PSD3 and AI agent payments: are current controls enough?

TL;DR: PSD3 is moving European payment rules toward bank liability for bank impersonation scams and stronger fraud prevention expectations, while also signalling that AI agents are not yet covered by current legislation, according to OneSpan's interview with ThreatFabric's Eward Driehuis. The gap is no longer theoretical: payment governance is now colliding with delegated automation, and identity controls must catch up.

NHIMG editorial — based on content published by OneSpan: PSD3 updates and the regulatory impact on fraud prevention

By the numbers:

• 75% of APP fraud actually originated on social, on social media platforms or via SMS messages.
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.

Questions worth separating out

Q: What breaks when payment fraud controls assume a human is always the actor?

A: Controls break when they rely on human behaviour, because delegated software or impersonation scams can move value without the same signals a person would produce.

Q: Why do bank impersonation scams create a liability problem for identity teams?

A: They create a liability problem because the scam is built on trust abuse, not only transaction abuse.

Q: How should organisations govern AI agents that can make payments on behalf of users?

A: They should govern those agents as separate non-human actors with their own approval, audit, and delegation boundaries.

Practitioner guidance

• Map payment flows to the real decision-maker Separate human-authored transfers, delegated software actions, and bank-initiated workflows so each has a distinct trust and liability path.
• Classify impersonation cases by origin and actor Build fraud taxonomy that distinguishes bank impersonation, tech impersonation, and other APP scam types, then preserve evidence on channel origin, customer interaction, and verification step.
• Inventory delegated payment capabilities Identify where AI agents or other software can make or complete purchases, and document whether those paths have a separate approval model, audit trail, and rollback path.

What's in the full article

OneSpan's full interview covers the regulatory detail this post intentionally leaves for the source:

• The political-trilogue background behind PSD3 and PSR, including how the liability language reached agreement.
• The discussion of when banks can transfer liability to social media platforms or telecommunications providers.
• The interview's examples of technical and behavioural fraud prevention measures beyond the high-level policy view.
• Frederik Mennes's view on where AI agents fit into the next wave of payment regulation.

👉 Read OneSpan's interview on PSD3 fraud liability and AI agent gaps →

PSD3 and AI agent payments: are current controls enough?

Explore further

View Full Forum →  |  NHI Foundation Course →