20 December 2024
What is the EBA Fraud Taxonomy?
Learn more about how the EBA Fraud Taxonomy works in practice

By Annick Moes
Annick Moes is Head of Industry Issues, Cooperation Initiatives and Communications at the Euro Banking Association (EBA). She is responsible for the EBA’s market practices and regulatory guidance stream, which provides the European payments ecosystem with a pan-European perspective and practical support. She has been working in European payments for over 20 years.
In an era where the world of fraud seems to evolve faster than ever, the diverse terminology payment service providers (PSPs) use to describe fraud events exacerbates an already complex dynamic. So far, there has been neither a harmonised pan-European vocabulary nor a harmonised approach to describing fraud types. Without a harmonised taxonomy, however, fraud classifications tend to alter from country to country and from PSP to PSP – and often, they even differ within organisations.
The lack of alignment on how to describe and categorise payment fraud events has two major reasons: opportunities to join forces have been very restricted by a fragmented reporting landscape and by regulatory requirements related to data and intelligence sharing. So, from data used to detect fraud to the language used to describe it to the development of countermeasures, all aspects of fraud combatting need alignment that can only come from co-operation.
Increasing pan-European co-operation has therefore become a key priority among fraud experts and the calls for fraud data sharing across the industry are becoming louder, both from market participants and European regulators. For such collaboration to see success – and for the full benefits of shared data to be unlocked – everyone needs to speak the same language.
To develop that language and, in the process, work towards a collaborative, pan-European approach to combatting payment fraud, the Euro Banking Association (EBA) created the Expert Group on Payment Fraud-related Topics (EGPF). More than 30 fraud experts representing PSPs from 15 European countries cooperating in the EGPF delivered the EBA Fraud Taxonomy, a harmonised pan-European vocabulary and categorisation approach for naming and organising fraud types for payments.
How the EBA Fraud Taxonomy works in practice
The EBA Fraud Taxonomy provides a simplified and straightforward framework to capture and categorise fraud scenarios related to account-to-account (A2A) and card payments. It offers a standardised way to identify how the fraudster first contacted the victim, what trick the fraudster used to get hold of the victim’s money or credentials and who initiated the payment transaction affected by the fraud. With these elements, any fraudulent event can be described in a very brief and precise manner:
- Method (how): describes the attack vector and specifies the first point of contact between the fraudster and the victim or the point of compromise.
- Modus (what): describes the action taken by the fraudster that resulted in the loss of money via a payment transaction. These actions are clustered within high-level classifications reflecting the strategic approach deployed by the fraudster, e.g. social engineering, account / card / card details takeover or first-party fraud.
- Initiator (who): describes who initiates the payment transaction affected by the fraud, i.e. the customer or the fraudster. The initiator section includes ‘first party’ as an optional element relevant, primarily, to card fraud.
- Labels/tags (what else): fraud experts can use labels/tags to add further details on a fraudulent event, as they deem fit (e.g. to align with internal reporting requirements). This ensures ease of use, maximum flexibility and backwards compatibility.
- Payment instrument (optional): enables users of the taxonomy to identify whether the fraudulent payment was an A2A transaction or a card payment.
Rather than reinvent the wheel, the EGPF has sought to build on the work done by fraud experts around the globe by relying on definitions from authoritative and publicly available sources, wherever possible. The EBA Fraud Taxonomy is also aligned with the European Banking Authority Guidelines on Fraud Reporting under PSD2, which have already been implemented by PSPs across Europe.
Combining this standardised approach to fraud categorisation with a uniform set of definitions for the different elements, the taxonomy enables the use of a common vocabulary for reporting purposes at a pan-European level and acts as a foundation for fraud intelligence and data sharing across national borders.
The EBA Fraud Taxonomy is available to any interested party. Request your free copy via the EBA website.
The EBA Fraud Taxonomy in a nutshell: download the management summary
For key information on the EBA Fraud Taxonomy and why it matters to PSPs, we make available these management summaries:
- One-page version: EBA Fraud Taxonomy management summary – provides a brief introduction to the taxonomy, explains the reasons for implementing it and highlights principal use cases
- Two-page version: EBA Fraud Taxonomy management summary – offers the content of the one-page version (see above) and describes, in addition, key benefits of the taxonomy and how it works in practice
If you would like to comment on a blog post, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion board you agree to abide by the terms of the EBA blogging terms of use, so please read them carefully.