The European Payments Council (EPC) is dedicated to fostering safe, reliable, efficient, convenient, economically balanced, and sustainable payments. One of the key elements in payment systems is stakeholder trust. Hence, ensuring the security of end users and scheme participants stands as the EPC's foremost priority.
The EPC’s Payment Scheme Fraud Prevention Working Group (PSFPWG) contributes to payment schemes fraud prevention and to the safety of the EPC payment schemes. The group consists of members with significant experience in payment fraud prevention representing institutions that are members of the EPC.
The PSFPWG works under the control of the Payment Scheme Management Board (PSMB) and its activities are centred around operational payment fraud prevention in the context of the EPC-managed SEPA payment schemes, taking into account Eurosystem oversight requirements. The group focuses on fraud data collection and analysis, prevention measures, and information sharing. Furthermore, the group assesses the change requests to rulebooks (or changes to other related documents) from a fraud prevention perspective.
Upon the proposal of the PSFPWG, in April 2022 the EPC launched a SEPA-wide platform for fraud information sharing between PSPs named the ‘Malware Information Sharing Platform’ (MISP). The EPC encourages all scheme participants to adhere to the EPC MISP instance to support the entire SEPA payment industry in preventing and combating payment fraud.
Given its critical and transversal nature, payment security is firmly within the scope of the EPC in its role as a scheme manager, with "security by design" as a fundamental guiding principle.
The Payment Security Support Group (PSSG) is responsible for providing advice and guidance on security issues affecting payments or payment-related services within the framework of the EPC’s activities.
Furthermore, the group contributes to risk management annexes (RMAs) of EPC rulebooks and assesses the change requests to rulebooks (or changes to other related documents) from a security perspective.
The PSSG releases yearly updates of the EPC “Payment Threats and Fraud Trends” report. This report provides an overview of the most important threats and other “fraud enablers” in the payments landscape, such as social engineering and phishing, malware and advanced persistent threats. For each threat, an analysis is made on the impact and context, and suggested controls and mitigation strategies are described. This report also includes fraud specific to particular payment instruments, such as the SEPA schemes.
The PSSG also regularly updates the EPC “Guidelines on cryptographic algorithms usage and key management” published every year. The purpose of this document is to provide guidance to the European payment industry regarding cryptographic algorithms and related key management issues.