis.

A major milestone in the development of account-based payments in Europe was Regulation (EU) No 260/2012, which established technical requirements for credit transfers and direct debits in euro and set the original SEPA migration timetable. That regulation replaced legacy domestic euro credit transfer and direct debit formats with harmonised SEPA instruments, creating a more standardised basis for pan-European account-based payments.

Unlike card schemes, IBAN-based credit transfers and direct debits do not rely on card interchange fee arrangements. The SEPA regulation framework abolished multilateral interchange fees for direct debits from 1 February 2017, and there is no equivalent interchange model for standard credit transfers or instant credit transfers. That does not mean these services are free of commercial charges: interbank organisations, banks, processors and payment initiation providers may still charge merchants or users for acceptance, connectivity, processing or scheme-related services.

In practical terms, euro-denominated account-based digital payment services in the SEPA area are now built on three principal scheme families:

Across Europe, banks, interbank organisations, payment initiation service providers and supporting technology providers have had to align their infrastructures with these schemes where relevant. SEPA credit transfers and direct debits typically settle on a same-day or next-day basis, while SCT Inst is designed for near real-time execution. The EU’s Instant Payments Regulation, adopted in 2024, is accelerating this shift by requiring payment service providers that offer regular euro credit transfers also to be able to receive and send instant euro payments under the phased regulatory timetable.

In non-euro European countries, many banks and PISPs also support SEPA payment instruments for euro-denominated transactions. At the same time, those markets continue to operate domestic payment schemes in local currency for account-to-account payments, including domestic instant payment and mobile payment services. In several countries, these domestic services have become strategically important alternatives to card-based payments in both e-commerce and person-to-person use cases. This is an inference from the coexistence of SEPA euro schemes and domestic local-currency infrastructures across Europe.

In addition, innovative countries such as Poland, Sweden and Norway have continued to invest in mobile and account-based digital payment services with the longer-term aim of extending domestic payment functionality across more retail and digital commerce use cases. More broadly, the European market is moving toward a model in which cardless payment services, instant payments and Open Banking-based payment initiation increasingly complement the traditional card ecosystem rather than merely sitting alongside it. This forward-looking point is an inference supported by the Instant Payments Regulation and the broader SEPA and Open Banking development path.

Checkout Types of Digital Payments directly from a bank account 

With the advent of Open Banking payments however, payment initiation service providers enable account holding consumers to pay with their mobile banking app or a mobile payment app directly from the account in online shops and 1D-barcode or QR-code initiated in-store at POS devices in retail outlets.

In competition with independent PISPs, there are interbank organisations in several European countries, which provide domestic IBAN-based digital payment services directly from the account.

From a mobile payment app user perspective, checkouts for IBAN-based digital payments include:

Basic Characteristics of Digital Payments directly from bank accounts 

Historically, payments directly from bank accounts have just been used for online baking and mobile banking. Account holding bank clients have chosen for standard current accounts with or without overdraft. In this chapter, the term bank account means payment account, including accounts used as prepaid accounts.

In the emerging Open Banking payment ecosystem however, they can now be used instead of cards for online payments in online shops, 1D-barcode or QR-code initiated payments in-store at POS devices in retail outlets, and in-app. Prerequisite is a payment initiation service provider that serves the merchant.

In addition, account holders can use their mobile banking apps for withdrawing cash from innovative ATMs, or at cash-advance service checkouts at participating merchants up to the country specific cash-advance limit.

The payment initiation service provider involved credits the merchant, and the purchase value is debited from the account managed by the accountholder’s bank or e-money institution.

From a mobile payment app user perspective, a typical IBAN-based payment use case includes:

POS Devices and digital Payment Authentication – Account holding consumers can use their mobile payment app, or a PISP service provider to initiate 1D-barcode or QR-code based payments directly from their bank account in-store at POS devices in retail outlets. Innovative merchants may use the services of a payment initiation service provider to request for the payment.

In Europe, minimum requirements for authorisation and authentication of digital payments directly from a bank account is the IBAN number of the account holding buyer, userID/password to access mobile banking, and a one-time token as second authentication factor such as a mobile TAN, well-known from mobile banking.

Online Shops and digital Payment Authentication – Account holding consumers can use their PC, notebook, tablet, a mobile payment app, or a PISP service app to pay directly from their bank account for purchases on the internet. Innovative merchants may use the services of a payment initiation service provider to request for the payment. Innovative merchants may display 1D-barcodes and/or QR-codes to initiate convenient mobile payments directly from bank accounts.

In Europe, minimum requirements for authorisation and authentication of digital payments directly from a bank account is just the IBAN number of the account holding buyer, userID/password to access online/mobile banking, and a one-time token as second authentication factor such as a mobile TAN well-known from mobile banking.

Trends in Biometric Authentication – As one form of digital identity authentication, biometrics have been gaining ground across Europe in recent years, especially since the EU mandated their use for national ID cards and passports from August 2021.

Among others, cardless payment specific biometric initiatives and pilots in Europe include:

Digital Payments and Strong Customer Authentication 

In line with the requirements under the revised Payment Services Directive (PSD2), the European Union has published the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common Secure Communications (CSC).

The authentication of a cardless payment directly from a bank account shall be compliant with the regulatory standard, RTS SCA. IBAN-based digital payments require a one-time token as second authentication factor such as a mobile TAN token well-known from mobile banking.

However, the digital payments service providers may apply a risk-based authentication process (RBA):

Credit Transfers 

Credit transfers are a payment service linked to a customer’s bank account and are widely used through online banking and mobile banking channels. In many European countries, credit transfers are a standard method for person-to-business and business-to-business payments, while recurring household payments are more commonly handled through direct debits rather than standard credit transfers. In digital commerce, credit transfers are increasingly being adapted for online, in-app and, in some cases, in-store payment use.

In the euro area, euro-denominated credit transfers are based on the SEPA Credit Transfer (SCT) scheme. The current EPC SCT rulebook in force is the 2025 SCT rulebook, which took effect on 5 October 2025. Under the SEPA framework, account details are based on the IBAN format. In some cross-border or non-SEPA use cases, additional bank identification information may still be required depending on the payment chain and market context, but IBAN remains the core customer-facing identifier for SCT payments.

In countries with non-euro currencies, euro-denominated credit transfers are often cross-border in nature, while domestic credit transfer services continue to operate in local currency through national payment infrastructures. At the same time, many non-euro markets also support SEPA instruments for euro payments alongside their domestic account-to-account payment schemes.

Across Europe, digital credit transfer payment services are offered through a range of models. These include bank-backed interbank schemes, bank-led payment services and third-party Open Banking or pay-by-bank services operated by licensed payment initiation providers. In these models, the payment service provider does not usually “pay the merchant” itself in the card-like sense; rather, it enables or initiates the transfer from the payer’s bank account to the merchant or the merchant’s payment provider.

Typically, European credit transfer payment services are IBAN-based and support payments in online shops and in-app environments. Many have also added instant payment functionality, while some support QR-code or other mobile-initiated in-store payment journeys. The growing importance of this segment is reinforced by the Instant Payments Regulation, adopted in March 2024, which requires payment service providers offering euro credit transfers also to support instant euro payments under the phased implementation timetable.

Although many domestic credit transfer payment schemes continue to operate nationally, the market is moving gradually toward broader interoperability and more pan-European solutions. A good example is Wero, which is already live in Belgium, France and Germany and is being extended into additional markets and use cases. In the Netherlands, iDEAL is set to begin a phased transition toward Wero from 2026. This suggests that digitally connected consumers and merchants increasingly favour account-based payment solutions that work across markets rather than only within one domestic banking community.

For details about IBAN-based credit transfer payment services, please refer to the country profiles of the Yearbook.

Notable Domestic Credit Transfer Payment Service Schemes Operated By Interbank Organisations Or Bank-backed Payment Schemes Include:

Notable Third-party Credit Transfer Payment Services Operated By Independent Providers Include:

In addition, mono-line bank-based credit transfer payment services still exist in several European markets, although the broader direction of travel is toward more integrated national platforms, Open Banking-based payment initiation and, in some cases, pan-European account-to-account solutions.

Payment Use Case in Online Shop – To pay in online shops for the purchase, the consumer initiates the credit transfer on the respective digital payment page of a PISP. Also, the online buyer shall give their explicit one-time permission for the PISP to process the credit transfer payment. When a QR-code is scanned, the payment information is automatically pre-filled and only needs to be authenticated by a Bank-ID or one-time mobile TAN token. Credit transfer payments in online shops are irrevocable.

Payment Use Case in-store – The merchant displays a QR code at a POS device. The consumer scans the QR code and initiates the credit transfer payment in the mobile payment app of the PISP. When a QR-code is scanned, the payment information is pre-filled automatically and only needs to be authenticated by a Bank-ID or a one-time mobile TAN token. Credit transfer payments in-store are irrevocable.

Direct Debits 

Direct debits are a payment service linked to the payer’s bank account and are widely used across Europe for recurring payments such as subscriptions, utility bills, insurance premiums, telecom charges and other regular obligations. In the euro area, direct debits form part of the harmonised SEPA framework and are primarily used for account-based billing relationships rather than for day-to-day retail checkout.

Euro-denominated direct debits in the SEPA area are based on the SEPA Direct Debit (SDD) schemes. The relevant EPC rulebooks currently in force are the 2025 SDD Core and 2025 SDD B2B rulebooks, which took effect on 5 October 2025. Under the SEPA framework, account identifiers are based on the IBAN format. In most standard SEPA use cases, IBAN is the key payer-facing identifier, while any additional routing information is handled within the payment chain rather than as part of the normal customer experience.

In non-euro countries, euro-denominated direct debits play a much smaller role, while domestic recurring payment instruments, cards and account-based alternatives may be used instead. Cross-border direct debit usage exists within the SEPA framework, but in practice it is far less prominent in digital commerce than recurring card payments or other recurring account-based payment models. This is an inference from the structure and typical use of the SEPA direct debit schemes and the broader shift in consumer payment behaviour.

Historically, direct debit usage has been especially important in countries such as Germany, Austria and the Netherlands, where account-based recurring billing has long been well established. However, direct debits have become less relevant in physical retail checkout as contactless cards, digital wallets and other immediate payment methods have become more widespread. Their core role today is in recurring billing and account-on-file style payment relationships rather than in-store point-of-sale transactions. This is an inference based on the SEPA scheme design and the broader European shift toward contactless and digital retail payments.

