The European Payments Council (EPC) is dedicated to fostering safe, reliable, efficient, convenient, economically balanced, and sustainable payments. One of the key elements in payment systems is stakeholder trust. Hence, ensuring the security of end users and scheme participants stands as the EPC's foremost priority.
The EPC’s Fraud Information Distribution Arrangement Task Force (FRIDA TF) was established in 2025 after a review and reorganisation of the EPC’s activities on fraud prevention.
The group is composed of representatives from EPC member institutions with significant experience in payment fraud prevention or in the development and management of a SEPA payment or payment-related scheme. It’s core mission is twofold:
- Create and maintain a scheme enabling payment service providers (PSPs) to share fraud-related information and to enhance fraud prevention across the SEPA geographic area and for all the EPC payment schemes.
For this purpose, the FRIDA TF will define an approach ensuring interoperability between different existing fraud information exchange schemes, solutions and platforms operated by national PSP communities. - Contribute to operational payment fraud prevention in the context of the EPC-managed SEPA payment schemes. For this objective, the group focuses on fraud data collection and analysis, prevention measures, and information sharing. Furthermore, the group assesses the change requests to rulebooks (or changes to other related documents) from a fraud prevention perspective.
FRIDA TF works under the control of the Payment Scheme Management Board (PSMB) and its activities are taking into account Eurosystem oversight requirements.
In April 2022 the EPC launched a SEPA-wide platform for fraud information sharing between PSPs named the ‘Malware Information Sharing Platform’ (MISP). MISP is managed by the FRIDA TF.
The EPC encourages all scheme participants to adhere to the EPC MISP instance to support the entire SEPA payment industry in preventing and combating payment fraud. EPC scheme participants interested to join the EPC MISP, are invited to send a request through the website’s contact form.
Given its critical and transversal nature, payment security is firmly within the scope of the EPC in its role as a scheme manager, with "security by design" as a fundamental guiding principle.
The Payment Security Support Group (PSSG) is responsible for providing advice and guidance on security issues affecting payments or payment-related services within the framework of the EPC’s activities.
Furthermore, the group contributes to risk management annexes (RMAs) of EPC rulebooks and assesses the change requests to rulebooks (or changes to other related documents) from a security perspective.
The PSSG releases yearly updates of the EPC “Payment Threats and Fraud Trends” report. This report provides an overview of the most important threats and other “fraud enablers” in the payments landscape, such as social engineering and phishing, malware and advanced persistent threats. For each threat, an analysis is made on the impact and context, and suggested controls and mitigation strategies are described. This report also includes fraud specific to particular payment instruments, such as the SEPA schemes.
The PSSG also regularly updates the EPC “Guidelines on cryptographic algorithms usage and key management” published every year. The purpose of this document is to provide guidance to the European payment industry regarding cryptographic algorithms and related key management issues.