Finland's Financial Supervisory Authority recommends stronger security limits and fraud monitoring for online payments as Instant Payments Regulation requirements take effect

Finland's Financial Supervisory Authority (FIN-FSA) has published recommendations for banks operating in Finland to strengthen online and mobile banking payment security, following a spring 2025 follow-up assessment of credit institutions’ controls and processes. The recommendations focus on tightening security limits for credit transfers, improving payment controls and upgrading real-time fraud monitoring, against the backdrop of the EU Instant Payments Regulation (IPR) accelerating euro-denominated payments. On security limits, FIN-FSA recommends offering both per-transaction and daily euro limits for account-based payments, covering both instant payments and standard credit transfers. It also recommends that banks automatically set per-transaction and daily euro limits for retail customers’ credit transfers where customers have not set limits themselves, with levels determined on a risk-based basis. Other recommended controls include delay settings or similar safeguards when a customer installs a new identification application, and requesting additional confirmation when monitoring indicates a potentially fraudulent transaction. For fraud monitoring, FIN-FSA recommends greater use of customer-behaviour signals in real time, such as payment history, size and time of payment, channel, recipient and unusual payer location. The release also notes that, as of 9 October 2025, euro area banks must be able to send instant credit transfers, with execution within ten seconds 24/7, and must apply payee verification by matching payee name and account number for all account-based payments. FIN-FSA will monitor banks’ implementation of these recommendations through its normal supervisory work.