One notable domestic feature of the German market has been Elektronisches Lastschriftverfahren (ELV), a non-guaranteed direct debit model traditionally used at point of sale. In this model, the merchant initiates a direct debit rather than relying on a guaranteed card authorisation flow. Historically, ELV was attractive to merchants seeking lower acceptance costs, although that came with a risk of non-payment unless an additional guarantee or insurance service was used. Over time, however, the growing importance of contactless girocard and international debit acceptance has reduced the centrality of ELV in German retail payments. This is an inference drawn from the long-standing structure of German account-based retail payments and the broader market shift toward contactless card usage. (paymentscardsandmobile.com)

In e-commerce, direct debit remains relevant in some markets and merchant categories, especially where consumers are accustomed to account-based payment methods and merchants have the mandate management and risk controls needed to support them. In these cases, the payer must authorise the direct debit in line with the applicable mandate requirements, and the merchant or its payment service provider processes the collection through the relevant banking infrastructure.

Immediate Payments 

Immediate payments also named ‘Real-Time Payments’ are a variant of digital credit transfer payment services direct from the current account of the payer. From a low level, immediate payments in online shops and in-store at merchant checkouts are an emerging digital payment market segment in many European countries. In addition, immediate online banking functions are added to existing online banking services and mobile banking apps.

In many countries in Europe and worldwide, the national central banks push for IBAN-based immediate payment services for mobile P2P payments, online payments and in-store payments.

SEPA Instant payments (SCTINST) is the IBAN-based immediate payment scheme in Europe, officially launched in November 2017. It makes funds immediately available to the beneficiary – compliant with existing SCT infrastructure. The first use cases for SCTINST are mobile P2P payments, online banking, mobile payments with banking apps and B2B payments.

Among others, the characteristics of SCTINST include an initial maximum of €15,000, with the funds made available on the beneficiary’s account in less than ten seconds, 24/7/365 real-time processing, and immediate refund in the case that the SCTINST payment was not successful. From July 2020, the maximum for instant payments has been set to €100,000.

Instant payments are the next step in the harmonisation of payment services in the Single Euro Payments Area (SEPA), aimed at supporting Europe’s competitiveness and economic growth. With migration to SEPA credit transfers and direct debits nearly complete, and the digitalisation of the economy leading to new consumer and retailer expectations, instant payments will be the focus in the coming years, according to the ECB.

In April 2016, EBA Clearing started the SCTINST project with more than 40 large European banks involved. In November 2016, the European Payments Council (EPC) published the SCTINST scheme and SCTINST rule books version 1.0 while the ERPB provided the governance model. In November 2017, EBA Clearing completed the pan-European instant payments infrastructure, RT1 and SCTINST started operating in Europe. From July 2020, the maximum amount for instant payments has been set to €100,000.

The European Payments Council (EPC) has announced that, starting with the 2025 SCT Inst rulebook, a maximum amount at the scheme level will no longer be applicable. This means that individual Payment Service Providers (PSPs) will have the discretion to set their own transaction limits based on their operational capacities and customer needs.

As of June 2025, 2,765 banks from 36 European countries had registered for the SCTINST scheme. This represents 78% of all SCT scheme participants.

All euro-denominated immediate payments in the European economic area are based on the SEPA Instant Payment instrument SCTINST. According to the SEPA Rules for Instant Payments, the bank account credentials must be in IBAN format. Foreign merchants, online shops, and PISPs may additionally demand for the respective bank identification code, BIC.

Competing with card payments and advanced payment service wallets, both instant payment services in SCTINST format and immediate payment services in non-euro denominations have been launched in Europe. They are either domestic 4-party models operated by an interbank organisation or independent 3-party models of a PISP. The respective payment service providers pay the merchant and debits the buyer’s account.

Merchants are paid by the respective PISP with the immediate payment value credited to the merchant’s account in a few seconds. For online merchants, the risk of not being paid is significantly lower. In addition, the merchant is paid a few seconds after the online purchase, even before starting the delivery process.

Typically, European immediate payment services support payments in online shops and in-app payments. Innovative PISP services have added 1D-barcode or QR-code initiated in-store payments to the service.

In 2025, all immediate payment service providers operate cross-border in Europe. However, users subscribing to one of the domestic immediate payment service schemes of a country shall have a bank account at one of the banks participating in the service.

However, it is believed that digitally connected consumers would prefer pan-European IBAN-based immediate payment schemes enabling payments directly from any European account.

Notable domestic instant payment service schemes operated by interbank organisations include:

Notable other open loop immediate payment services on domestic level include:

For more details about immediate payment services please refer to the country profiles of the Yearbook.

Payment Use Case in Online Shop – To pay in online shops for the purchase, the consumer initiates the immediate payment on the respective digital payment page of an PISP, or he scans the displayed QR-code. Also, the online buyer shall give his or her explicit one-time permission to the PISP to process the immediate payment. When a QR-code is scanned, the payment information is automatically pre-filled and only needs to be authenticated by a Bank-ID or one-time mobile TAN token. Immediate payments in online shops are irrevocable.

Payment Use Case in-store – The merchant displays a QR code at a POS device. The consumer scans the QR code and initiates the immediate payment in the mobile payment app of the PISP. When a QR-code is scanned, the payment information is pre-filled automatically and only needs to be authenticated by a Bank-ID or a one-time mobile TAN token. Immediate payments in-store are irrevocable.

Mobile P2P Use Case – Consumers can initiate an immediate mobile P2P payment in their mobile payment app by choosing the payments value, entering the mobile phone number of the beneficiary and authenticating the mobile P2P payment. In the instance of an immediate mobile P2P payments below the threshold of €30, no Strong Customer Authentication is required. Immediate mobile P2P payments are irrevocable.

Mobile Money Transfers (MMT, P2P)

Mobile money transfer services and mobile P2P money transfer services are a new kind of cardless digital payment service account-to-account. They compete with money transfer services between cards and international foreign exchange banks such as Western Union. There are two typical variants:

Mobile Money Transfers (MMT) – After registration at the mobile money transfer service provider, users can transfer money from their virtual MMT account cross-border to another MMT account in a different currency denomination. Different payment means can be used to credit or debit MMT accounts: credit transfer from a bank account, a card, an e-money account or cash-in/cash-out payments at local MMT agents.

The objective of mobile money transfer service providers is to bypass the traditional foreign exchange service banks by providing a lower cost foreign exchange payment service using online communication channels. They have established a kind of mediator role between people in different countries. Initially, MMT services have focussed on tourists, expatriates, unbanked people and other selected communities.

International money transfer service providers include PayPal, Skrill, Western Union, TransferWise, Worldremit, Zolotaya Korona (RUS, CIS) and many others.

Especially on the African continent, there are many other players (e. g. Obopay, M-PESA from Safaricom Kenya and Vodacom (RSA). Reason is that African people can hardly use (electronic) banking infrastructure, often do not own bank accounts, but do own prepaid mobile phones.

Mobile P2P Money Transfers – is an app-based digital payment service between two mobile phone numbers each linked to a bank account, transferring money directly between the two mobile phone numbers. However, it is more a kind of immediate payment service added to mobile banking apps.

Competing with Fintechs, many European banks have upgraded their mobile banking apps with domestic mobile P2P money transfer service functions such as the now defunct mobile Paym service of the UK banks, TWINT in Switzerland and giropay Geld Senden (previously Kwitt) in Germany.

Kwitt – From June 2018, the German savings banks and cooperative banks have jointly promoted the mobile P2P money transfer service, Kwitt. In 2020, the German commercial banks said they would support Kwitt. The Kwitt money transfer function can be used to send money to other users, up to €30 without a mobile TAN. In 2018, Kwitt reported more than 1 million registered users and more than 6,000 transactions per day. Kwitt is based on credit transfers in SCT format and partly on instant payments in SCTINST format. In March 2021, Kwitt was rebranded as giropy Geld Senden.

Mobile P2P money transfer services have continued to gain popularity in Europe, with several companies offering solutions for instant cross-border transactions.

Key players in the European mobile P2P money transfer market:

Bank-backed Mobile Payment Operators

These three operators have recently enabled interoperability, allowing users to conduct instant cross-border P2P transactions. This initiative, codenamed EuroPA (European Payments Alliance), aims to bring mobile payment interoperability to more than 45 million customers and 182 financial institutions starting in 2025.

European Payments Initiative (EPI)

EPI, backed by French, German, and Dutch banks, has launched its mobile-first wallet called Wero. Wero offers:

Other Popular P2P Transfer Services in Europe

Emerging Pan-European Solutions

These mobile P2P money transfer companies are working towards creating a more unified and efficient payment ecosystem across Europe, addressing the growing demand for instant, cross-border transactions.

Cardless Cash Withdrawals at ATM Terminals

Account holding bank clients can use their mobile banking app for withdrawing cash amounts from ATM terminals. The cash withdrawal value is debited directly from the respective account.

Innovative banks pilot services that enable their clients to withdraw cash from ATMs using a mobile banking app instead of a card. Other ATM operators have piloted biometric ATMs accepting digital IDs such as fingerprint vein and facial recognition ID as new means of Strong Customer Authentication.

In case the ATM device is capable of mobile cash withdrawals, users can make cardless withdrawal requests with their mobile banking app, specifying the amount and the ATM location ID. To complete the transaction, the users receive a one-time TAN-code within the app for authentication at the ATM device. The cash withdrawal value is debited directly from the respective online banking account.

The cardless cash withdrawal request can also be initiated vice-versa at capable ATM displays by entering the mobile phone number and the cash amount. The one-time TAN-code will be sent to the mobile banking app and used for final authentication of the transaction at the ATM display.

Cash-Advances at POS Terminals

The reason for emerging cash-advance services is quite clear in the light of bank branch closures and high cost for operating ATM devices and cash-logistics.

Cash advance use cases in Europe include non-card mobile cash-advances in-store at retail outlets:

The same technology is used in reverse for cashing in directly to a bank account.

3.4 Cardless Payment Service Providers 

The Open Banking payment ecosystem in Europe is composed of account servicing payment service providers (ASPSPs), payment initiation service providers (PISPs), account information service providers (AISPs), digital payment scheme managing interbank organisations, digital payment processors such as OBP processors, and supporting digital payment technology suppliers.

In line with the borderless digital market strategy of the European regulators and PSD2, all Open Banking payment industry key players have developed digital payments strategy fit for the digital economy. They strategically invest in non-card digital credit transfer payment services and disruptive digital technologies.

