Status as of March 2026
As of 27 March 2026, the next EU payments package is still in the legislative process. Firms should treat the package as the direction of travel until the final legal text is settled and formally adopted.
That distinction matters for complaint teams. You can and should prepare your controls now, but you should label internal materials carefully so staff do not treat draft policy points as already-effective law.
What the package is trying to change
The public direction of travel is to harden the anti-fraud framework and make payment providers more accountable for using preventive tools well. That includes broader account-name verification, stronger fraud-information flows, and more scrutiny of whether the PSP used the controls it says it relies on.
That means complaints teams should expect more arguments about spoofing, APP-style fraud, and whether the PSP actually used the controls the framework expects before a payment was executed.
- Fraud controls become part of the complaint evidence pack.
- Name-check logic matters before execution, not just after the loss.
- Liability arguments will increasingly turn on control design and control use.
What to build now
The best preparation is operational, not cosmetic. PSPs should map the current complaint workflow against the likely future fraud controls and ask where evidence would be missing if a customer challenged the firm's prevention steps tomorrow.
That usually means building clearer audit trails around warnings shown, name-check results, transaction holds, scam-intervention steps, and the rationale for any reimbursement or refusal.
- Capture warning screens and customer-interaction evidence.
- Store name-check outcomes and any override logic.
- Keep fraud-operations and complaints teams on one shared chronology.
- Review reimbursement templates so they explain control usage, not just the outcome.
How complaint responses will change
Once the package is final, the complaint response will need to say more about what the PSP did before the payment was executed. Customers, supervisors, and ombudsman bodies will not stop at 'the customer was tricked'. They will ask whether the PSP used the controls the new framework expects and whether the warning or verification flow was actually effective.
That means fraud complaints should move away from generic negligence wording and toward evidence-linked explanations of preventive steps, control outcomes, and the specific basis for any liability allocation.
What to watch between now and go-live
The operational watchlist is straightforward: the final legislative text, national implementation signals where relevant, scheme-rule interaction, and the vendor roadmap for account-name checks and fraud-information sharing.
Teams that monitor those items now will be able to update their complaint templates, controls, and governance before the first wave of regulator or ombudsman scrutiny lands.
- Track the final adopted text rather than relying on old consultation summaries.
- Map which customer journeys will need new warnings or verification points.
- Refresh complaint playbooks once the final liability wording is known.