Bank of Lithuania

Summary

Payments market in Lithuania

In 2021, 1.62 billion non-cash payment transactions (€436.8 billion in value) were initiated by using the services of Lithuanian payment service providers (PSPs). Compared to 2020, the number of non-cash payment transactions executed by Lithuanian PSPs almost doubled, mainly due to transactions executed by customers residing abroad (their number in Lithuanian PSPs increased significantly after Brexit) in their countries of residence. The payment habits of Lithuanian residents and businesses and the use of payment services are most accurately reflected by domestic payment transactions, i.e. payment transactions executed between the customers of Lithuanian PSPs. In 2021, the total number of domestic non-cash payments went up by 15.7%, compared to 2020, and stood at 738 million with a value of €311.2 billion. Card payments accounted for 58%, credit transfers for 35% and other payment services for 7% of all domestic payment transactions carried out in Lithuania in 2021.

In 2021, despite the easing of pandemic restrictions, the amount of cash withdrawals did not reach the level recorded in the pre-pandemic year 2019. In 2021, 43.3 million cash withdrawals were made in Lithuania using payment cards issued in Lithuania, which is 25% less than in 2019, while the value of cash withdrawals decreased by almost 8% and amounted to €8.9 billion. ATMs were the main place to withdraw cash. The year 2021 marks the switch to using payment cards for payments more often than for cash withdrawals. The use of e-commerce transactions also increased: until 2021, Lithuanian residents and businesses preferred using Bank link service and payment initiation service for e-commerce, but in 2021, remote card payments were used equally frequently.

Banks remain the principal PSPs for Lithuanian residents and businesses, but the market share of non-banks is steadily growing. Considering all payment services provided by Lithuanian PSPs to Lithuanian residents and businesses, including credit transfers, direct debit, card payments, e-money payments and other payment services, in 2021 bank customers carried out 80.8% of all non-cash payment transactions, customers of electronic money institutions (EMIs) and payment institutions (PIs) – 19%, and customers of credit unions (CU) – 0.2%. In 2021, as compared to 2020, the market share of banks providing all non-cash payment services in Lithuania decreased by 3 percentage points in terms of number, with the equal growth of the market share of non-banks. In Lithuania, banks dominate card payments and credit transfers, while non-banks were the main providers of other less used payment services.

In Lithuania, small businesses in different economic sectors offer different non-cash payment options to their customers. The share of small businesses that accept card payments ranges from 20% to almost 80% across sectors, while self-employed natural persons relatively rarely provide the possibility of payment by payment card (17%). It is considered that the attitude of entrepreneurs towards accepting non-cash payments could be changed by the requirement for salaries to be transferred into accounts which came into effect from 2022. If residents pay more often by card and businesses accept more non-cash payments, the need for depositing cash into company accounts will be reduced. Additional incentives are also needed to set up POS terminals or other means for accepting non-cash payments, therefore, partial and temporary reimbursement of the costs of accepting card payments for small businesses could contribute to the development of electronic payments. Some entrepreneurs argue that the reimbursement would encourage them to start accepting card payments, but the mandatory requirement to accept electronic payments is viewed controversially.

As the number of electronic payments in Lithuania increases, so does the number of fraud cases. Card payments (in terms of the number of transactions) and credit transfers (in terms of value) account for the largest share of fraud. The information available to the Bank of Lithuania shows that fraudsters direct their efforts towards the consumer rather than the technical hacking of the payment instrument. Fraudsters engage in various behavioural manipulation techniques and trick consumers into disclosing their sensitive data and confirming the fraudster’s actions by entering their PIN codes. Taking into account the relevance of the fraud problem, the Bank of Lithuania has included in its strategic plan a direction – to increase the resilience of consumers and financial market participants to fraud, to improve financial literacy of consumers for them to be able to safely use electronic payment services, as well as to encourage market participants to prioritise fraud prevention. Market participants are also aware of the importance of fraud prevention and are already taking targeted action.

The investigation phase of the digital euro project has reached the halfway and the initial decisions on the features of the digital euro have been taken. The primary objectives and design options have been sorted out in the digital euro project. One of the key objectives is to preserve the role of central bank’s money as a monetary anchor of the payment system in the context of changing payment habits and the means of payment. The digital euro would be a public service and promote innovation. Following an initial analysis and an assessment of changing payment habits, four areas where the digital euro could be actively used as a means of payment were identified: payments at physical points of sale, e-commerce, person-to-person transfers and government payments. The investigation phase of the digital euro project, which started in 2021, will continue until autumn 2023, and all its work will form the basis for a decision by the Governing Council of the European Central Bank (ECB) on the potential realisation phase of the digital euro in autumn 2023.

Having assessed the level of access to cash in the country, the Bank of Lithuania undertook the initiative to improve it, as cash is still highly relevant to the public. In 2021, the Bank of Lithuania, the Lithuanian Banking Association and financial institutions signed a Memorandum of Understanding for Ensuring Access to Cash in Lithuania (hereinafter – the Memorandum). It was thereby agreed on minimum criteria for access to cash withdrawal services from payment accounts. In 2022, in accordance with the Memorandum, financial institutions installed 100 new ATMs in the regions which enabled the residents to withdraw cash under the same conditions as they do from the ATMs of their credit institutions. This has made access to cash faster and more convenient for people in the regions: around 250,000 residents in 40 municipalities across the country were provided with an improved access to cash. Alternative ways of cash withdrawal contribute to improving access to cash, but the services currently provided are not equivalent to those offered by ATMs, mainly due to limited withdrawal amount, pricing and additional conditions for withdrawals. The Bank of Lithuania will continue to monitor and assess access to cash in Lithuania and, if necessary, take initiatives to ensure access to financial services and payment instruments.

The popularity of the instant payment service is steadily growing both in the Bank of Lithuania’s CENTROlink payment system and in Lithuania. The total number of instant payments in the CENTROlink system doubled in the first half of 2022, compared to the same period in 2021. The share of instant payments executed by Lithuanian PSPs ranged from 54% to 61% of all SEPA payments in the first half of 2022. Two important upgrades were carried out in the Bank of Lithuania’s payment system CENTROlink, which will enable PSPs using CENTROlink to reach more PSPs offering instant payment services across the European Economic Area (EEA) and will allow more frequent clearing of SEPA payments. The expansion of instant payments is also supported by the Proxy Lookup Service (PLS) provided by the Bank of Lithuania. It allows initiating payments by selecting the mobile phone number of the beneficiary from the contact list. The CENTROlink operator, on its own initiative, in order to ensure the credibility of the payment system, applies measures for managing money laundering and terrorist financing (ML/TF) risks. The assessment of the ML/TF risks of the PSPs connected to CENTROlink is a continuous and ongoing process.

The importance of the reliability of non-cash payment infrastructure of countries, including Lithuania, was particularly highlighted by the outbreak of the war in Ukraine. With the outbreak of military action in Ukraine, it became clear that non-cash payments are one of the safest and most reliable means of payment for residents, the state and businesses, therefore, efforts were made to ensure that such payments are not restricted: smooth functioning of the national payment system (SEP) operated by the Central Bank of Ukraine was ensured, points of sale continued to accept non-cash payments, possibilities of withdrawing cash were extended beyond ATMs to points of sale (cash-back), refugees in foreign countries were able to pay with payment cards under international payment schemes and withdraw cash from ATMs.

Recently, the biggest threat to the financial and payment infrastructure has been associated with cyber threats, and many measures have been aimed at protection against them. The war in Ukraine has shown that the physical security of the financial infrastructure and the connection between the customer and the bank, as well as between infrastructures, are equally relevant. It should be noted that the financial market infrastructures established in Lithuania are well prepared to operate in extreme conditions, and the Bank of Lithuania, together with the main market participants, taking into account the real experience of other countries, has taken additional measures and actions that will help to strengthen the resilience of Lithuania’s financial infrastructure to extreme events.