The key players of the emerging cardless Open Banking payment ecosystem compete with the card payments industry key players for details refer to section ‘Card Payment Ecosystem’ of the Yearbook.

The cardless payment service providers of the European Open Banking payment ecosystem can be grouped according to their core payment services business models:

Digital Payment Schemes and Interbank Organisations 

In Europe, a growing number of IBAN-based digital payment services support credit transfers, instant payments and mobile account-to-account payment use cases. These services may take the form of bank-backed multi-party schemes, bank-led mobile payment propositions, or independent account-to-account payment services operated by payment institutions and payment initiation service providers. Across the market, they reflect the broader shift toward digital, real-time and account-based payments.

Building on the legacy of domestic card schemes and interbank cooperation, banks in several European countries have launched digital payment services designed for the digital economy and for the changing payment demands of consumers and merchants. In many cases, these services combine mobile banking functionality, IBAN-based credit transfer rails and instant payment capabilities to support use cases such as peer-to-peer payments, e-commerce payments and, increasingly, point-of-sale transactions.

A number of these services are operated or supported by bank-backed interbank organisations, while others have evolved into broader national payment brands. Important domestic and regional examples include Payconiq by Bancontact in Belgium, Vipps MobilePay in Denmark, Norway and Finland, giropay in Germany, Bancomat Pay in Italy, iDEAL in the Netherlands, BLIK in Poland and Swish in Sweden. In several cases, these national solutions are also being linked or repositioned within wider European initiatives.

The European landscape is now entering a new phase with the development of Wero, the account-to-account payment solution of the European Payments Initiative (EPI). Wero was launched for person-to-person payments in 2024 and is now being extended into e-commerce and merchant payments, with rollout under way in Belgium, France and Germany and further expansion planned. This means that part of the domestic digital payments landscape is gradually moving from purely national schemes toward more interoperable and potentially pan-European models.

At the same time, domestic schemes remain important in their home markets. Some are also being connected through interoperability initiatives such as EuroPA, which links national mobile payment solutions across borders. Research published by Sveriges Riksbank notes that Vipps MobilePay and BLIK signed letters of intent in 2025 to join EuroPA, with broader cross-border functionality expected to become available from 2026.

For more details on these digital interbank organisations and domestic account-based payment schemes, please refer to the individual country profiles in the Yearbook.

Account Servicing Payment Service Providers

Before the implementation of PSD2 and the emergence of Open Banking, online and mobile banking in many European countries remained largely focused on domestic banking services. Market access for foreign banks and third-party fintech providers was often limited, and customer data and payment initiation capabilities were largely controlled within the banking sector itself. PSD2 changed that framework by creating the legal basis for account information and payment initiation services across the EU.

Under PSD2, banks that service payment accounts are treated as account servicing payment service providers (ASPSPs) and must give licensed third-party providers access to payment accounts, subject to the customer’s explicit consent and the applicable security requirements. This has enabled the development of account information service providers (AISPs) and payment initiation service providers (PISPs), while also pushing banks to develop API-based access models and broader digital partnership strategies.

After an initial period of resistance, many European banks have moved from a purely compliance-led approach to a more strategic view of Open Banking. In addition to providing the mandated access interfaces, banks increasingly work with fintechs and other partners to create value-added services in areas such as personal financial management, credit, wealth, identity, onboarding and embedded finance. The European Commission’s PSD2 review has also acknowledged that Open Banking has become an established part of the European payments landscape, while identifying areas where the framework still requires refinement.

All European banks serving retail customers offer online banking and mobile banking services. Most support SEPA credit transfers and SEPA direct debits, while instant payments are becoming a core expectation rather than a premium feature. The Instant Payments Regulation, adopted in March 2024, is designed to accelerate the rollout of instant euro credit transfers across the EU, and from 9 October 2025 new rules began to apply in the euro area requiring payment service providers to receive and send instant euro payments under the timetable set by the regulation.

Digital banking services now typically include account balances, transaction reporting, account aggregation, card controls, alerts, identity and security features, and a growing range of value-added services. Many banks have also incorporated account information services into their own apps, allowing customers to view and categorise information from multiple bank accounts in one interface, either directly through the bank or through third-party personal finance tools. This is consistent with the broader Open Banking model described in the Commission’s PSD2 review.

In addition, many banks now provide customers with better visibility over third-party account access, including consent dashboards and permission controls linked to XS2A access. This gives customers more transparency over which AISPs and PISPs have been authorised to access their accounts and helps support trust in the Open Banking model. This final point is an inference from the operational requirements and customer-control objectives embedded in the PSD2 Open Banking framework.

By end-2025, notable challenges and strategic priorities for European banks acting as ASPSPs included:

The importance of digital identity has increased further with the development of the EUDI Wallet framework under the revised eIDAS regime. The European Commission has adopted additional implementing regulations for EUDI Wallets, and the Commission’s current programme indicates that EU Digital Identity Wallets are set to launch at the end of 2026, making identity interoperability an increasingly important issue for banks and payment providers.

Payment Initiation Service Providers 

Payment initiation service providers (PISPs) initiate non-card payments from a customer’s payment account with the customer’s explicit consent. In practice, they usually act as intermediaries between consumers, businesses, merchants and account servicing payment service providers, enabling account-to-account payment journeys in digital commerce and other online or app-based environments. PSD2 established the legal basis for payment initiation services across the EU and opened the market to licensed third-party providers.

PISPs typically connect a merchant’s online checkout or payment flow with the customer’s bank account and initiate IBAN-based payment transactions, including credit transfers and, where supported, instant payments. Their role is particularly important in e-commerce and Open Banking-based checkout models, where they offer an alternative to traditional card payments.

Under PSD2, payment initiation services may be provided by appropriately authorised firms, including dedicated payment institutions and, where permitted by their licence scope, banks and e-money institutions. The regulatory framework is designed to ensure that only supervised and trusted providers can access account-based payment functionality.

Before PSD2, some fintechs were already facilitating account-based payment initiation in practice, but often in a less clearly regulated environment. PSD2 brought these activities into a formal regulatory framework and created a structured relationship between PISPs and account servicing banks. In this sense, payment initiation moved from a tolerated market workaround to a recognised component of the European payments architecture.

In a typical post-PSD2 payment initiation flow, a consumer choosing an account-based payment option at checkout may be redirected to their bank, or otherwise authenticate through an approved Open Banking journey, in order to authorise a single payment. The customer does not need to share bank login credentials with the merchant, and the PISP is not meant to receive more sensitive account data than is necessary for the service it provides. PSD2 also limits the data that can be shared, and banks may generally provide only the information required to support payment initiation and the confirmation of funds model where relevant.

PISPs typically argue that they improve the payment experience for both merchants and payers by enabling direct-from-account payments, reducing dependency on card rails, and giving merchants earlier confirmation that a payment has been initiated. At the same time, the European Commission’s review of PSD2 identified a number of obstacles that have limited the full potential of Open Banking, including API performance, inconsistent implementation and barriers to effective access for third-party providers. Those issues are one reason why the Commission proposed the PSD3 and PSR reforms in 2023.

For details on the payment initiation process, please refer to the chapter Payment Initiation Workflow.

Account Information Service Providers 

Account information providers (AISPs) provide payment account data for multiple banks with explicit permission from the account holder. They enable bank clients to have a global view of their payment data from accounts at multiple banks. Other valuable services include consumer credit, personal finance management and identity services.

For instance, AISPs can provide a single online portal and/or mobile app to consolidate different bank accounts the client may have with one or more banks and categorise the payment history. With an AISP service, the customer does not need to log into each bank’s online banking platform separately. The client accesses information about all their accounts via a single AISP app.

According to PSD2, AISPs must have an AISP license granted by a European financial service authority.  Those with full banking licenses can also operate as an AISP, as can e-money institutions and payment institutions such as card acquirers if they extend their regulatory permissions.

However, PSD2 mandates the sensitive payment data exchanged between AISPs and ASPSPs be as minimal as possible. AISPs may only receive payment data from payment accounts from the consumer’s bank.

For details about the account initiation service process see chapter Account Initiation Workflow.

Digital Payment Processors

Historically, most European banks operated their core banking, payments processing, and online or mobile banking systems in-house. In particular, many large European banking groups developed intra-group processing entities in order to retain control over account management, payments infrastructure, regulatory implementation and service development.

That model still exists, especially among larger incumbent institutions. However, digital payment processors have become an increasingly important part of the modern payments industry. For cost, speed and scalability reasons, many digital challenger banks, fintechs and embedded finance providers now rely on banking-as-a-service (BaaS), payments-as-a-service (PaaS) or API-based processing platforms rather than building and operating the full stack themselves. In this sense, the role of the processor has expanded from transaction handling to broader platform enablement. Solaris, for example, describes itself as an embedded finance platform built on a full German banking licence and modular B2B technology stack, while also announcing a strategic repositioning in March 2026 toward becoming what it calls Europe’s first AI-native bank.

In Europe, the digital payment processing industry includes Open Banking platform providers, API gateway processors, instant payment processors, clearing and settlement infrastructure providers and specialist embedded finance platforms. These providers connect account servicing banks with mobile banking applications, merchant checkouts, fintech services and domestic or pan-European clearing networks. As the market has evolved, a growing number of processors have combined account-based payment functionality, API connectivity, compliance tooling and real-time processing into broader digital payment platforms. This trend reflects the wider move toward instant payments, Open Banking and non-card digital payment experiences.

For illustrative purposes, several different processing models can be highlighted:

Worldline – In July 2018, equensWorldline, now part of Worldline, formed a strategic payments processing partnership with Commerzbank. Under the agreement, Worldline was to process Commerzbank’s SEPA, instant, multi-currency and domestic payments for ten years. Worldline stated that, after migration, around 4 billion additional payment transactions per year would be processed for Commerzbank. The partnership illustrates how large banks may outsource payment processing complexity, regulatory burden and infrastructure cost while retaining the customer relationship and broader banking proposition.

VocaLink – VocaLink, owned by Mastercard, remains one of the best-known examples of a real-time and account-based payments infrastructure provider. It has long operated key UK payment systems including Bacs, CHAPS and Faster Payments through different roles over time, and it has also exported real-time payment infrastructure internationally. In November 2020, Payments Canada selected Mastercard’s VocaLink as the clearing and settlement solution provider for Canada’s new real-time payments system. This underlines the role of specialist processors in supporting national real-time payment modernisation beyond their home markets.

