Yasmine Yassin
Finance Innovation
Artificial intelligence (AI) is no longer a distant promise—it is reshaping industries in real time. In finance, the shift is especially striking. AI systems are now detecting fraudulent activity in ways traditional rule-based methods simply cannot match. But as digital fraud becomes increasingly sophisticated, a new question emerges: can the European Union (EU) keep up?
From Brussels to Paris, regulators and financial institutions face a growing dilemma. The tools to combat rising fraud, especially AI-powered models that scan billions of transactions for anomalies, are advancing quickly. Yet the regulatory machinery charged with overseeing them is struggling to keep pace.
In the UK, for example, Mastercard has already launched an AI-driven “Consumer Fraud Risk” (CFR) tool that assigns real-time risk scores to outbound payments. The tool, credited with preventing substantial losses from Authorised Push Payment (APP) scams like romance and investment fraud, is now slated for international expansion. “Our systems can identify risky transactions before they even leave the bank,” Mastercard stated in a 2024 press release announcing the global rollout of the CFR tool (Mastercard, 2024).
Yet, this level of innovation hasn’t been as easily replicated across the EU. Despite growing interest in the technology, the bloc’s heavily layered regulatory framework has proven a significant hurdle. One of the primary obstacles is the upcoming EU Artificial Intelligence Act, a sweeping proposal to regulate high-risk AI systems. While intended to ensure safety, fairness, and transparency, this Act also places considerable compliance burdens on developers of AI systems used in sensitive sectors like finance.
Adding to the complexity is the General Data Protection Regulation (GDPR). Any AI system designed to scan financial transactions must contend with stringent data privacy rules, including principles like purpose limitation, data minimisation, and the right to object to automated decision-making. “The overlap between AI and GDPR creates a grey zone,” said one EU digital compliance analyst. “Especially when you’re using behavioural data to catch fraud—how much data is too much?”
Meanwhile, the financial threat landscape is growing faster than ever. According to a 2024 report jointly published by the European Central Bank and European Banking Authority, fraud across the European Economic Area totalled €4.3 billion in 2022, with an additional €2 billion lost in just the first half of 2023 alone (ECB & EBA, 2024). In France, the Banque de France recorded a notable rise in digital payment scams, especially peer-to-peer transfers: a method particularly vulnerable to delayed detection (Banque de France, 2024).
Despite regulatory efforts, implementation often lags behind innovation. Brussels’ proposed Payment Services Directive 3 (PSD3) and Payment Services Regulation (PSR) aim to modernise, oversight and tighten fraud resilience. Yet for many experts, these reforms may not be enough. “Regulation is catching up, but fraud is evolving faster,” says Dr. Maria Andersen, a fintech researcher at the University of Amsterdam. “And unlike the UK, the EU must coordinate across 27 member states with varying legal systems and political agendas.”
This regulatory fragmentation has real consequences. While nations like Estonia and the Netherlands are experimenting with AI-enhanced fraud tools under innovation sandboxes, others face bureaucratic bottlenecks. In France, the lack of consistent data sharing between public institutions and banks has slowed progress, despite mounting fraud losses. “The biggest challenge is not the tech, it’s the governance,” Andersen explains.
Yet there’s reason for optimism. The EU’s AI Act, for all its caution, also signals a growing recognition of AI’s transformative power. And with PSD3 aiming to standardise incident reporting and foster data interoperability, the pieces are hopefully falling into place for more agile fraud detection ecosystems. The challenge now lies in execution.
At its core, the story of AI and fraud in Europe is not about technology alone. It is also about political will, regulatory courage, and the delicate balance between innovation and protection. The tools to detect and prevent fraud exist. The question is: will the EU be ready to use them before the next surge of digital crime arrives?
References:
- Mastercard. (2024). Mastercard expands AI technology to prevent fraud. https://www.mastercard.com/news/press/2024/september/mastercard-expands-first-of-its-kind-ai-technology
- European Commission. (2023). AI Act Proposal. https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
- European Commission. (2021). GDPR Q&A. https://ec.europa.eu/commission/presscorner/detail/en/QANDA_21_1683
- ECB & EBA. (2024). Joint Report on Payment Fraud. https://www.banque-france.fr/en/press-release/ecb-and-eba-publish-joint-report-payment-fraud
- Banque de France. (2024). Observatory for the Security of Payment Means Annual Report. https://www.banque-france.fr/en/publications-and-statistics/publications/annual-activity-report-observatory-security-payment-means-2023
- European Commission. (2023). Proposal for PSD3 and PSR. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52023PC0366