1.Use of payment services in Lithuania

In 2021, the number of non-cash payment transactions carried out using the services of Lithuanian PSPs almost doubled, compared to 2020, mainly due to transactions executed by customers residing abroad in their countries of residence. In 2021, 1.62 billion non-cash payment transactions were initiated by using the services of Lithuanian PSPs, with a value of €436.8 billion (see Table 1). According to the number of non-cash payment transactions, 46% (78% in 2020) of the payment transactions were domestic, i.e. those between the payer and the payee with their PSPs established in Lithuania, and 54% of them were cross-border (22% in 2020). The rapid growth in the number and value of cross-border payment transactions executed by Lithuanian PSPs was mainly due to Brexit which led to the transfer of part of the accounts, payment cards and payment transactions of customers of the UK’s PSPs residing in the European Union (EU) to PSPs registered in Lithuania. This is also reflected in the rapid increase in the number of e-money accounts and the number of issued payment cards since mid-2020. At the end of 2021, the number of e-money accounts increased 9.4 times compared to the end of 2019, while the total number of payment accounts went up 3.2 times. The number of payment cards increased 9.5 times in 2021, compared to the end of 2019, with 30.7 million cards issued at the end of 2021 (3.2 million at the end of 2019). Although transactions of customers residing in foreign countries are carried out using the services of Lithuanian PSPs, they are actually carried out in foreign countries.

Table 1. All non-cash payment transactions executed by Lithuanian PSPs, by payment services

Payment services

Number of transactions

Value of transactions

millions

change, %

EUR billions

change, %

2020

2021

2020

2021

Total payments made via PSPs

817.8

1,620.1

98.1

352.6

436.8

23.9

Credit transfers

231.7

313.3

35.2

338.7

404.1

19.3

Card payments

519.7

1,234.3

137.5

10.5

28.8

174.4

Direct debit

10.2

17.6

72.9

0.2

0.5

128.5

Other payment services

56.2

54.9

-2.5

3.2

3.4

9.3

Source: Bank of Lithuania calculations.

Note: Due to data confidentiality, e-money payments are not included.

Card payments and credit transfers dominated among non-cash payment transactions executed by Lithuanian PSPs. In 2021, the number of card payments went up 2.4 times, compared to 2020, and accounted for 76% (63.5% in 2020) of all payment transactions. The number of credit transfers grew by 35.2% and accounted for 19.3% of all transactions in 2021 (28.3% in 2020). The number of other payment service transactions executed by Lithuanian PSPs fell by 2.5% and accounted for 3.4% of all transactions, while the number of direct debit transactions went up by 73% and accounted for 0.3% of the market, with all direct debit transactions being cross-border.

Table 2. Domestic non-cash payment transactions executed by Lithuanian PSPs, by payment services

Payment services

Number of transactions

Value of transactions

millions

change, %

EUR billions

change, %

2020

2021

2020

2021

Total payments made via PSPs

637.9

738.0

15.7

282.9

311.2

10.0

Credit transfers

218.1

259.6

19.0

273.5

299.3

9.4

Card payments

367.5

425.6

15.8

6.7

9.0

33.4

Other payment services

52.3

52.7

0.8

2.7

2.9

6.8

Source: Bank of Lithuania calculations.

Note: Due to data confidentiality, e-money payments are not included.

The use of non-cash payments for domestic settlements continues to grow steadily, with 2021 reaching the fastest growth in five years. It is domestic payment transactions, i.e. payment transactions executed between the customers of Lithuanian PSPs, that most accurately reflect the payment habits of Lithuanian residents and businesses and the use of payment services. In 2021, compared to 2020, the number of all domestic non-cash payments increased by 15.7% (see Chart 1), representing 738 million units and the value amounting to €311.2 billion. The fastest growth was observed in the use of credit transfers: in 2021 the number of credit transfers grew by 19%, compared to 2020, and stood at 259.6 million units. This was driven by the promotion of instant payments in Lithuania. The use of card payments also increased, with 425.6 million domestic payments made by card, representing an increase of 15.8%.

Chart 1. Number of domestic payment transactions carried out in Lithuania and its annual growth rate

Source: Bank of Lithuania calculations.

Note: Due to data confidentiality, e-money payments are not included.

The number of domestic non-cash payment transactions per capita per year in Lithuania went up by 15% in 2021. Non-cash payment transactions in 2021 in Lithuania stood at 577 per capita, of which 263 were domestic (see Chart 2). In 2021, the number of domestic non-cash payment transactions per capita grew by 35 units, compared to 2020. It should be noted that e-money payments are excluded due to data confidentiality. In 2021, compared to 2017, the number of domestic non-cash payment transactions went up by as much as 62%. The growth rate exceeded 10% each year since 2017. It should be noted that in 2021 the number of all non-cash payments per capita in euro area countries averaged 328, and 321 among all EU countries.[1]
[1] The use of non-cash payment services by Lithuanian residents and businesses could be best compared with other countries by the number of domestic payment transactions per capita, but there is a lack of statistical data for this comparison. When comparing the number of payment transactions per capita conducted by all Lithuanian PSPs with the average for the euro area or the EU as a whole, it is necessary to take into account that the Lithuanian statistical information includes payments made by customers of UK’s PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit.

Chart 2. Non-cash payment transactions per capita in Lithuania

Source: Bank of Lithuania calculations.

Notes: Payments made using the services of banks, CUs, PIs and EMIs. Due to data confidentiality, e-money payments are not included.

Card payments account for the largest share of domestic non-cash payment transactions and have a stable market share. Card payments accounted for 57.7%, credit transfers for 35.2% and other payment services for 7.1% of all domestic payment transactions carried out in Lithuania in 2021 (see Chart 3). As for the value of domestic payment transactions, the value of credit transfers covers almost the entire market, i.e. 96.2% of the value of all transactions. Credit transfers are one of the main services used by businesses for settlements and therefore have a high value.

Chart 3. Market share of domestic payment transactions carried out in Lithuania by number and value

Source: Bank of Lithuania calculations.

Note: Due to data confidentiality, e-money payments are not included.

Banks remain the main PSPs for Lithuanian residents and businesses, but the market share of non-banks is steadily growing. Taking into account all payment services provided by Lithuanian PSPs to Lithuanian residents and businesses, including credit transfers, direct debit, card payments, e-money payments and other payment services, in 2021, 80.8% of the total number of non-cash payment transactions were carried out by bank customers (83.8% in 2020), 19% by customers of EMIs and PIs (15.9% in 2020), and 0.2% by customers of CUs (0.2% in 2020) (see Chart 4). Transactions initiated by Lithuanian residents and businesses in banks accounted for 91.1% of the value of all payment transactions executed via Lithuanian PSPs. While the total number and value of executed transactions increased among all PSPs, the market share of banks providing all non-cash payment services in Lithuania decreased: in 2021, their market share by number decreased by 7.7 percentage points compared to 2019, with the same increase in the market share of non-banks.

Chart 4. Market share of PSPs in the provision of all non-cash payment services

Source: Bank of Lithuania calculations.

Note: This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021.

The provision of the most used payment services to Lithuanian residents and businesses is dominated by banks, while non-banks have completely taken over less used specific payment services. In 2021, credit transfers accounted for 30.4% of all non-cash payment transactions, of which 27.8 percentage points were made by banks and 2.6 percentage points by EMIs and PIs (see Chart 5). The share of the latter increased slightly by 1 percentage point compared to 2021. Of the card payments market share (55%), banks accounted for 53 percentage points and non-banks for 2 percentage points. Non-banks were the main PSPs offering e-money payment services, which are often an alternative to credit transfers, as well as other payment services, most of which are money remittances used to pay for utilities or other services, and direct debit. It should be noted that direct debit in Lithuania is provided to businesses and residents of other countries. In 2021, the market share of e-money payments grew from 3.5% in 2020 to 6.6% in 2021. The market share of other payment services declined slightly to 6% in 2021.

