FRIDA: the future European framework for sharing fraudulent IBANs

FRIDA, which stands for Fraud Information Distribution Arrangement, is the project led by the European Payments Council (EPC) to organise the sharing of fraud-related information between Payment Service Providers (PSPs) in Europe.

The objective is straightforward: to allow PSPs to report and consult information relating to bank accounts suspected of fraud, in order to improve their transaction monitoring mechanisms.

FRIDA is part of a broader evolution in European payments. After Verification of Payee, which checks the consistency between the beneficiary’s name and IBAN before a credit transfer is executed, Europe is preparing the next building block: the structured sharing of fraud signals between PSPs.

This development responds to an operational reality. Fraudsters often use mule accounts, move funds quickly and exploit information silos between institutions. An IBAN may be detected as suspicious by one PSP while remaining unknown to others. FRIDA is designed precisely to reduce this information asymmetry.

The PSR will make this information sharing possible

FRIDA falls within the framework of the European Payment Services Regulation (PSR), which strengthens PSPs’ obligations in relation to fraud prevention. The text introduces requirements relating to transaction monitoring and information sharing between PSPs.

Article 83a, which specifically addresses fraud data sharing, provides that PSPs may exchange information where there are justified reasons to suspect fraudulent behaviour.

FRIDA provides a common framework for this: shared rules — the scheme — and a central platform enabling PSPs to share fraud alerts securely, either directly or through a technical service provider.

How will the sharing of fraudulent IBANs work in practice?

PSPs will be able to connect directly to the central FRIDA platform, known as the FRIDA Central Platform (FCP), to submit their alerts. They may also connect indirectly through a Fraud Information Platform (FIP). A FIP may be a technical provider or a national platform connecting multiple PSPs to FRIDA.

The operating model defined by the EPC is based on alerts. When a PSP detects a potentially fraudulent bank account, it may create a fraud alert. This alert contains an IBAN and a set of information authorised by the regulatory framework, such as the date and reason for the fraud, the type of transaction, and other relevant data.

Once the alert has been received, the central platform makes it available to the other participants. PSPs can then integrate this data into their own transaction monitoring tools.

It should be noted that FRIDA does not decide whether a transaction should be blocked. FRIDA’s role is to distribute fraud-related information. Each PSP remains responsible for its internal rules, its risk analysis and the decisions resulting from that analysis.

The lifecycle of a FRIDA alert

Once shared, an alert may be corrected or cancelled by its author. This is essential to prevent an IBAN from remaining indefinitely associated with a risk if the alert turns out to be incorrect or obsolete.

The PSP servicing the reported account may also provide an assessment of the alert, for example by confirming or rejecting it, in order to clarify the status of the account.

This lifecycle approach is important. A fraud data sharing system can only work if the information is accurate, updated and proportionate.

MISP: the likely technological platform for FRIDA

The RFI launched by the EPC in early 2026 mentions Malware Information Sharing Platform (MISP) as a likely option for the future FRIDA platform.

MISP is an open-source technology used to collect, structure and share cyber threat intelligence. It is already used by several national fraud data sharing initiatives, including the French “FNC-RF” framework implemented by Banque de France in 2026.

This makes MISP a natural candidate for FRIDA, although the EPC has not yet formally confirmed the final technology choice.

The UK precedent: Cifas

This European initiative follows the logic of other fraud data sharing initiatives, such as Cifas in the United Kingdom, which already operates a mature fraud information sharing framework.

Cifas enables its members to share information relating to fraud cases or fraud risks. Its scope is broader than FRIDA, as it may include the registration of fraudulent identities and involves non-bank actors, including telecom operators.

FRIDA therefore follows a slightly different logic. It is focused on payment fraud and, more specifically, on the reporting of bank accounts used in fraudulent schemes.

A timeline PSPs should anticipate

The EPC has already launched a market consultation to identify a provider capable of designing and operating the central FCP platform, with a target launch in early 2028.

However, the timeline will depend on several factors: the finalisation of the PSR text, the choice of technical model, the definition of the scheme rules and the ability of PSPs to connect to the platform.

For PSPs, the key point is not to wait until the final rules are published. FRIDA is likely to become one of the next major compliance and payment security projects in Europe.

Conclusion

FRIDA marks a new step in the fight against payment fraud in Europe. After Verification of Payee, the challenge is now to enable PSPs to share the fraud signals they detect, particularly when an IBAN is associated with a risk.

The project is not yet finalised. The rules, the platform and the timeline still need to be specified. But the direction is clear: the fight against credit transfer fraud is becoming more European, more collective and more structured.

For PSPs, FRIDA should be seen as the next major compliance project in payment security.