22 May 2025

Sharper insights and stronger defences: how SEB enhanced its fraud-fighting capabilities with the EBA Fraud Taxonomy

How does a common taxonomy bolster the fight against fraud?

This blog post is based on an interview conducted with Johan Anlert

Today’s payments ecosystem is marked by deep-rooted silos that impede effective coordination in the battle against fraud. National and regional communities often take distinct approaches, shaped by local regulation, industry initiatives or priorities. Different types of payments – such as card-based and account-to-account – are typically managed separately, with their own processes.

These divisions often extend even further when it comes to fraud classification, with colleagues in the same organisation relying on different frameworks to describe, understand and categorise fraud cases – making it nearly impossible to compare cases or spot patterns. Meanwhile, fraudsters remain a step ahead – sharing tools, data and tactics in a common language the rest of us have yet to adopt.

Against this backdrop, calls for a standardised approach to payment fraud categorisation – facilitating the like-for-like comparison of cases and scenarios – have grown. Having the right taxonomy plays a key role in this, directly influencing data quality – determining not only how many data points are captured, but also how easily they can be compared. The EBA’s Fraud Taxonomy, introduced in 2020 and made publicly available in October 2022, provided a solution by offering a common, pan-European vocabulary for fraud categorisation.

Implementing the taxonomy at SEB

Before the EBA Fraud Taxonomy’s launch, SEB leaned on a basic fraud methodology. This primarily reflected minimum regulatory reporting requirements, such as those related to the European Union (EU)’s second Payments Services Directive (PSD2). In effect, this meant we could only really differentiate between issuance fraud (e.g. whereby a card is used to make a transaction that is not authorised by the cardholder) and manipulation-type frauds, such as an Authorised Push Payment (APP). Rich, actionable data, in other words, was eluding us.

The EBA Fraud Taxonomy has provided a standardised way to identify precisely who initiated the payment transaction affected by the fraud; how the fraudster first contacted the victim; and what trick the fraudster employed to obtain the victim’s cash, card or credentials. The power of the EBA Fraud Taxonomy lies in its simplicity: it breaks down fraud scenarios through a set of structured, intuitive questions, enabling users to capture richer and more comparable data.

So, how exactly did SEB implement the new methodology? Essentially, we adopted the taxonomy as a base framework, then added to it custom fields that serve as a bridge between the language used by our internal systems and the language used by counterparts’ systems – such as those employed by the Swedish police. In order to set this up, we took a pragmatic, two-phased approach that aimed for quick wins, scalable integration, as well as fast, voluminous information.

First, we turned to backend systems where the data is categorised and stored. The technical change to the system was relatively straightforward and was completed overnight.

Next, we addressed the frontend areas, such as the case-handling system, where data is collected by first responders. This step was more hands-on. One of the key challenges was crafting the registration flow in a manner that first-line responders only had to ask a minimum number of questions – while ensuring that these questions would yield the maximum number of datapoints. To succeed in this balancing act, targeted education – particularly for first-line responders – was critical. In the two months preceding the switch, we conducted tests, dry runs and roleplay sessions using fake data to workshop numerous scenarios. This ensured that the team who would be collecting and inputting the data were prepared.

Today, SEB uses 10 to12 information fields per case, which first-line responders must input. Underneath – in the data transformation steps – there are logic, rule sets, and mappings to generate the remaining data points. SEB now boasts not just high levels of compliance, but well-fed fraud models.

The results: sharper insights, stronger defences

As a bank we have seen several benefits post-implementation. First has been the transition from manual data handling to the possibility of having near real-time fraud analysis, since cases are now registered and processed in a matter of minutes. The EBA Fraud Taxonomy has also allowed for richer, more accurate information, which can be fed into machine learning models, regulatory reports and internal dashboards.

The taxonomy also has the potential to unlock proactive and nimble fraud prevention methods, thanks to its ability to identify trends or modifications in criminals’ techniques before they become widespread. This capability was evident in the beginning of 2024 when, after a documentary on the rise of ‘social manipulation fraud’ was aired on Sweden’s national broadcasting service, instances of that very fraud type slumped, while ‘safe account fraud’ – subdued over the previous 18 months – resurged. Following this dynamic shift, the taxonomy supported rapid internal communications and more in-depth analysis.

SEB’s data sharing abilities have been significantly boosted, too. We now liaise with Sweden’s other four major banks on a regular basis to understand whether they notice the same fraud patterns and techniques as us. From here, we can glean what the response has been and how successful it is – adjusting our own approach accordingly. Zooming out, from the transactional view of fraud to the landscape-wide view, is invaluable.

Overall, the EBA Fraud Taxonomy has delivered immediate and far-reaching operational, analytical and strategic value. As a bank, SEB progressed from a reactive ‘fire department’ to a ‘fire marshal’ – building fraud safety into our walls.

Start small; start now

The moral of this story is the need to engage in cross-industry alignment. Collaboration is at the core of the EBA Taxonomy – it was developed by the industry, for the industry, and is continuously refined and updated each year with input from its users, ensuring it remains aligned with the latest fraud trends.

The result is a harmonised fraud language that enables institutions to fight payments crimes as a unified front instead of ineffective islands. In the mid to long-term, industry players must actively contribute to the taxonomy's evolution, helping shape updates that reflect real-world trends.

Right now, however, it is imperative to support low-barrier adoption. Full implementation today is not needed for institutions to see tangible benefits, as even partial adoption (for example, just methods and fraud motives) offers huge gains over legacy systems, producing a much clearer view of the threat landscape.

SEB’s experience proves that fraud taxonomy implementation does not have to be burdensome or technical; basic logical mappings are there to do the heavy lifting. As an industry, we must start small but start now – and refine process as it develops.

 

The EBA Fraud Taxonomy in a nutshell: download the management summary

For key information on the EBA Fraud Taxonomy and why it matters to PSPs, the Euro Banking Association (EBA) makes available these management summaries:

• One-page version: EBA Fraud Taxonomy management summary – provides a brief introduction to the taxonomy, explains the reasons for implementing it and highlights principal use cases
• Two-page version: EBA Fraud Taxonomy management summary – offers the content of the one-page version (see above) and describes, in addition, key benefits of the taxonomy and how it works in practice

 

Let’s discuss at EBAday 2025:

Joint EBA and EBA CLEARING lunch session “The practical benefits of fraud-fighting collaboration”

Fraud is growing exponentially: fraud in SCT Inst is nine times higher than in SCT – and is increasing by more than 50% every year. In this session, the EBA and EBA CLEARING will zoom in on the biggest challenges when it comes to fraud fighting and hear about early results leveraging collaborative initiatives. The discussion will cover Verification of Payee (VOP) and what it can and cannot do to reduce fraud. And it will focus on the potential of artificial intelligence (AI) in the fight against fraud, and what the industry can do to support AI. Learn more about the latest developments for EBA CLEARING’s Fraud Pattern and Anomaly Detection (FPAD) functionality, its SEPA-wide verification of payee (VOP) solution and the EBA Fraud Taxonomy, a harmonised fraud vocabulary and categorisation approach for naming and organising payment fraud types, in a joint EBA and EBA CLEARING lunch session on Tuesday, 27 May, 12:30 to 13:10 CET. The session takes place in room 2 and features a panel of RT1 and STEP2 users who will share their first experiences with FPAD VOP.