Chart 5. Structure of the number of provided different payment services by PSPs

Source: Bank of Lithuania.

Notes: The chart shows the percentage share of PSPs providing different payment services compared to the total number of non-cash payment transactions provided during the year. This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021. The market share of CUs is not shown in the chart as their market share was only around 0.2% in 2020 and 2021.

In 2021, as physical restrictions due to the pandemic in Lithuania eased, the number and value of cash withdrawal transactions remained lower than during the pre-pandemic year 2019. In 2021, 43.3 million cash withdrawal transactions were carried out in Lithuania using payment cards issued in Lithuania, with 42.1 million cash withdrawals from ATMs located in Lithuania and 1.2 million of cash withdrawals at points of sale with POS terminals (see Chart 6). The value of cash withdrawn in 2021 stood at €8.9 billion. The number of cash withdrawals fell by 25% and their value declined by almost 8% in 2021, compared to the pre-pandemic year 2019. Compared to 2020, the number of cash withdrawals in 2021 was almost 8% lower, while the value of cash withdrawals increased by 1%. ATMs were the main place to withdraw cash: 97.2% of all cash withdrawals were made at ATMs in 2020 and 2021, and 96.5% in 2019.

Chart 6. Number and value of cash withdrawals at ATMs or points of sale with POS terminals

Source: Bank of Lithuania.

The use of payment cards for payments rather than for cash withdrawals has been rising, with payment cards being used more often for payments than for cash withdrawals in 2021. In 2021, for the first time, more than half of the value of the money spent using a payment card issued to residents and businesses in Lithuania was spent by paying with a card rather than withdrawn in cash. The share of card payments increased year on year, reaching its peak of 5.6 percentage points (up to 53.2%) in 2021 compared to 2020. In 2021, the share of the value spent by payment card went up by 9.1 percentage points compared to the pre-pandemic 2019 (see Chart 7).

Chart 7. Structure of the amount spent and of the amount of cash withdrawn using a payment card

Source: Bank of Lithuania.

Note: This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021.

E-commerce payments are used more and more by Lithuanian residents and businesses. Compared to 2020, the number of e-commerce transactions initiated by all Lithuanian residents and businesses in 2021 increased by 43.8% (24.5% in 2020), with their value growing by 40.4% (52.5 % in 2020). E-commerce payments in Lithuania mainly consist of two parts: specialised credit transfers (Bank link and payment initiation services) and online card payments. In 2021, Bank link and payment initiation service transactions made by Lithuanian residents and businesses accounted for 13.7% of the total number of credit transfers (14.1% in 2020), while online card payment transactions accounted for 7.3% of the number of card payments (4.6% in 2020).

Until recently, Lithuanian residents and businesses preferred Bank link service and payment initiation service for e-commerce, but in 2021, remote card payments were used equally frequently. The number of domestic and cross-border card payments made via the internet by Lithuanian residents and businesses via the Lithuanian PSPs in 2021 saw the biggest growth of as much as 85.5%, while the number of Bank link and payment initiation services increased by 18%. In 2021, remote card payments became an equally used e-commerce service by Lithuanian residents and businesses, both in terms of number and value, and accounted for 49.2% of the e-commerce payment market by number (see Chart 8).

Chart 8. Number and value of e-commerce transactions

Source: Bank of Lithuania.

Comments: E-commerce payments in Lithuania mainly consist of two parts: specialised credit transfers (Bank link and payment initiation services) and online card payments. This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021.


2.Non-cash payments in small businesses

In Lithuania, the choice of non-cash payment options varies across different small business segments. According to the data of the survey of small-sized enterprises on payment services commissioned by the Bank of Lithuania,[2]
[2] Survey of businesses on payment and other financial services commissioned by the Bank of Lithuania and conducted in 2022. The survey sample includes small businesses selling goods and providing services in physical locations: microenterprises and small enterprises (300 surveyed enterprises) and self-employed persons (150 surveyed persons).
around 80% of small businesses in the retail, food and beverage supply sectors provide their customers with the possibility of payment by cards. Around half of these businesses report that more than half of their revenue comes from non-cash means (card payments or other payment methods). In other sectors, mainly those providing various services (beauty and medical services, repair of home appliances or cars, rental of leisure and sports gear, various machinery and equipment), the possibility of payment by card is provided for by a smaller share of enterprises, i.e. 20-40% (see Chart 9). In some areas, where card payments are accepted more rarely, other non-cash payment methods, such as credit transfers, may be more relevant. The majority of small businesses (75-95%, depending on the sector) indicate in the survey that they provide the possibility of payment by credit transfer.

Chart 9. Acceptance of card payments by small businesses in different sectors in 2022

(share of businesses accepting card payments, percentages)

Source: Survey of small businesses commissioned by the Bank of Lithuania.

Self-employed natural persons provide for the possibility of payment by card considerably less frequently compared to representatives of small business (enterprises). 17% of self-employed persons surveyed provide the card payment option. Only the retail trade sector stands out, with around half of the persons providing the card payment option, while in other sectors this share is significantly smaller and below the average share of self-employed persons. However, as in the case of enterprises, the option of paying by transfer is provided by a relatively high portion of self-employed persons (50-90% in different sectors). More than half of the income is received in non-cash form by 45% of the self-employed persons surveyed, while 14% of the persons reported receiving all their income in cash.

A large share of small businesses report that they do not accept card payments because their customers do not express a need for them, and because the businesses are not satisfied with the price of the service. 38% of legal entities and 21% of self-employed persons reported that their customers have not inquired about this option. A third of enterprises and a quarter of natural persons said they were not satisfied with the price of the service. Such attitudes are echoed in answering questions about what would encourage entrepreneurs to adopt this method: most entrepreneurs point to the increasing number of customers wishing to pay by card (23%) and the attractive pricing of card payment services (28%). Moreover, a significant number of respondents stated that it would be relevant to temporarily try the service free of charge (18%).

In the view of the Bank of Lithuania, the requirement that salaries be transferred to accounts, which came into force in 2022, could also change the attitude of entrepreneurs towards accepting non-cash payments. In the survey, 19% of enterprises reported that they were negatively affected by this requirement. The main negative aspects referred to include increased costs, dissatisfied employees (because they have no choice about how to get paid), and burden on the company (mainly due to the need to encash more frequently). The need to deposit cash would be reduced if more people paid with payment cards and more enterprises provided the non-cash payment option. 75% of enterprises reported that they were not affected by the requirement to transfer salaries into accounts. It is likely that they had already been transferring salaries into accounts before the requirement came into force.

Various measures, such as temporary reimbursement of the costs of accepting card payments or the introduction of a mandatory requirement for enterprises to accept non-cash payments, could contribute to accelerating the uptake of non-cash payment acceptance solutions in small businesses. Card payments are currently available for payment at points of sale and services at the time of purchase. Credit transfers are not suitable for all situations, for example, they are convenient when the payment is made in advance or when the seller can postpone the payment for a certain period of time. The widespread instant payments that can be initiated via smartphones can also be used in businesses providing beauty and medical services. Incentives are mainly needed for the deployment of POS terminals, as merchants and service providers who do not have them often cite price-related reasons for not accepting card payments. Thus, partial and temporary reimbursement of the costs of accepting card payments by small enterprises could contribute to the development of electronic payments.