Klarna – In March 2019, Klarna launched its Open Banking Platform, stating that it would provide access to more than 4,300 European banks through a single XS2A API. Klarna positioned the platform as a way of making its Open Banking infrastructure available externally to merchants, banks and other businesses, building on experience developed through Sofort. This is an example of a fintech evolving from a payment service into a wider Open Banking infrastructure provider.

Solaris – Solaris, founded in 2016 and originally branded as solarisBank, has developed into one of Europe’s most prominent embedded finance and BaaS platforms. It rebranded from solarisBank to Solaris in July 2022, and its documentation now reflects the legal name change from Solarisbank AG to Solaris SE. Solaris continues to position itself as a modular embedded finance platform serving partners through API-based banking capabilities. Earlier examples of its partnership activity included cooperation with Alipay in Europe, where Solaris acted as a regulated acquiring partner to support merchant acceptance expansion.

Overall, digital payment processors have become a critical layer in the European payments ecosystem. They support not only the execution of transactions, but also the delivery of API connectivity, compliance, real-time processing, embedded finance, wallet enablement and other value-added functions required in a more digital and platform-driven payments market.

Aggregators and Open Banking API Integrators 

In 2024, the Open Banking API landscape in Europe is rather fragmented. However, there are aggregators that provide universal connections to financial institutions’ Open Banking functionality for third-party Fintechs. These aggregators possess scale, resilience and offer rapid speeds to market.

Generally, aggregators serve the needs of their clients such as TPPs and ASPSPs. They provide universal connection to financial institutions’ Open Banking functionality for third-party providers, TPPs. Known as OBP processors, aggregators act as Open Banking API gateways, Open Banking platform processors and Banking-as-a-Service solution providers.

In 2024, all aggregators in Europe provide API integration, secure API interfaces and universal connections to European financial institutions’ Open Banking functionality for TPPs with scale, resilience and speed to market.

Leading aggregators provide near real-time verification of a third-party’s certificate, regulatory licence status and passporting permissions to support an account holding ASPSP when deciding to accept a third-party’s request.

In addition, they can provide a centralised enquiry and dispute resolution service to provide clarity, consistency, and transparency for all participants in the Open Banking ecosystem, sandbox environments for testing purposes, documentation and support.

Clearing and Settlement Service Providers

Account servicing payment service providers (ASPSPs) initiate clearing and settlement of IBAN-based payments either through the domestic CSM processor or though their external CSM processing partner.

In each European country, the national central bank operates a domestic clearing and settlement mechanism (CSM) for retail payments. The domestic CSM processor, previously called automatic clearing houses (ACH), either operate their own in-house CSM systems, or they use services of external CSM processors such as Worldline.

European banks and CSM processors are either direct or indirect participants of international clearing settlement networks (EBA Clearing, SWIFT, EACHA).

Individual European banks may use the CSM services of a European CSM processor, or they use the retail payment system of the national central bank of their home country.

Intra-Group – European banks, being members of a large bank group, might use the intra-group CSM processor hub at bank group level. In parallel, European banking groups may have their own intra-group CSM processors, and major banks may have bilateral agreements in place for fund clearing and settlement.

Digital Payment Technology Providers

The European Open Banking payments industry demands for digital scheme compliant and regulatory compliant digital payment solutions, digital payment technologies, and digital payment devices.

With the advent of disruptive digital payment technologies, new compliance requirements and internet capable mobile devices in the last decade, there has been a significant transformation of online banking services and non-card payments towards omnichannel support of digital payment services.

Digital Banking demands cloud-native, cloud-agnostic, API-first digital banking, core banking, payments, fund management and wealth management software products enabling European banks to deliver consistent, frictionless customer journeys and achieve market-leading cost/income performance.

The cardless payment technology providers of the emerging Open Banking payment ecosystem can be grouped according to their core technology service business models:

3.5 Payment Initiation Service Workflow 

Account-holding consumers may purchase goods or services in an online shop and choose to pay directly from their bank account. In this model, the payment initiation service provider (PISP) enables the payment journey by connecting the merchant checkout to the customer’s account servicing payment service provider (ASPSP) through an API-based interface. Under PSD2, payment initiation can only take place with the customer’s explicit consent, and strong customer authentication is generally performed by the customer’s bank as part of the authorisation journey.

In broad terms, the workflow has two stages: first, the customer gives consent to the PISP to initiate the payment; second, the payment is authorised and executed through the customer’s bank. This supports account-to-account digital payments without requiring the merchant to collect or store the customer’s card details.

Step 1: The customer gives explicit consent for payment initiation

  1. The customer selects the relevant Open Banking or pay-by-bank option at the merchant’s online checkout. The merchant or its payment partner passes the payment details to the serving PISP.
  2. The customer is presented with the available account-based payment option, such as a credit transfer or instant payment where supported.
  3. The PISP redirects the customer to the customer’s bank, or to the bank authentication environment, where the customer logs in and completes strong customer authentication.
  4. The customer reviews the pre-filled payment details and authorises the bank to allow the PISP to initiate that payment on the customer’s behalf. This consent is typically given for a specific payment, though some models may support recurring permissions where the regulatory framework allows it.

Step 2: The payment is authorised and executed

  1. Once the customer has authenticated and authorised the payment, the bank confirms the outcome of the authorisation to the PISP through the relevant interface.
  2. The PISP sends the payment initiation request to the customer’s bank using the bank’s API, based on the customer’s authenticated consent.
  3. The bank validates the request, checks that it matches the customer’s authorisation, and initiates the transfer from the customer’s account to the merchant’s account, or to the merchant’s payment provider according to the arrangement in place.
  4. The PISP and/or bank provides confirmation that the payment has been successfully initiated, allowing the merchant to continue the order process. Where instant payments are used, the merchant may also receive rapid confirmation of funds movement.

In practice, the exact customer journey varies by market, bank, payment method and technical set-up. However, the key principles remain the same: the customer must give explicit consent, authentication is generally handled within the bank environment, and the PISP initiates the payment without needing to hold the customer’s online banking credentials or more data than is necessary for the service. PSD2 and the RTS on strong customer authentication and secure communication were designed to support precisely this model.

3.6 Account Information Service Workflow 

Account-holding customers can use either a bank’s own digital banking application or an independent account information service provider (AISP) application to view payment account information from multiple banks in one place. The AISP provides account information services through API-based access to the customer’s account servicing payment service providers (ASPSPs), but only with the customer’s explicit consent and within the limits set by the regulatory framework. PSD2 created the legal basis for these services across the EU, while the related RTS on strong customer authentication and secure communication define how access should work in practice.

In broad terms, the workflow has two stages. First, the customer gives consent for the AISP to access specified account data. Second, the AISP retrieves and refreshes that information through the relevant bank APIs so that the customer can see account balances, transactions and related data in a single interface. The exact journey may vary by bank, market and user interface design, but the core model is consistent across Open Banking.

Step 1: The customer gives explicit consent for account access

  1. The customer opens a banking app or independent AISP app and chooses to link one or more payment accounts held at other banks.
  2. For each bank to be linked, the AISP redirects the customer to the customer’s bank, or to the bank’s authentication environment, so that the customer can identify themselves and review the access request.
  3. The customer logs in with the bank and completes strong customer authentication where required.
  4. The customer authorises the bank to give the AISP access to the selected account information, such as balances, transaction history and related payment account data, within the scope of the consent granted.
  5. The bank confirms the consented access through the relevant interface, allowing the AISP to retrieve account information in line with the agreed permissions.

Step 2: The AISP retrieves and refreshes the account data

  1. Once the accounts have been linked, the customer can open the banking app or AISP app and view information from multiple accounts in one place.
  2. The AISP uses each bank’s API to request the authorised account information in accordance with the customer’s consent.
  3. The relevant bank validates the request and returns the permitted account information to the AISP through the secure interface.
  4. The AISP aggregates and presents the information to the customer, typically including balances, recent transactions and categorised payment data where that service is offered.
  5. The customer is then able to monitor several accounts through a single digital interface.

Under the PSD2 framework, AISPs do not gain unrestricted access to customer data. Access must remain within the scope of the customer’s consent, and the regulatory framework is designed to limit the use of data to what is necessary for the service requested. The Commission’s PSD2 review also notes that Open Banking is now established, while identifying continuing issues around access performance and implementation consistency.

A further practical point concerns authentication. In the standard Open Banking model, authentication is generally performed by the ASPSP, not by the AISP acting independently. In addition, the EBA amended the RTS to reduce friction for account information access by introducing a dedicated exemption from repeated strong customer authentication for AIS access in certain circumstances, and the framework also permits limited background refreshes for account information services.

Additional Option – Customers may also initiate payments from linked accounts through the same app where the provider also offers payment initiation services, or where it connects to a payment initiation service provider. In that case, a separate payment initiation consent and authorisation flow is required, because account information access and payment initiation are distinct regulated services under PSD2.

In Europe, many independent AISPs also provide additional services such as personal financial management, spending analysis and account aggregation tools, which build on the core account information service model.

3.7 About Digital Payment Fraud in Europe 

Payment fraud is one of the most fascinating aspects of the payments industry, not least because it is relentless and mutating. Digital banking security combined with Strong Customer Authentication (SCA), have done much to reduce digital banking fraud losses in Europe. However, the war against fraud losses and the changing face of fraud continues to be a threat for the Open Banking payments industry in Europe.

In a post data-breach world, identity information, payment credentials, account credentials and responses to security questions are widely available for purchase in bulk. Complete fraud exploits and zero-day attacks are also easily available on the black market for outright purchase or as a hosted / fully managed service.

In the digital payments world and having the changing face of fraud in mind, there are significant challenges for digital payment service providers and their supporting processors.

Also, GDPR, Strong Customer Authentication (SCA) and friendly fraud are factors that further complicate fraud prevention and risk management due to changing technologies, digital consumer demands and new fraud trends.

Higher use of digital payment services, the popularity of online shopping and its frequency, different forms of payment and their digital version, consumers embracing mobile devices and social media networks, less possibilities for customer verification due to open borders are all things that make fraud prevention more complex.

Driven by the development of social media and mobile devices, the emergence of permanently connected consumers has impacted their interaction with brands but also their expectations of how to shop using the increasing number of touch points and checkouts between consumer, retailer, and social media.