Some entrepreneurs argue that the reimbursement would encourage them to start accepting card payments, but the mandatory requirement to accept electronic payments is viewed controversially. One way to incentivise businesses is to reimburse the cost of accepting payment cards for some time. When asked whether they would start accepting card payments if all the costs associated with accepting card payments would be reimbursed for the first year, 15% of enterprises that did not yet accept card payments and 17% of self-employed persons said yes. Another 30% more of the enterprises and self-employed persons would consider this option. Another alternative is to lay down that all merchants (except the smallest ones) must provide the possibility of payment by cards, but in order to ease the burden, the costs for the first year would be reimbursed. This alternative is viewed as rather controversial: 44% of legal entities and 48% of self-employed persons would be in favour of the scheme, while 26% of small enterprises and 15% of self-employed persons would be of an opposite view. The entrepreneurs who take a negative view of such a scheme point out that they would not be satisfied with the element of “mandatory” and the aim of reducing payments in cash, as well as with the fact that they would have to start paying for services after a year.



3.Fraud prevention

As the number of electronic payments increases, so does the number of fraud cases. The number and value of payment transactions executed by Lithuanian PSPs has increased significantly in recent years (see more in Chapter 1). Unfortunately, there has also been a tremendous growth in the number of fraud cases that the PSPs have to deal with when executing payments of individuals and businesses. The number of frauds related to payments reported by PSPs[3]
[3] The information is provided on the basis of the data of fraud cases from July 2018 to the end of 2021 provided by the PSPs. This includes fraud relating to payments made by residents and businesses. It embraces payments made by residents and businesses from other EU and non-EU countries to which Lithuanian PSPs provided payment services. The data collected did not include information on who bore the fraud losses, whether the PSP or the customer.
was 35.7 thousand in 2019, 239.1 thousand in 2020 and 2021, with the value of €9 million in 2019, €20.7 million in 2020 and €73.2 million in 2021. It is particularly worrying that the share of the number and value of fraudulent payments as compared to the number and value of all executed payments is rising (see Chart 10).
Card payments (in terms of the number of transactions) and credit transfers (in terms of value) account for the largest share of fraud. In 2021, the number of fraudulent payments that customers of card-issuing PSPs were exposed to was 37.3 thousand, while card-accepting PSPs dealt with 131.9 thousand cases of fraud. In the same year, there were 43.2 thousand fraudulent credit transfers, with their value amounting to €54.3 million. The value of payment card fraud in 2021 at card-issuing and card-accepting PSPs was €1.6 million and €4.9 million respectively. The absolute number and value of fraud cases in other payment services is relatively low, but the trend is upward. Compared to the EEA countries for which data are published,[4]
[4] Discussion paper on the EBA’s preliminary observations on selected payment fraud data under PSD2, as reported by the industry.
the share of fraudulent payment card transactions reported by card-issuing PSPs in Lithuania in the second half of 2020 (0.0037%) was lower than the EEA median (0.0103%). In contrast, the share of the value of fraudulent credit transfers in Lithuania was higher (0.0028%) than the EEA median (0.001%).

Chart 10. Share of the number and value of fraudulent payments as compared to the number and value of all payment transactions executed

Source: Bank of Lithuania.

One of the most common types of fraud in Lithuania has recently been the sending of SMS messages with active links to fake websites of commercial banks (smishing). The complaints received by the Bank of Lithuania from payment service users show that SMS messages are sent on behalf of one of the commercial banks, most often alerting the user of allegedly suspicious activities in their account, the need to update their online bank account, the need to prevent the loss of their account, etc. By clicking on a link in the message, users are taken to a fake website of the bank in question, where they enter their internet banking login details and personal data. Consumer vigilance is often undermined by the fact that sometimes such messages appear in the general stream of other messages received from the bank, and that fictitious bank websites resemble the real ones, thus it requires a lot of diligence to spot differences in the names of the websites or their links (web addresses). Quite often consumers not only enable fraudsters to expropriate their online banking login details and personal data by entering them on a fictitious website, but also confirm the fraudster’s actions by entering their PINs when prompted by the Smart-ID app on their phones. This is used to execute payments disputed by users and sometimes even to create a new Smart-ID account on behalf of users on a device controlled by third parties (fraudsters).

Furthermore, there is a common form of fraud where messages are sent to consumers on behalf of parcel post companies about an alleged receipt of payment by a post terminal operator for goods sold by the consumer which the supposed buyer wants to purchase. In such cases, the consumer’s contact details are obtained from online advertising portals, trading or exchange platforms on which the consumer uploads an advertisement for the product to be sold/exchanged. To supposedly receive the funds, the consumer is asked to click on a link in an SMS or mobile chat app and enter their personal data and payment card details on a fictitious website of the parcel post company. As in the case of fraud on behalf of commercial banks, consumers often not only enter their personal data and personalised security credentials of their payment instruments (payment cards) on a fictitious website upon receipt of messages purporting to be from parcel post companies, but also enter PINs when prompted by the Smart-ID app on their phones. This is how the payments disputed by consumers are made.

The problems observed by the Bank of Lithuania in the area of fraud prevention are also related to the lack of consumer education and information, as well as inattentiveness of consumers. Consumers often rush to quickly follow the instructions in the messages without getting to understand the point of what they are doing, they fail to read the text of the message in the Smart-ID app requesting to enter PIN1 and/or PIN2 which usually accurately defines the purpose of the request for PINs. Thus, without realising the point of their actions, consumers confirm payments disputed afterwards or, in some cases, even the creation of a new Smart-ID account in their name on a device controlled by a third party (fraudster). Many consumers also lack knowledge about the payment instruments they use and their security features (e.g. there are cases where consumers do not know what the CVC code of a payment card is and why it should not be disclosed to third parties). The information available to the Bank of Lithuania shows that fraudsters focus their efforts on the consumer rather than on the technical hacking of the payment instrument and use various behavioural manipulation techniques.

In most cases, PSPs consider consumers liable for payment transactions carried out in the face of fraud and see no grounds to compensate for the losses incurred. The experience of examination of complaints and disputes shows that PSPs base their absence of liability for payment transactions disputed by consumers on the fact that such payment transactions, i.e. fraudulent and subsequently disputed by consumers, are to be considered duly authorised, without assessing the individual circumstances in which they were initiated and executed. PSPs recognise such payment transactions as unauthorised without disputing to the circumstances indicated by the consumers that they had not been initiated by them and that they had not intended to authorise them, but they believe that the consumers act (by disclosing the personalised security details of their payment instruments and by authorising the payments) in gross negligence, therefore PSPs are not to be held liable for the losses suffered by the consumers.

Having considered the relevance of the fraud problem, the Bank of Lithuania has included in its Strategic Plan a direction to increase the resilience of consumers and financial market participants to fraud. The change sought by this strategic direction is the increasing financial literacy of consumers in using payment services safely in the online space, the increasing awareness of market participants as well as the need to prioritise fraud prevention by investing in both consumer education initiatives and improved payment transaction authorisation and monitoring tools. In order to achieve these goals, communication tools for consumers (e.g. effective and engaging information campaigns) and proposals to financial market participants on specific measures in line with the best market practices intended to prevent fraud, as well as fostering interinstitutional cooperation to effectively implement and apply in practice fraud prevention measures are envisaged.

Market participants are also aware of the importance of fraud prevention and are taking targeted action. The Centre of Excellence in Anti-Money Laundering set up a Fraud Prevention Tactical Group to allow Lithuanian PSPs to coordinate with each other and with the competent state authorities the implementation of fraud prevention measures, such as the initiative of the National Cyber Security Centre (NCSC)[5]
[5] To combat cyber incidents, especially lightning-fast cyber-fraud attacks, the NCSC has launched a project aimed at the national domain name system firewall service for Lithuanian Internet users (hereafter – the DNS Firewall). The aim is to create a secure and reliable public DNS infrastructure to protect internet users from cyber-attacks and communications with malicious websites, such as fake banking websites, fraudulent e-commerce platforms, websites distributing malicious codes, etc.
for the Internet domain name system (DNS) firewall or the verification of the match between the payee’s account number with their personal or company name. Financial education initiatives are also being launched. In the summer of 2022, the Lithuanian Banking Association and the twenty financial companies it unites, together with the Police Department, the Bank of Lithuania and other partners, launched the information campaign “Identify Fraudsters”, which is aimed at drawing people’s attention to the “masks” most commonly worn by fraudsters. The campaign has been aired on national TV and radio stations, and more information about the most popular fraud scenarios is published on the website at www.atpazinksukciu.lt/en.

In addition to these anti-fraud measures, greater compensation to consumers for losses resulting from unauthorised payment transactions should also be considered. There are countries which, in the face of high levels of fraud, are setting up PSP-funded foundations intended for compensations to victims of fraud for their losses. Such an instrument helps to maintain public confidence in digital payment services and in the activities of PSPs as such. It is therefore appropriate to raise the issue of the possibility to reimburse consumers for the amounts of unauthorised payment transactions resulting from fraud attacks even in cases where the legislation does not provide for this. In this case, each situation should be considered individually. A possible loss-sharing option should also be discussed, which would also support the incentives for consumers to be prudent.

Given that fraud is a complex and constantly evolving problem, an effective approach to tackling it requires not only close cooperation between competent authorities and market participants, but also a forward-looking approach. In most cases, fraud and the challenges it poses are tackled retrospectively, i.e. essentially by responding to a fraud attack that has already taken place or is taking place and analysing the data post factum. A rapid response to attacks in real-time and the all-embracing and coordinated application of planned measures are of key importance for effective fraud prevention. For example, if one market participant shares information about fraudulent activity, the others immediately take adequate measures to prevent the fraud from occurring again. Furthermore, the system of various preventive measures needs to be dynamic, covering various fields and able to anticipate potential areas for fraud, adapt accordingly and redirect efforts in the right direction.

The rising scale of fraud is a relevant problem across the EU, which is why strengthening consumer protection is one of the courses of action proposed by the EC. The EC identified this area in its Retail Payments Strategy published in 2020. The measure for strengthening consumer protection was included by the EC in the Legislative proposal on instant payments. The draft submitted by the EC foresees that PSPs providing instant payments will also have to provide their customers with the service of verifying whether the account number of the beneficiary as provided by the payer matches the name of the beneficiary. This service will help protect PSP customers from transferring funds to fraudsters pretending to be people or companies known to the customer and giving their account details. PSPs will be able to offer this service for instant payments and other payments to accounts in the EU alike.

The Second Payment Services Directive (PSD2) and the Law on Payments as well as the Law on Payment Institutions implementing it lay down the main rules for the provision of payment services. This year the EC launched the PSD2 review process. It is aimed at assessing the positive developments as well as the deficiencies of PSD2 and the changes in the market that would trigger an update of the PSD2 provisions. In 2023, the EC plans to present a PSD2 impact assessment and a proposal for updating the piece of legislation. The EC is holding consultations on the review of the PSD2 in several formats: a public consultation was launched to enable all stakeholders to express their views; a survey was commissioned from a consortium of consultancy firms[6]
[6] The Consortium consists of Valdani Vicari & Associati, Nicolaus Copernicus University in Torun and Centre for European Policy Studies.
on the impact of PSD2 and the identification of areas for change; and the EC also asked for the opinion of the European Banking Authority (EBA) on a range of issues. The Bank of Lithuania took part in the consultation and provided its views. The main proposals of the Bank of Lithuania made during the consultation on the PSD2 review are described below.

The PSD2 and the Electronic Money Directive should be merged. As EMIs evolve, the nature of their activities in the provision of payment services differs little from those of banks. For the consumer, e-money is basically not different from money held in accounts, especially when used for payment transactions to other PSPs, such as SEPA transfers and card payments. Payments are initiated by e-money, but the payee simply receives funds in its account instead of e-money. It is therefore worth reconsidering the concept of e-money and whether such transactions should still be regarded as e-money transactions. The term ‘e-money’ would be understood when e-money is used in close-loop systems and is perceived as e-money by all involved subjects. In addition, the prudential requirements should not differ due to the essentially identical activities of EMIs and PIs.

The provisions of the PSD2 need to be updated by taking account of new business models emerging in the market. Market participants develop a variety of business models that are not exactly as specified in the list of payment services, multiple service providers are involved, e.g. models where a product is developed and then provided by other PSPs in their own name (white-label), bundling of several services from different providers (e.g. an account, a card, and a credit limit, where services are provided by different service providers). Regulation must be in place to make it clear as to which service provider is responsible for what to the consumer, etc.

New methods of fraud must be prevented. Strong customer authentication (SCA), which is underpinned by the use of two independent factors for authentication, has helped to successfully reduce the number of unauthorised online card payments. However, new methods of fraud based on social engineering emerge, for example, by manipulating the consumer into confirming payments they did not intend to make or intended to make to another payee (authorised push payments). One of the measures proposed to combat this type of fraud is the functionality of checking the conformity of the payee’s name and their account number (confirmation of payee). It is also important to enable PSPs to exchange information on fraudsters.

It is appropriate to consider how to achieve greater standardisation of APIs. Currently, there is no single standard and operational practices at EU level, which complicates the provision of the payment initiation service (PIS) and the account information service (AIS). In addition, there should be a responsible authority with the power to impose binding requirements on operational aspects (e.g. minimum service level indicators). The proportionality aspect of the requirements for APIs should also be considered, i.e. small institutions could be exempted from the obligation to open their accounts via APIs.


4.Digital euro

The investigation phase of the digital euro project has reached the halfway and the initial decisions on the potential features of the digital euro have been taken. Since the start of the investigation phase of the digital euro project in October 2021, the Eurosystem has been engaged in a wide range of activities, including the formation of a project team, the creation of stakeholder working groups, the initiation of thematic meetings with market professionals, the selection of financial institutions for the development of the prototype, the analysis and public opinion surveys, and the cooperation with the EC which is working on the proposal for a regulatory framework of the digital euro. All this will form the basis for a decision by the Governing Council of the ECB in autumn 2023 on the possible realisation phase of the digital euro. If issued, the digital euro would not replace but complement cash.

Chart 11. Digital euro as a new payment instrument

Source: Bank of Lithuania.

The primary objectives and design options for the digital euro have been sorted out in the digital euro project. One of the key objectives is to preserve the role of the central bank’s money as a monetary anchor of the payment system. Currently, the only central bank money available to the public is cash, and in the digital age it is becoming less and less attractive for payments. As a result, the digital euro would be an electronic payment instrument provided by the central bank, thus preserving the role of central bank money as a stabiliser of the payments market. Historically, the hybrid structure of the payments market has always worked well – the central bank provides the monetary base (central bank deposits to banks) and cash to the public, and the banks provide customers with payment instruments (e.g. payment cards) to make money settlements in a bank account. An essential element of the hybrid structure is the ability of citizens to exchange private bank money (deposits) for central bank money (cash) at any time, thus maintaining mutual trust in the institutions and the currency and maintaining financial stability. However, as payment habits change, the balance of the payments market is also changing, with the emergence of a growing variety of payment instruments (e.g. digital currencies), the emergence of new PSPs (e.g. large technology companies), and the diminishing attractiveness of cash. The central bank digital currency (CBDC) could balance the way the payments market works.