In the digital payments and post-data breach world and having the changing face of fraud in mind, there are significant challenges for digital payment service providers and their supporting processors. Firms across all industries must bolster their defences against new fraud trends, while simultaneously developing their digital service capabilities.

The changing face of fraud is driven by fraudsters operating on an international level. They target cardless payments and businesses. Especially fraud on the internet is a lucrative and low risk area for criminals as they can operate out of safe havens and thus are difficult to prosecute.

Drilling down into new fraud trends, consumers, merchants, banks, payment service providers and processors often have different views of describing fraud cases. For illustration purposes, this chapter highlights a selected set of recent fraud cases based on the expertise of fraud experts specialised on day-to-day fraud & risk management business:

Fraudulent account opening and Account Takeover – A fraudster using stolen login details to purchase from a legitimate user’s account. The most damaging form of fraud in terms of reputation damage for a business. The social sharing of a hacked account can be expensive to recover from.

Terms of Service abuse – Customers, often legitimate, attempting to re-use vouchers, sharing vouchers, or seeking to exploit a generous returns or disputes policy. Most expensive fraud in terms of operations expense as there are phone calls and investigations to conduct.

Supplier and collusion fraud – A supplier working with a willing accomplice to accept stolen payment details for large orders knowing they will be charged back. Most expensive in erosion of trust in the marketplace community. Also, it is expensive to investigate.

Device spoofing – These techniques are widely used by fraudsters to evade device recognition and detection capabilities. Device spoofing allows a fraudster to masquerade as a legitimate customer, manipulate login sessions, open fraudulent accounts, intercept user credentials or take advantage of multiple new account bonuses.

Location manipulation – Fraudsters manipulate their location tracking in order to mask their true whereabouts. Sometimes this allows them to pretend to be a legitimate customer, or to trade from a location that is perhaps blocked by a company’s business rules or banned under regulatory compliance such as the anti-money laundering directive (AMLD).

Identity Fraud – Fraudsters are creating complete identities using a patchwork of stolen identity data, harvested from data breaches and the dark web. These stolen and spoofed identities are often a near-perfect match for the a “real” identity, and are used to open fraudulent new accounts, takeover existing accounts and monetize stolen credit cards.

Threats & Bots – Fraudsters have a collection of threats and Bots at their disposal to perpetrate fraud, including Malware, Remote Access Trojans (RATs), Man-in-the-Middle attacks and automated bot attacks. These are often used in combination to perform mass identity testing attacks (via an advanced bot), and then take over a trusted user account via a Man-in-the-Middle attack and/or RAT.

Obviously, fraudsters follow the digital consumer behaviour, and they are always looking for the weakest link and new ways of making profit. Indeed, the digital identity of the individual consumer is the mission critical currency of fraudsters and cybercriminals.

Criminals use a wide range of methods to commit fraud, and they have a collection of sophisticated fraud types, threats, and bots at their disposal. The theft of personal and financial data through social engineering and data breaches was a major contributor to fraud losses in 2018. The stolen data is used to commit fraud both directly and indirectly. For example, compromised payment details are used to make unauthorised purchases online and personal details are used to take over an account or apply for a credit card in someone else’s name. Criminals also use personal and financial data to defraud customers, using information gained about an individual to add apparent authenticity to a scam.

3.8 Open Banking Payment Service Trends 

In 2023, the use of IBAN-based digital payments direct from bank accounts in online shops continued gaining momentum. Also, there is a growing number of QR-code initiated digital payments in-store. The European Commission has proposed regulations to make instant payments in euros universally available, aiming for widespread adoption by 2025. The legislation aims to make payment transfers faster, more secure, and affordable for consumers and businesses. It will require EU payment service providers that offer SEPA credit transfer services to provide instant euro payments within 10 seconds.

More IBAN-based digital payment schemes added mobile P2P payment functions to their mobile payment apps, and they trialled cash-advances at POS devices in retail outlets.

For more details on IBAN-based digital payment trends, please refer to the country profiles of the Yearbook.

TrendBuy Now Pay Later (BNPL) – The latest innovation in the digital payments business is the digitisation of paying in instalments, better known now as “buy now pay later” (BNPL), which offers shoppers the option to purchase goods online or mobile in-store and pay for them in instalments without the added fees.

Consumers can use this new kind of instalment payment for online purchases and for in-store payments. The BNPL service provider pays the merchant, and the consumer can pay the purchase amount as instalment in three or four parts. If the consumer pays the agreed instalment rates on time, the service is for free.

The BNL financial product has attracted millions of consumers around the word and private equity investors, leading to the success of BNPL service providers such as Afterpay, Affirm, Klarna and now even PayPal has launched its own BNPL offering in the US, dubbed PayPal in 4.

Trend – Immediate Payments – since 2019, several interbank organisations operating digital payment schemes have added mobile immediate payment functions to their domestic payment service.

Market key players believe that transformation from credit transfer payment to immediate payments is the endgame for cardless digital payment services in Europe.

European Payment Initiative (EPI) – Pushing a European-wide Digital Payment Scheme 

In line with the digital market strategy of the European regulator and the revised payment services directive, PSD2, there is an emerging card-less European Open Banking payment ecosystem based on the SEPA payment instruments SCT, SDD and SCTINST. For example, innovative domestic banks launched new domestic A2A payment schemes enabling card-less payments directly from a domestic bank account e.g., Bancontact Pay/Payconiq (B), Bancomat Pay/JIFFY (I), BLIK (PL), MobilePay (DK), Swish (S), Vipps (N) and others.

The international card schemes push for digital card payments, while the domestic card schemes in Europe discuss the best strategy to transform domestic cards into omnichannel digital payment services.

Encouraged by the ECB, leading European payment service providers announced the launch and support for a European-wide digital payment scheme based on instant payments. The German Banking Industry Committee (GBIC) and its #DK-project supports the EPI initiative.

EPI – In July 2020, a group of 16 major Eurozone banks announced the start of the implementation phase of a new unified payment scheme, the European Payment Initiative (EPI).

In 2021, the 31 founding bank groups from seven European countries and two third-party acquirers include:

The ambition of EPI is to create a unified pan-European payment solution leveraging Instant Payments, SCTINST, offering a card for consumers and merchants across Europe, a digital wallet and P2P payments.

The solution aims to become a new standard payment service for European consumers and merchants in all types of transactions including in-store, online, cash withdrawal and “peer-to-peer” in addition to existing international payment scheme solutions.

EPI’s objective is to offer a digital payment solution that can be used anywhere in Europe and to supersede the fragmented landscape of domestic payment services that currently still exists. In doing so, EPI founders are responding to merchant and consumer communities that have been calling for payment initiatives to take a more pan-European approach.

EPI will first and foremost benefit European citizens, and it will also bring tangible benefits to European merchants, by offering them a seamless, competitive, and unified pan-European payment service solution that is also available to all European consumers.

The beginning of the implementation phase is expected to materialise through the creation of an interim company in Brussels, Belgium, which will set out clear deliverables including the completion of the technical and operational roadmap and initiating the implementation work. The accomplishments of this interim company will be evaluated by each bank before moving on to the EPI’s final corporate structure.

In March 2022, EPI gave up on its effort to build a rival to Mastercard and Visa in Europe after more than half its members left. However, 13 shareholders confirmed on February 25th that they remain convinced of the strategic value of a unified payment solution, leveraging instant payments, and want to go ahead. Therefore, the EPI interim company is now adapting its scope and objectives to this new dimension excluding cards.

The remaining shareholders of EPI include Banco Santander, Banque Fédérative du Crédit Mutuel, BNP Paribas, Crédit Agricole, Deutsche Bank, Deutscher Sparkassen und Giroverband, Groupe BPCE, ING Bank, KBC Bank, La Banque Postale, NETS (NEXI), Société Générale and Worldline. By 2023, new shareholders had joined the EPI initiative; Belfius Bank, DZ Bank, ABN Amro, and Rabobank.

Wero – In September 2023, EPI selected ‘Wero’ as the commercial name for its forthcoming digital wallet solution. The Wero digital wallet will be rolled out in phases, initially to support account-to-account based instant P2P and consumer-to-business payments, followed by online and mobile shopping payments and then point-of-sale payments. EPI aims to launch Wero by mid-2024 in Belgium, France, and Germany, followed by the Netherlands and aims to extend to other countries in the years to come.

In December 2023, EPI completed its first instant A2A payment transaction in a proof-of-concept between customers from German Sparkasse Elbe-Elster and French Banque Populaire and Caisse d’Epargne (Groupe BPCE). The inaugural transaction, worth 10 euros, was sent from a German account to a French account using SCTINST and the EPI’s digital wallet.

In July 2024, EPI launched its mobile-first wallet and instant account-to-account payment solution, Wero, for customers of German Sparkassen and Volksbanken, Raiffeisenbanken. Following its German debut, Wero expanded to France and Belgium, with launches in September and November 2024, respectively. This rollout aims to strengthen the accessibility and efficiency of payments across the continent.

European Digital Payments Industry Alliance (EDPIA) – Initiative of Digital Payment Leaders 

In May 2020, Ingenico Group, NETS, Nexi, and Worldline announced the launch of an EU advocacy alliance of Europe’s leading independent payment services providers. EDPIA’s vision is for Europe to become a global leader in digital payments, which can fuel the completion of the Digital Single Market for the benefit of consumers, businesses, and the public sector. It will do so by engaging in EU policy discussions impacting the EU payments sector, and by helping bring frictionless instant payments closer to EU citizens, businesses, and public bodies.

EDPIA said to believe in a strong and properly enforced European policy framework enabling intense competition between transparent market-based solutions competing for the trust of payment services users. In August 2020, Italian payment processor SIA became member of EDPIA.

Payments Europe – Initiative to strengthen the Voice of the Card Payments Industry

In parallel to the EPI and EDPIA initiatives for cardless digital payments in Europe, in October 2019, European and global card payment solution providers formed a new association to strengthen the voice of the card payments industry: Payments Europe. The new body represents card issuers, card acquirers, card schemes and other stakeholders involved in card payment solutions. The new association shall present the industry’s common views and will contribute to key policy debates in the EU by advocating for a fair regulatory environment for card payment providers in Europe.