Payments in the digital euros would be a public good and would promote innovation. As the use of cash for payments declines, the digital euro would be a central bank money settlement service available to the public. Such a service would be available throughout the Eurosystem, increasing the efficiency of payments and economic efficiency in the EU. The digital euro could improve the availability of payments and other ancillary services, thus enabling financial institutions, as intermediaries, to offer innovative solutions to the euro area as a whole. Smaller institutions could also take advantage of the platform to provide advanced services at competitive prices. One of the missions of central banks is to safeguard the integrity of the monetary and payments system for the benefit of citizens, and the digital euro, as a new payment instrument, could contribute to this mission and create value for the economy and society.

The success of the digital euro will depend on its use in everyday life. Following an initial analysis and an assessment of changing payment habits, four areas where the digital euro could be actively used as a means of payment were identified: payments at physical points of sale, e-commerce, person-to-person transfers and government payments. A survey of citizens and businesses revealed a number of features that would be valuable and contribute to the spread of the digital euro. Respondents say that the most valuable features of the digital euro would be a wide network of merchants accepting the digital euro, ease of use, low cost, fast payment process and consumer protection. For merchants, it is important that this payment instrument is inexpensive, easy to use and integrated with existing systems. Another important feature of the digital euro is the protection of privacy. Users should be able to choose how much and what information they wish to disclose (in accordance with applicable laws). It is essential to ensure financial inclusion because access to financial services without having a bank account is limited (except for cash). The digital euro would ensure that those who do not have a bank account or are less financially literate can make payments easily. By selecting priority use cases and taking into account the most valuable design features, the digital euro could be a successful addition to the range of payment instruments.

CBDC are becoming more relevant in today’s geopolitical context. The war in Ukraine, which broke out in February this year, has also led to financial sanctions against russia. The crypto-assets market also saw a stir at the time, as part of payments we made through alternative platforms. Payments were made not only to possibly avoid sanctions or restrictions on cash withdrawals, but also to support Ukraine or to transfer funds to relatives. Crypto-assets (e.g. bitcoin) is not a suitable payment instrument as its value fluctuates considerably. This year, the crypto-assets market is experiencing a crisis known as the crypto winter, as the value of cryptocurrencies fell significantly and remained at low levels for a long time. During the crypto winter, some cryptocurrencies collapsed, while others will suffer long-term consequences due to loss of liquidity. CBDC could be an alternative means of payment in the event of such crises, where traditional systems are disrupted, where throughput is reduced due to increased activity, or where there is a need to adapt quickly to a changing situation. An electronic version of the central bank’s money would make it possible to ensure accessibility to all groups of society, could speed up public payments to residents, and maintain independence from private payment systems.

Since 2017, an independent Lithuanian payments market forum – the Payments Council – has been operating in Lithuania. It develops discussions among market participants on selected payments market issues and makes recommendations for improving the payments market in Lithuania. The Payments Council brings together representatives of payment service users, PSPs, state institutions formulating and implementing payments policies as well as academia. In 2021, the Payments Council addressed two issues: ensuring access to cash in Lithuania and access to the data in state registers.

The Payments Council explored options for ensuring access to cash in Lithuania, focusing on sustainable access to cash in the regions as well as the improvement and development of alternative cash access methods in 2021. The Payments Council supported the Memorandum signed by the Bank of Lithuania and market participants and considered that the installation of additional cash access points by financial institutions in the regions would significantly improve access to cash to the population in the regions. The Payments Council also identified possible directions for improving and developing alternative ways to access cash, such as increasing the number of PSPs which provide the cash-with-purchase service (cashback service) with their cards and the number of points of sale offering cash services, and raising the awareness of alternative cash withdrawal services. Following the recommendations of the Payments Council, the Lithuanian Banking Association entered into discussions with VISA in order to assess the possibility of activating the cashback functionality for payments with cards of the Baltic PSPs, and the Bank of Lithuania started publishing summary information on access to cash and an accessibility map (ATMs). The Payments Council decided to revisit the issue of access to cash in 2023, when the effectiveness of the ATMs installed in the country under the Memorandum will be assessed.

In 2021, the Payments Council also carried out an analysis of access to the data in state registers and identified areas for improvement. The task force formed by the Payments Council (hereinafter – the Task Force) examined the ways of increasing the accessibility of data held in state registers and other state-owned information systems in order to improve the quality of financial services, broaden their variety and promote their development. The Task Force identified areas for improvement in Lithuania: there is a need for clearer regulation of national data availability processes in Lithuania, it is beneficial to revise the state policy on pricing of the provision of data to market participants, there should be consistency in the form and technical tools of the provision of data to market participants (standardised methods and formats, use of APIs), and expansion of the scope of the accessible data is necessary. The Task Force will make final recommendations to the relevant authorities and market participants after assessing the ongoing and planned parallel legislative work in Lithuania, as well as the planned structural transformation of the state institutions dealing with public data.


5.Access to cash

Having assessed the level of access to cash in the country, the Bank of Lithuania undertook the initiative to improve it, as cash is still highly relevant to the public. In Lithuania, the use of electronic payment instruments is increasing, but people often pay with cash as well. This is due to a variety of reasons, such as consumers’ habits, their financial and digital literacy, and the characteristics of cash (simplicity and anonymity). Residents usually withdraw cash from their accounts via an ATM, while alternative access channels (via PSP intermediaries or at the point of sale with the purchase (cashback service)) are used relatively rarely. As financial services are going digital and following the entry into force of the amendment to the Labour Code of the Republic of Lithuania to transfer wages and salaries and other employment-related payments to the employee’s payment account on 1 January 2022, the issue of access to cash withdrawal services from payment accounts became even more relevant for a part of the society, especially for the population of the regions, socially vulnerable groups, and residents who, for a number of reasons, prefer cash payments. Recognising the importance of cash to the population and in order to ensure more convenient access to cash in the regions, the Bank of Lithuania has taken the initiative to expand the network of cash access points. In 2021, the Bank of Lithuania, the Lithuanian Banking Association and financial institutions signed the Memorandum,[7] whereby agreeing on minimum criteria for access to cash withdrawal services from payment accounts.

Chart 12. Effect of implementation of the Memorandum

Source: Bank of Lithuania.

In 2022, the expansion of the network of cash access points in Lithuania implemented by financial institutions under the Memorandum made it possible for the residents of the regions to access cash faster and more conveniently: access to cash was improved for around 250 thousand people in 40 municipalities across the country. Prior to the Memorandum, ATMs were available in 91 localities (mostly in bigger towns), and after the implementation of the Memorandum, ATMs are now available to residents in as many as 191 localities. The ATM expansion is focused on regions, with 100 new ATMs installed in localities with fewer than 4,000 inhabitants (fewer than 2,000 in most of them) that have never had an ATM. People can withdraw cash from the new ATMs under the same conditions as from the ATMs of their credit institution. After the implementation of the Memorandum, 91% of the population can reach the nearest ATM within 10 kilometres and 99% of them – within 20 kilometres, compared to 82% and 95% respectively before signing the Memorandum. The effectiveness of the new cash access points and their compliance with residents’ expectations will be assessed in the future.

Following the changes to the cash infrastructure made by financial institutions in 2021, the cash access network for their customers expanded. In 2021, the connection of the ATM network of Luminor Bank AS Lithuanian Branch (hereinafter – Luminor) to the Medus network improved access to cash for the customers of Luminor and LKU group of CUs, as it ensured the possibility to use the ATM services of the joint networks on the same conditions as the ATMs of one’s credit institution. After the merging, customers of Luminor have access to ATMs in 1.1 times more localities, and customers of the LKU group of CUs – in 1.5 times more localities.

The network of alternative cash access points in Lithuania is widely distributed throughout the country and contributes to improving access to cash, but the services currently provided cannot be considered equivalent to cash withdrawal services provided via ATMs. As an alternative to ATMs, residents can withdraw funds from their accounts at UAB Perlo paslaugos terminals (hereinafter – Perlas terminals), using a payment card, and at cash desks of points of sale, when paying for their purchases by card (cashback service).

·The cash withdrawal service at Perlas terminals is available to all PSP customers with payment cards. The amount of cash that can be withdrawn at one time[8]
[8] In October 2022, the amount to be withdrawn at Perlas terminals was up to €500 per transaction.
depends on the amount of cash available at the cash desk at the time, thus, this service cannot meet the cash needs of all residents. Some PSPs include the amount withdrawn at Perlas terminals in their payment service package, but the major PSPs in the country charge extra for this service. The cash withdrawal service at Perlas terminals is only available during the opening hours of the points of sale.
·Not all PSPs provide the cashback service (one of the reasons is the inactive functionality of VISA cards[9]
[9] Representatives of the VISA international card scheme have been asked to activate cash-with-purchase functionality in the cards of PSPs of the Baltic states.
). As in case of cash withdrawals at Perlas terminals, the possibility of withdrawing funds with a purchase and the amount that can be withdrawn at one time[10]
[10] The amount that can be withdrawn per shopping is €100.
depends on how much money is available at the cash desk at the time. The service for the customer is free of charge. However, there are additional conditions: in order to be able to withdraw money with your purchase, you must have purchased goods for a certain amount (usually at least for €5). The service is available during the opening hours of the point of sale. It should be noted that the cash withdrawal service is not widely advertised.
From the Eurosystem’s point of view, cash plays an important role in ensuring the public’s freedom of choice regarding the means of payment and financial inclusion, and central banks must ensure its accessibility to the public. The importance of cash as an equivalent means of payment to other means of payment is underlined in the Eurosystem cash strategy.[11] Its purpose is to ensure that cash is always widely available and accepted as a means of payment and store of value. The issue of access to cash is addressed at Eurosystem level in working groups of EU institutions. The analysis at the country level for 2021 was carried out by the Task Force set up for this purpose by the Payments Council (see Box 2. Payments Council). The Bank of Lithuania, for its part, will continue to monitor and assess the access to cash situation in Lithuania and, if necessary, will undertake initiatives to ensure access to financial services and payment instruments.

6.Bank of Lithuania’s payment system CENTROlink

Two important upgrades were carried out in the payment system CENTROlink, which will enable PSPs using CENTROlink to reach more PSPs offering instant credit transfers across the EEA and will facilitate more frequent clearing of SEPA payments. In December 2021, following the technological changes in CENTROlink and the connection to the TARGET Instant Payment Settlement Platform (TIPS), the accessibility of the instant credit transfers was extended and more PSPs offering instant credit transfers across the EEA can now be accessed via the Bank of Lithuania’s retail payment system. In 2022, CENTROlink is ready for the changes to the European retail payment system STEP2, which will enable more frequent clearing of outgoing and incoming SEPA credit transfers in the future, i.e. faster credit transfers. This became possible in November this year, when all STEP2 participants implemented the necessary changes.

Chart 13. Number and value of all SEPA payments and instant credit transfers processed in the payment system CENTROlink

Source: Bank of Lithuania.

The popularity of instant credit transfers is steadily growing both in the payment system CENTROlink and in Lithuania. The speed of payment execution, convenience, 24/7/365 availability, the growing list of PSPs providing the service, and the geography of accessibility, as with other types of payments, increase the attractiveness of instant payments. At the end of July 2022, 62 PSPs from Lithuania and EEA countries (47 at the end of 2021) were able to provide instant credit transfers to their customers using the payment system CENTROlink. A total of 149 PSPs (from 18 EEA countries) were using CENTROlink services at the time. The total number of instant credit transfers in CENTROlink doubled in the first half of 2022 compared to the same period in 2021, reaching 55 million. The number of all SEPA payments (credit transfers, instant credit transfers and direct debit) executed via CENTROlink also increased significantly during this period (see Chart 13). In the first half of 2022, the number of SEPA payments increased by 50% compared to the first half of 2021. The share of instant credit transfers in CENTROlink in the first half of 2022 reached 43% of all payments (see Chart 14). It should be noted that the share of instant credit transfers executed by all Lithuanian PSPs also grew substantially, with the share of instant credit transfers rising from 44% in January to 51% in December in 2021 and ranging from 54% to 61% between January and June 2022.

Chart 14. Share of instant credit transfers against the total number of payments executed in CENTROlink

Source: Bank of Lithuania.

The expansion of instant credit transfers is also supported by the Proxy Lookup Service provided by the Bank of Lithuania. It allows initiating payments by selecting the mobile phone number of the beneficiary in the contact list. In order to use the mentioned payments service, the user has to agree to link their phone number to the selected account in the bank’s mobile application. To transfer money, it is only needed to select the recipient from the contact list in the mobile app or enter the payee’s phone number. A payment is possible if the payee has also linked their phone number to an account. At the end of June 2022, the number of phone number links to IBAN account numbers stored in the PLS database reached 500 thousand, while at the end of July 2021, there were only 200 thousand active links, and the number of PSP customer contacts to the PLS per day went up from 20 thousand at the beginning of 2021 to 50 thousand at the end of the first half of 2022. PSPs from Lithuania and other EEA countries are able to join the system and enable their customers to process fast and convenient payments. So far, only two banks have joined the PLS system and provide such services to their customers.

Simpler and faster payment methods and the development of instant credit transfers will also be affected by the planned introduction of the EU-standard request-to-pay service in Lithuania. The Bank of Lithuania is currently assessing the possibility of supplementing the services implemented in the infrastructure of the Bank of Lithuania with a new request-to-pay transmission and handling (processing) functionality, which would be implemented in accordance with the requirements of the European Payments Council SEPA request-to-pay scheme. It is a messaging service designed to complement the payment services infrastructure, which would enable PSPs to submit an EU-standard payment request-to-pay to the internet banking or application of any PSP established in the SEPA area.[12]
[12] Many PSPs currently offer the possibility in their apps to submit a request-to-pay to another customer using the same PSP app. This service is mostly used only among individuals.
A credit transfer would be drawn up for the payer on the basis of such payment request, which must be confirmed by the payer. Relevant information (pro-forma invoice, cheque, etc.) can be transmitted to the payer with the payment request. This would be different from the current service of delivering e-invoices which is only adapted to the payment of invoices to PSP customers for services. The introduction of the request-to-pay service would contribute to improving the quality of payment services, increasing the volume of e-settlements, the penetration and accessibility of payment instruments. Furthermore, this service would promote competition in the market of payment services, the use of instant payments in business processes and ensure the accessibility of new EU-level payment-related services in the country.
While the ML/TF risk management is not a regular function performed by payment systems, and the FATF defines payments in the EEA as domestic,[13] the CENTROlink operator has taken the initiative to put in place measures to manage these risks in order to ensure the credibility of the payment system. Each PSP seeking access to CENTROlink must be vetted through the KYC and risk assessment process. This process includes the identification of the beneficiaries and managers of the PSP and an assessment of their reputation, an analysis of the PSP and its business model, the customer profile, and the anti-money laundering and counter-terrorist financing (AML/CFT) controls in place. Following the screening under this process, 15 PSP applications for access to CENTROlink were rejected between April 2020 and the end of 2021, and 4 applications were rejected between January and June 2022. As of April 2020, 37 PSPs (3 of them in January to June 2022) were given a positive decision regarding the access to CENTROlink. These PSPs were assigned a risk score based on the institution’s risk profile developed during the KYC process, which is indicative of the measures to be taken to continuously monitor the customer in the course of the business relationship, such as the frequency of risk revaluation.
Assessing the risks of the PSPs connected to CENTROlink is a continuous and ongoing process. In the first half of 2022, 24 PSPs connected to CENTROlink were reassessed in the framework of the continuous KYC plan, following requests for access to additional SEPA payment schemes, links with russia[14]
[14] For more about the Bank of Lithuania’s actions in relation to russia’s military aggression against Ukraine, see the Bank of Lithuania website at https://www.lb.lt/en/news/bank-of-lithuania-cuts-off-payment-infrastructure-to-russia-linked-payments.
or other changes related to PSPs. Existing CENTROlink PSPs, unlike potential ones, are additionally subject to retrospective payment analysis and payment sanction screening measures. For PSPs with a high risk score, reassessments are carried out at least every 12 months and additional risk mitigants are put in place, such as requesting an audit of all or a specific area of AML/CTF controls, initiating a formal dialogue with the PSP’s managers, and setting out plans for the reinforcement of specific AML/CTF controls. If the risk is found to be high during risk assessment and risk mitigants cannot be applied, termination of the business relationship is initiated. Between April 2020 and the end of 2021, business relationships were terminated with 13 PSPs and with 5 PSPs in the period from January to June this year, 3 of which were due to negative risk assessment findings.