Payments Europe is based in Brussels and comprised of 13 founding members including: ACCIE (Association of Credit Card Issuers Europe), AirPlus, APERO (Asociatia de Plati Electronice din Romania), A.S.P.S. (Associazione Prestatori Di Servizi Di Pagamento), Bank of America, BNP Paribas, Card Payment Sweden, Citi Bank, Deutsche Kreditbank, Lloyds Banking Group, Mastercard, Optal and VISA.

P27 – a cross-border Payment Infrastructure for the Nordic Region

In February 2018, a group of major Swedish, Danish, Norwegian and Finnish banks banded together to explore the possibility of establishing a pan-Nordic cross-border payment infrastructure supplemented by common products. This initiative was backed by Danske Bank, DNB, Handelsbanken, Nordea, OP Financial Group, SEB and Swedbank. These banks share current domestic infrastructure projects in Norway and Sweden but aim to achieve them on a Nordic scale with the intention of launching a new piece of financial infrastructure by 2021.

The objective is to make it possible to clear immediate payments and settle accounts within seconds, regardless of currency. The P27 project – so-called for the 27 million people who live in Sweden, Norway, Denmark, and Finland – will build on the success of mobile bank payment apps from Nordic banks such as Swish in Sweden, Norway’s Vipps and MobilePay in Denmark.

This collaboration represents an effort to stay ahead of global technology giants as customers no longer rely exclusively on their bank for financial services. The difference between P27 and the payment apps already offered by Nordic banks is the cross-border nature of the project.

P27 has set a date of 2021 for the launch of its real-time, cross-border payment project. The idea is to create a real-time and batch multi-currency platform that will enable consumers and businesses to send and receive funds across the Nordic markets.

For banks, the new platform will provide a real-time view of the multiple schemes that are running, as well as participant information, balances across schemes and the addition of a data-rich message set. This information will make new revenue opportunities possible.

In June 2019, P27 partnered with Mastercard. Through this partnership, the P27 Nordic Payments Platform will continue to build a Nordic multi-currency platform for real-time payments. As a first step, support and services for payments in DKK, EUR and SEK will be offered.

In October 2020, P27 took a leap forward in establishing its clearing infrastructure with the agreement to acquire Bankgirocentralen (Bankgirot), Sweden’s automated clearing house for mass payments. Bankgirot has a central role in the Swedish payment system and handles transactions to a value of around SEK 73 billion per day, including its real-time payment service BiR, which enables the Swedish real-time payment system, Swish.

Invidem – The Nordic KYC Utility Provider

In June 2018, six Nordic banks decided to explore the possibility of establishing a Nordic Know Your Customer (KYC) infrastructure. DNB Bank, Danske Bank, Nordea Bank, Svenska Handelsbanken, Swedbank and Skandinaviska Enskilda Banken (SEB) established a joint venture Nordic KYC Utility called Invidem. They focused on developing a secure and cost-effective Nordic KYC infrastructure and addressing challenges in AML regulation for the Nordic market.

In late June 2019, Invidem was formally launched. Invidem is owned by the founding banks, but it offers its services to third parties. The initiative will contribute to ensuring a healthy financial environment, prevent financial crime and protect customers and society.

In April 2020, Invidem signed long-term technology deals with Econompass and iMeta Technologies for automated KYC data-gathering and KYC information management ahead of Invidem’s commercial launch in 2021.

Invidem will create a common Nordic platform based on advanced data management technologies to enhance the collection and management of bank customer information. Although the primary target is to enhance data competence, Invidem also aims to raise the technology competence of participating banks against the wave of well-resourced global tech giants entering the financial services space such as Google and Apple. Invidem said it will be ready for commercial launch in 2021.

In each case, the KYC information request is initiated by one of Invidem’s clients. The request is “dressed” in data by Invidem using its KYC expertise and innovative technology solutions in cooperation with third-party data vendors. The client then reviews the case, which is then sent to the client’s end customer for review, possible amendments and submission. Finally, the file is validated against Invidem’s standards and sent to the client.

SEPA Request-To-Pay Scheme (SRTP) 

The European Payments Council (EPC) has developed a new SEPA Request-to-Pay Scheme. The new SEPA RTP instrument covers the set of operating rules and technical elements (including messages) that allow a Payee to request the initiation of a payment from a Payer in a wide range of physical or online use cases. The RTP is a messaging functionality. It is not a payment means or a payment instrument, but a way to request a payment initiation.

In relation to electronic payments, the concept of Request-To-Pay (RTP) can be defined as the set of operating rules and technical elements (including messages) that allow a Payee (or creditor) to claim an amount of money from a Payer (debtor) for a specific transaction. The payment instruments that RTP precedes are based on credit transfer.

From the transmission perspective, the RTP is channel-agnostic and can be transmitted from the Payee to the Payer, for instance through the channel used for payment transactions, including PSPs, and Clearing and Settlement Mechanisms (CSMs), or through other channels composed of other types of providers.

In addition, the Payer can be directly informed about the RTP initiation by the Payee through various environments such as proximity technologies, messaging applications, specialised APIs, etc.

After creation and presentation of the RTP following a purchase transaction, the customer (Payer) can accept the RTP – and this acceptance can be followed by an immediate or future payment – or refuse it and optionally specify a reason for refusal.

The RTP scheme can be considered as a complement to the payment flow because it supports the digital end-to-end process and lies between an underlying commercial transaction such as a purchase and the payment itself. An RTP as such can be an enabler for digital payments.

3.9 About Open Banking APIs 

The challenge for Open Banking and payment service providers in Europe is to connect around 4,000 account-servicing payment service providers (ASPSPs) with the fast-growing number of independent payment services providers and other potential Open Banking partners.

However, Application Programming Interfaces (APIs) are commonly used for sharing data and interconnecting platform solutions with trusted payment partners. Large companies such as Google, Amazon and the international card schemes offer their own API sets to third parties to login or to initiate messages, for example.

APIs come in many shapes and forms, varying from private (internal, within one organisation), to partner (between organisations) and public versions (Open API) versions. In all instances, APIs come with technical specifications, testing facilities and clarity under which legal and operational conditions the APIs can be used. ‘Open APIs’ are APIs, which are open to third parties to digitally connect services.

Open Banking API sets would help European payment service providers to minimise the technical burden associated with connecting to around 4,000 account-servicing payment service providers in Europe.

By introducing the Open API concept for Open Banking ecosystems, the PSD2 sets up new regulatory technical standard rules for accessing bank accounts for TPP players, RTS XS2A. PSD2 mandates all banks to allow TPPs to access bank client’s payment account for information and payment initiation services if and only if the bank client has explicitly granted permission to this TPP to initiate such request and that the TPP has either a PISP license or an AISP license.

Subject to adoption of the regulatory RTS XS2A standard, Open Banking APIs shall be an effective and automated means to enable appropriately licensed TPPs to connect to payment accounts in a secure manner, i.e. without compromising security standards and minimising exposure of sensitive payment and account data.

The Open Banking API concept sounds promising, but it is also a big challenge from a security perspective. PSD2 mandates TPPs to identify themselves to ASPSPs to allow access to account and to communicate securely with the bank, the payer and the payee. The ASPSP needs to authenticate the payment service user. Financially sensitive transaction data must be securely exchanged and must not be accessible by any other party than the bank and the TPP, once the explicit permission of the account holding bank client has been obtained. Thus, all TPPs need to be correctly licensed as a PISP or AISP by a European financial services authority.

From an industry perspective, Open Banking challenges include the need for proper standardisation of APIs (beyond purely technical dimensions) and collective customer education about the new possibilities and how to behave securely when controlling financial assets and personal data with third parties.

Open Banking API sets on domestic country level will help overcome the emergence of multiple competing mechanisms in Open Banking and the Open Banking payment ecosystem by providing a harmonised Open Banking API standard for accessing bank accounts.

Exemption as a concept means that TPPs will typically be required to use a bank’s dedicated Open Banking API set exclusively.

In the early stage of Open Banking implementation, however, European banks have offered connections through API sets and through proven Modified Customer Interfaces (MCIs) for their online banking portal as fallback. The main reason for using MCI fallbacks was that many co-called Compliance API sets have not been fully developed or might not yet work well enough to allow for exemption.

If a bank can prove its API set is reliable enough and well-functioning, however, it can apply for an exemption to offer just its API set to TPPs. In this case, the local financial services authority can grant an exemption allowing to phase-out MCI use.

In the second stage of Open Banking implementation, many European banks have already applied and obtained an exemption allowing them to phase out the initial MCI fallback access for TPPs, replacing this with a dedicated Open Banking API set.

Example – Open Banking API Marketplace of BBVA Group

In May 2017, Spanish BBVA Group said it is making eight of its own API sets commercially available to companies, start-ups and developers worldwide, enabling the integration of customer banking data with third party products and services.

The launch of BBVA’s Open API Marketplace comes after the Spanish bank spent more than a year working with developers and businesses to fine-tune the way the Open API services would be delivered. During this time, over 1,500 businesses and developers registered with the experimental portal in Spain.

Initially only Spanish customers of BBVA will be able to benefit from the marketplace – but the bank intends to roll-out the programme to its US customers later this year, before expanding it further to include Turkey, Mexico, Latin America and beyond.

BBVA claimed it has initially worked with 35 Spanish companies, but also with geo-marketing start-ups such as Geoblink, Carto or Bismart, and with software vendors such as Anfix, Simplygest and Sage.

Key Features

Open Banking Initiative: BBVA API Market is part of the bank’s open banking strategy, making several APIs commercially available to companies worldwide.

API Offerings: The marketplace provides access to various financial functionalities, including payment management, international payment tracking, and account balance checking.

Integration Benefits: Companies can connect their treasury systems to BBVA Pivot Connect using these APIs, reducing integration time by approximately 80%.

Global Reach: BBVA Pivot Connect, which utilises these APIs, is available in multiple countries across Europe, the Americas, and Asia.

Impact on Innovation

BBVA’s API Market aims to:

The bank has been working closely with developers and businesses to refine its API offerings, with over 1,500 entities registering during the experimental phase5. This initiative positions BBVA as a leader in open banking and demonstrates its commitment to driving innovation in the financial sector.

Example – Open Banking APIs and Berlin Group 

In June 2017, Berlin Group, the European payments interoperability coalition of banks and payment processors with membership comprising bank supported CSMs/ACHs and industry bodies, announced to push a single standard for API access to bank accounts (XS2A) compliant with the PSD2 regulation.

The Group carries some heft in European markets, with membership comprising bank backed CSM processors and industry bodies across the European payments industry.

The Berlin Group said its NextGenPSD2 and NextMobileP2P initiatives provide a harmonised API standard for accessing bank accounts. Built as an ‘Access to Account Framework’, The Berlin Group says the standard offers operational rules and implementation guidelines with detailed data definitions, message modelling and information flows based on RESTful API methodology.

As of the beginning of 2021, the Berlin Group NextGenPSD2 has been implemented in all EU countries, in several non-EU countries in Europe and in countries outside Europe who are focused on maintaining reachability and compatibility with the European market. More than 75% of European banks and hundreds of third-party providers (TPPs) have implemented the Berlin Group NextGenPSD2 Framework.

Challenge: Open Banking API Fragmentation 

Three years post UK go-live in early 2018, and 18 months after the Open Banking provisions of PSD2, the Open Banking API landscape in Europe is rather fragmented with multiple standards and lots of bespoke APIs. As of end-2024, the Open Banking API market can be characterised as follows:

According to market analysts, the Open Banking market is moving from so-called bespoke “Compliance APIs” with limited functionality and poor user experience towards “Commercial APIs”, which are quick to deploy and possess rich functionality with an enhanced user experience and indirect revenue options for account-holding banks.

According to market insight, API integration will break down boundaries. Therefore, one Open Banking challenge is to implement a scalable API integration strategy. By the end of 2020, around 90% of European financial services companies had an Open Banking API strategy, and 80% agreed that API integration is mission-critical to their Open Banking strategy. The adoption of Open Banking services in Europe is on an upward trajectory. Projections suggest that the number of Open Banking users in Europe is expected to exceed 63.8 million by the end of 2024, representing a significant increase over the past few years. The utilization of Open Banking APIs is also expanding rapidly. Forecasts by Statista indicate that the number of API calls will grow from 102 billion in 2023 to 580 billion by 2027, highlighting the escalating integration of Open Banking services across the financial industry.

Apart from few domestic Open Banking API standards, there is currently no single pan-European Open Banking API standard. The European Payments Council (EPC) has developed the SPAA scheme to establish a standardized framework for accessing payment accounts. This scheme aims to harmonize API standards across Europe, facilitating secure and efficient data exchange between Account-Servicing Payment Service Providers (ASPSPs) and Third-Party Providers (TPPs). As of December 2023, the SPAA scheme is open for adherence, with participants like TrueLayer joining to promote a unified approach to Open Banking.

European banks and independent TPPs are supported by around 20 Open Banking API aggregators in each country across Europe, potentially connecting more than 450 TPPs with more than 4,000 ASPSPs. This demonstrates a lack of Open Banking API standardisation and shows that the Open Banking API landscape in Europe is, to date, rather fragmented.

From an industry perspective, Open Banking challenges include the need for proper standardisation of APIs (beyond purely technical dimensions) and collective customer education on the new possibilities and secure behaviours when exercising control over financial assets and personal data in relation to third parties.

In 2021, the Open Banking ecosystem faces the problem that the high number of Open Banking API sets are causing a fragmented Open Banking API market which risks killing the benefits of frictionless Open Banking.

In an Open Banking ecosystem, however, an effective robust API integration platform would provide a straightforward way to leverage both old and new applications by acting as an aggregating API integration platform. In other words, prior to a potential later global standardisation, the interim solution is aggregation.

To mitigate fragmentation, API aggregators have become increasingly prominent. These entities serve as intermediaries between banks and third-party providers (TPPs), offering standardized APIs that simplify connectivity across various banking systems. By providing a single integration point, aggregators enable TPPs to access multiple bank APIs without dealing with the complexities of differing data configurations and interface formats.

The European Commission has proposed updates to the Payment Services Directive, introducing PSD3 and a new Payment Services Regulation (PSR). These proposals aim to enhance the current PSD2 framework by addressing issues such as API standardization and security, thereby reducing fragmentation and promoting a more cohesive Open Banking environment.

Extending Open Banking beyond Payments – the Road to Open Finance? 

In December 2019, the UK Financial Conduct Authority (FCA) published a Consultation which seeks to explore the opportunities and risks that would arise from extending Open Banking principles to give consumers/businesses greater control over their financial data. The proposal looks beyond PSD2’s sole focus on payments, towards a data-sharing regime between incumbent service providers and third-party providers which would be extended to cover savings, mortgages, consumer credit, investments, pensions, and insurance.

According to UK Finance and the CMA9 banks, a new non-profit UK service company is expected to pave the way for the UK Open Banking model to be extended towards an Open Finance framework beyond payments.

As part of its Digital Finance Package, which the European Commission published on 24 September 2020, the Commission undertook by the end of 2021 to launch a comprehensive review of the PSD2. The Commission also pledged to present a legislative proposal on a new Open Finance framework.

In October 2020, the Berlin Group started work on a full Open Finance API Framework. According to the Berlin Group, Open Finance adds standardised extensions beyond the regulatory scope of PSD2 which allow banks and TPPs to offer enhanced services, leveraging the NextGenPSD2 API Framework technology and infrastructure investments. By expanding the access of customers’ financial data to broader data sources and additional account types, enhanced views on customers’ finances will empower bank customers to actively choose the best value products and services they need beyond payments.

3.10 Outlook – Digital Payment Transformation

Before implementing the revised PSD2 and its Open Banking mandate, the European banks adopted their own approaches to deliver digital banking and digital payment services.

However, the Open Banking mandate of PSD2 provides open access to customer payment accounts and bank infrastructure, and the competing independent Fintechs invest in digital payment services. In addition, the impact of the Interchange Fee Regulation of the card business is another driver to transform cards and banking services into digital payments and digital banking fit for digital economy.

With the advent of PSD2 and strong competition of non-banks, European banks have developed their own digital banking strategies to transform traditional online banking into digital banking.

Excluding Open Finance, digital payment transformation strategies on country level, by bank groups, or by a single bank in Europe may look like the following illustrative model reflecting digital banking transformation on country level seen in Europe.

Step 1: All banks serving retail clients offer their clients online banking services and mobile banking apps. Among the range of digital banking services on offer, they offer payment initiation, account balance statements, transaction reporting, and value-added services such as mobile prepaid top-up.

All banks support contactless card payments, online card payments and mobile HCE NFC payments in-store. In addition, Strong Customer Authentication for card and existing payment initiation is implemented.

In addition, all banks implement the underlying digital SEPA payment instruments or their domestic equivalents in non-euro denomination:

Clearing and settlement of bank payments are processed by the bank backed domestic CSM processor.

In parallel, innovative banks consider transforming legacy retail banking system into a digital Open Banking payment hub platform with cloud-native, cloud-agnostic, API-first digital banking payment platform, enabling the bank to deliver consistent, frictionless customer journeys for the digital banking payment world. The other option would be to use the digital banking-as-a-service platform of an Open Banking processor (OBP).

Step 2: All banks act as account servicing payment service provider (ASPSP) and cooperate with independent PISPs and AISPs. In addition, all banks establish their own account information services to online banking services and their mobile banking apps. In addition, innovative banks push for IBAN-based credit transfer payment services in online shops by adding a mobile payment function to their mobile apps.

As strategic step towards Open Banking, all banks of the country opt for a new domestic Open API standard as key part of Open Banking in the financial market of the country.

Clearing and settlement of both credit transfer payments and immediate payments are processed by the bank backed domestic CSM processor.

Step 3: All banks act as ASPSPs, PISPs, AISPs and the Open API standard is implemented. All banks add immediate payment functions their online banking services and to their mobile banking apps. In addition, innovative banks launch mobile P2P payments in real-time.

In cooperation with acquirers and merchants, all banks join forces to launch a new domestic IBAN-based mobile payment scheme directly from bank accounts. A new bank backed interbank organisation operates the mobile payment scheme, which allows users to pay online, mobile, at ATMs, in-store, at retail outlets, local administration offices and online payment service processors, which service online merchants.

Clearing and settlement of both credit transfer payments and immediate payments are processed by the bank backed domestic CSM processor.

Step 4: All banks act as ASPSPs, PISPs, AISPs and the Open API standard enables them to cooperate with trusted payment providers (TPPs). Digital banking and mobile banking include immediate payments. Mobile payment apps include P2P payments in real-time and allow to make payments in-store in retail outlets.

Transformation plan for domestic card schemes and other domestic online payment services, if any, into a domestic IBAN-based immediate payment scheme operated by the bank backed interbank organisation.

User can make P2P payments and to pay online, mobile, at ATMs, in-store, at retail outlets, local administration offices and various online payment service processors, which service online merchants.

All banks join forces with merchants to consider the launch of the new SEPA Request-To-Pay scheme standard (RTP) with the objective to digitalise the business process from purchase to future payment.

After creation and presentation of the RTP following a purchase transaction, the payer can accept the RTP followed by an immediate or future payment – or refuse it with or without specified reason for refusal.

Clearing and settlement of both credit transfer payments and immediate payments are processed by the bank backed domestic CSM processor. The CSM processors supports processing of the RTP Scheme.

3.11 Outlook – Open Banking payment infrastructure

Online technologies, mobile devices and new consumer demands are rapidly transforming the payments industry. They provide the payments industry with new opportunities to generate differentiation, gain customer loyalty and win market share. To succeed in a rapidly changing environment, the payments industry needs to invest in digital payment service innovation.

Global digital commerce is seeing exponential growth and European merchants are increasingly looking to take advantage of cross-border initiatives to increase revenue growth along with providing more service options for their customer base.

Today, the payment platforms of card acquirers and card processors are usually connected to the card payment ecosystem and process contactless cards and digital card form factors. Only in the online shopping world do acquirers and processors support merchants accepting cardless payment services. And they are not connected to the Open Banking payment ecosystem – so far.

One significant impact of the Open Banking payment ecosystem is the emergence of mobile banking apps combined with digital payments directly from the account. In addition, payment initiation service providers (PISPs) and account information service providers (AISPs) are going to be potential new business partners for card acquirers, digital payment processors and European merchants.

With omnichannel payment strategies in mind, building a new digital payment platform is a fundamental opportunity for the digital payments industry, especially for payment initiation service providers and digital payment processors.

The challenge for the payments industry is to transform existing payment solutions by channel into omnichannel digital payment service platforms that combine omnichannel payment acceptance requirements of modern merchants with both the card payment ecosystem and the Open Banking payment ecosystem.

The challenge and opportunity for payment initiation service providers and digital payment processors is to develop a new kind of digital payment platform that interacts with any relevant payment ecosystem:

Key drivers for a digital payment platform include financials, compliance, easy adoption of payment innovation, flexible omnichannel payments processing and checkout configuration, security standards such as tokenisation security, transparent reconciliation of payments and a frictionless payment user experience.

Among others, the benefits of a digital payment platform for digital card processors include:

About Open Banking Platforms

In parallel to in-house Open Banking platforms of innovative banks (e. g. Spanish BBVA Group), diversified Open Banking platforms open for partnerships with TPPs emerge. They create API-powered, customer centric, data driven payment platforms and business models.

In Europe, new types of Open Banking payment platforms combine common banking functions with security and control (see figure 1). They combine digital core business with digital banking services specialists and new typed of service providers.

New types of Open Banking service payment provider and Open Finance service providers using Open Banking platform include (see Figure 2):

According to market players, the user experience of Open Banking platforms is strongly influenced by the digital identity user experience with log-in convenience and second authentication factors such as mobile one-time codes, digital IDs, or biometric IDs.

European Banking Infrastructure 

Historically, the payment infrastructure in Europe has been individually developed in each country to meet national requirements and is based on domestic currency systems. To date, each member state has had its own banking system operating on its own rules and with its own technology. Therefore, the current payments infrastructure remains highly fragmented along national lines. However, with the introduction of the euro currency and trade becoming increasingly integrated within the EU, the challenge of setting up a new EU-wide infrastructure has arisen.

With the implementation of the SEPA payment instruments and the advent of the revised payment regulation, the payment infrastructure in Europe is composed of the pan-European banking infrastructure for payments in euro denominations and the domestic payment infrastructure in the non-euro countries in Europe.

A specific payment layer on top of the European banking infrastructure and on individual country level is de facto practiced in Europe. Figure 3 illustrates the API-based platform model with a service layer for payment service provider and FinTech partners and the banks’ payment infrastructure. It is obvious, that payment complexity for merchants and consumers is part of the below model.

Among others, the European bank payment infrastructure for payments in euro denomination Europe is composed of

In the non-euro countries, a specific domestic layer is practiced on top of the domestic banking infrastructure. However, all non-euro countries are connected to the European banking infrastructure to process cross-border payments in euro currency and in one of the SEPA payment instrument formats (one-leg transactions).

The RT1 instant payment system of EBA Clearing

In November 2017, EBA Clearing confirmed that its instant payment system RT1 went live on the launch date of the SEPA Instant Credit Transfer (SCTINST) Scheme developed by the European Payments Council.

The SEPA instant payment system has taken up operations with a first group of 17 banks from 8 countries, which are extending SCTINST reach to more than 500 addressable payment service providers (PSPs). Over the next 12 months, EBA Clearing expects more early adopters to connect to the system, which could reach critical mass as early as by the end of 2018.

Together with 39 funding institutions and its technology partner SIA, EBA Clearing started to develop and implement the European infrastructure platform RT1 in April 2016. RT1 provides payment service providers in the Single Euro Payments Area with a real-time payment processing facility operating around the clock on any day of the year.

Among others, early implementers of SEPA instant payment services include:

The European TARGET Instant Payments Settlement System (TIPS)

In November 2018, The European Central Bank unveiled its response to the rise of digital wallets with the launch of Target Instant Payments Settlement (TIPS), a pan-euro zone instant payments system. The new service will be available to both consumers and businesses across the 19 states in the euro zone and will offer near real-time payments via smartphones, in online shops and in-store at retail outlets.

The ECB initiative has been sparked by the growing popularity of digital, contactless payment services offered by big tech firms such as Apple, Google, Amazon and Chinese Alibaba and WeChat Pay.

While instant payment services for domestic use have been launched by individual banks, there are currently no such services for cross-border transactions. The ECB is therefore looking to fill this void with the TIPS system which is directly connected to central bank funds therefore avoiding some of the settlement processes that can inhibit instant payments.

Eight participating banks were revealed at the launch in Rome including several Spanish lenders and the second largest banking group in France, BPCE. While the service will initially be limited to the euro zone, the ECB has not ruled out extending it to other countries and currencies.

TIPS was developed to unify instant payments across Europe, addressing the risk of fragmentation from multiple national solutions. It provides a pan-European infrastructure for instant payments, ensuring cross-border availability and interoperability.

By offering instant settlement in central bank money, TIPS enhances the speed and efficiency of payments in the European Union, supporting the growing demand for real-time transactions in an increasingly digital economy.

Addendum – Background SEPA Payment Instruments 

In parallel to the SEPA for Cards Framework (SCF), the European Payments Council (EPC) has delivered a set of cardless IBAN-based payment instruments for payments in euro denomination., which have replaced all domestic credit transfers and direct debt schemes in the euro countries:

European banks and IBAN-based Credit Transfer Services

The European Payments Council (EPC) launched the SEPA Credit Transfer (SCT) scheme in January 2008. As of mid-2025, as many as 3,523 payment service providers (PSPs) in 38 countries and territories offer IBAN-based credit transfer services. Due to mergers and acquisitions, the absolute number of SCT participants has slightly changed compared to previous market uptake reported by the EPC.

According to the SCT indicators compiled by the ECB, the share of SCT transactions as a percentage of the total volume of credit transfers generated by bank customers, amounted to 99.38% in August 2014 from 46.95% as at end-2013 (2012: 34.86%, 2011: 23.71%). Since end-2014, the SCT migration is complete.

The SCT Indicators have been based on aggregated data provided by clearing and settlement infrastructures in the euro area processing SEPA transactions. This data avoids double counting by excluding, for example, SEPA transactions sent via links between infrastructures. The data also excludes ‘on-us’ transactions (SCTs between accounts at the same bank) as well as transactions cleared between banks bilaterally or via correspondent banking.

In countries with non-euro currencies, credit transfers in euro denomination are usually made cross-border.

European banks and IBAN-based Direct Debit Services

The EPC launched the SEPA Core Direct Debit (SDD Core) scheme and the SDD Business to Business Direct Debit (SDD B2B) scheme on 2 November 2009. As of mid-2024, as many as 2,824 PSPs in 34 countries and territories have signed up to the SDD Core Scheme. Of those, 2,368 PSPs also adhere to the SDD B2B Scheme. All branches of banks in the euro area must be reachable for cross-border direct debits in SDD Core Scheme format, since 1 November 2010 as mandated by Regulation (EC) No 924/2009 (Article 8).

According to the SDD indicators compiled by the ECB, as of June 2014 the share of SDD Core transactions, as a percentage of the total volume of direct debits generated by bank customers, amounts to 95.06% from 3.73% as at-end-2013 (2012: 1.91%, 2011: 0.52%). This significant progress has been forced by the SEPA End-Date Regulation effective 1 February 2014 date marking the end of the migration period in the euro area. Since end-2014, the SDD migration is complete.

The SDD indicators are based on aggregated data from several clearing and settlement infrastructures / systems located in the euro area. As such, SDD transactions that are cleared bilaterally or processed within the same institution are excluded from this indicator.

In countries with non-euro currencies, direct debits in euro denomination are rarely used. Direct debits made cross-border are not practiced. Instead, recurring card payments or recurring credit transfers initiated by payment initiation service providers are used in Europe.

European banks and Immediate Payment Services 

Immediate payments, also named ‘instant payments’ or ‘real-time payments’, are the next intended step in the harmonisation of payments in the Single Euro Payments Area (SEPA), in the end aimed at supporting Europe’s competitiveness and economic growth.

With migration to SEPA credit transfers and direct debits nearly complete, and the digitalisation of the economy leading to new consumers’ and retailers’ expectations, instant payments are the main focus in the coming years, according to the ECB.

According to the Euro Retail Payments Boards (EPRB) and the EPC, “IBAN-based immediate payments are electronic payment solutions available 24/7/365 and resulting in the immediate or close-to-immediate interbank clearing of the transaction and crediting of the payee’s account with confirmation to the payer (within seconds of payment initiation)”.

In 2016, the ERPB provided an open definition for immediate payments with the objective to make funds immediately or near-real-time available to the beneficiary:

In November 2016, the EPC launched the first SEPA SCTINST rulebook. The 2017 SCTINST Rulebook version 1.0 enters into force on 21 November 2017 and remains in effect until November 2019. The implementation guidelines relevant to the 2017 SCTINST Rulebook version 1.0 are based on the 2009 version of ISO 20022.

Chaired by the ECB, in 2014 the Euro Retail Payments Board (ERPB) identified the need for a pan-European instant euro payment solution. In April 2016, EBA Clearing started the SCTINST project with more than 40 large European banks involved. In November 2016, the European Payments Council (EPC) published the SCTINST scheme and SCTINST rule books version 1.0 while the ERPB provided the governance model. In November 2017, EBA Clearing completed the pan-European instant payments infrastructure, RT1, and SCTINST started operating in Europe. From July 2020, the maximum amount for instant payments is set to €100,000.

In 2017, the 585 PSPs participating in the SCTINST scheme were in Austria, Estonia, Italy, Latvia, Lithuania, the Netherlands, and Spain. More from major European countries are expected to join the scheme in 2018 and 2019. Among them, from Belgium, Finland, Germany, Malta, the Netherlands, Portugal, and Sweden.

As of June 2025, 2,765 banks from 36 European countries had registered for the SCTINST scheme. This represents 78% of all SCT scheme participants.

All euro-denominated immediate payments in the European economic area are based on the SEPA Instant Payment instrument, SCTINST. According to the SEPA Rules for Instant Payments, the bank account credentials must be in IBAN format. Foreign merchants, online shops, and PISPs may additionally demand for the respective bank identification code, BIC.

In European countries with non-euro currency denomination, there are other immediate payment services live in operation including:

Immediate payments are going to create frictionless commerce and enable a financial world in which the entire payment process occurs seamlessly and immediately. An open payments system can also provide opportunities for financial institutions to help commercial and retail customers better understand and manage their bank accounts.

By developing innovative value-added services on top of the immediate payment rails, whether through Open Banking initiatives or new ways of initiating payments through QR-code scanning, all parties in the value chain benefit.

Initiatives like the sharing of Open API access among financial institutions and trusted FinTechs, as an introduction to customers and their customers’ data, has shifted the conversation about the potential for immediate payments.

Especially in the emerging Open Banking payment ecosystem, immediate payments are going to play a significant role.

Digital & Card Payment Yearbooks