The CENTROlink’s operator is continuously improving the tools used to manage ML/TF risks, therefore, it updates the KYC and risk management procedures, assessment forms, questionnaires for PSPs, develops a methodology for individual risk assessment, analyses the applicability of modern payment monitoring tools to CENTROlink operations, and looks for other ways to deepen and streamline its internal processes, while at the same time alleviating the burden of the process that falls on PSPs.


7.War in Ukraine and payment infrastructure

The importance of non-cash payment infrastructure has been particularly highlighted by the war in Ukraine. The non-cash payment infrastructure of Western countries, including Lithuania, has become an instrument to affect russia’s financial system. Furthermore, russia’s military actions in Ukraine have prompted Lithuania and other countries close to the aggressor to re-evaluate the preparedness of the payment infrastructure and to consider how to ensure its reliable operation in unforeseen circumstances.

Payments were among the first targets of sanctions at the outbreak of russia’s war against Ukraine. On 12 March 2022, seven russian banks were disconnected from the SWIFT specialised system for financial telecommunications and in June 2022, russia’s largest commercial bank – Sberbank – was disconnected from SWIFT, as part of the implementation of the EU’s 6th sanctions package in response to the war against Ukraine. In August 2022, a total of ten russian commercial banks were disconnected from SWIFT. Payments on the part of russian entities continue to be restricted and accounts are frozen. Some payment providers – international card schemes VISA, MasterCard, American Express, JCB – independently decided to cease operations in russia.

The payment-related sanctions have affected russia’s payments with other countries, limited the ability of russian banks to provide services but have not destroyed payments in russia itself. Signals that russian banks may be disconnected from SWIFT have appeared before, after the annexation of Crimea. This is likely to have been one of the reasons behind russia’s development of its own financial messaging system (SPFS). According to the central bank of russia, 52 banks from 12 countries were using the SPFS (data as of April 2022). Moreover, russia had developed a national payment card scheme MIR, thus, neither the disconnection from SWIFT nor the withdrawal of international cards from russia stopped domestic payments but had a significant impact on the possibility of payments abroad and with foreign countries. Transfers between EU and russian banks covered by the sanctions are no longer possible. It is not possible to pay at points of sale, on the Internet or to withdraw cash using cards issued by russian banks under the VISA, MasterCard, American Express and JCB brand. This situation has opened up opportunities for the Chinese card scheme UnionPay to expand in the russian market. This could be an alternative for russian bank customers to pay and withdraw cash in foreign countries where merchants accept these cards.

In war-torn Ukraine, the non-cash payment infrastructure is running, providing the possibility to pay for citizens, the state and businesses. According to information from the Central Bank of Ukraine, payments in the country (in areas where the infrastructure has not been physically destroyed) are continuing as normal. With the outbreak of military action and disturbances related to them in Ukraine, it became clear that non-cash payments are one of the safest and most reliable means of payment, therefore, efforts were made to ensure that such payments are not restricted, that smooth functioning of the SEP payment system operated by the Central Bank of Ukraine was ensured and points of sale continued to accept non-cash payments. Moreover, realising that wartime situations can be unpredictable, the environment is unsafe and logistics are complex, possibilities to withdraw cash were expanded beyond ATMs and into points of sale. As non-cash payments were not restricted, refugees in foreign countries were able to pay with payment cards under international payment schemes and withdraw cash from ATMs.

Recently, the biggest threat to the financial and payment infrastructure has been associated with cyber threats, and many measures have been aimed at protection against them. The events of the summer of 2022, in particular the attacks of russian hacktivists on the Lithuanian public sector, energy and financial institutions, have confirmed that the threats of cyber-attacks are real. Although the websites and electronic self-services of several institutions and companies were disrupted, according to publicly available information, the hacking attempts did not have a lasting impact on their activities. In the event of such an attack, the ability of the institution or company to respond, to prevent the attack from spreading, and to resume the activities quickly is crucial. Payment and settlement systems were not disrupted by cyber-attacks, but the operators of these systems have increased their vigilance against the likelihood of such attacks.

The war in Ukraine has shown that the physical security of financial infrastructure is equally important. Financial sector participants and supervisory authorities need to (re)assess what the worst-case risk scenario could be, incorporate the likelihood of war into the risk map and foresee appropriate measures that would enable the provision of at least a limited amount of payment services. Such measures to ensure the continuity of services could include maintaining (back-up) infrastructure (databases, systems, software, etc.) in another, more remote, friendly and reliable country, or using international service providers. According to various public sources, Ukraine also uses third-party hosting arrangements and has transferred certain data and services outside the territory of Ukraine. Another important aspect is connection (the customer’s connection to the bank, the bank’s connection to the data centres it uses, payment systems, other banks, etc.), because, even with reliable and operational data centres, the whole chain of connection needs to be operating, from the customer all the way through to the final point of payment (ATM, point of sale, payment system or correspondent bank).

The financial market infrastructures established in Lithuania are well prepared to operate in extreme conditions. In light of the outbreak of hostilities in Ukraine, the financial market infrastructures established in Lithuania (including the Bank of Lithuania), together with the major financial market participants, have reviewed their business continuity and recovery plans to ensure that they can be prepared to provide the most essential services to Lithuanian residents, businesses and state authorities even under the most adverse conditions. The Bank of Lithuania monitors and supervises that such plans and the measures provided therein are up-to-date, sufficient and in line with applicable requirements. In addition, the Bank of Lithuania, together with the main market participants, taking into account the real experience of other countries, has taken additional measures and actions that would help to strengthen the resilience of Lithuania’s financial infrastructure to extreme events.


Abbreviations

AML/CTF           anti-money laundering and counter-terrorist financing

CBDC                central bank digital currency

CU                    credit union

EC                    European Commission

ECB                  European Central Bank

e-commerce     online trading

EEA                  European Economic Area

EMI                  electronic money institution

e-money          electronic money

EU                    European Union

FATF                 Financial Action Task Force

Memorandum   Memorandum of Mutual Understanding for Ensuring Access to Cash in Lithuania

ML/TF               money laundering and terrorist financing

NCSC                National Cyber Security Centre

PI                     payment institution

PLS                   Proxy Lookup Service

PSP                   payment service provider


© Lietuvos bankas

Gedimino pr. 6, LT-01103 Vilnius

www.lb.lt

The review was prepared by the Market Infrastructure Department of the Bank of Lithuania.

The review is available in PDF format ON the Bank of Lithuania website.

Reproduction for educational and non-commercial purposes is permitted provided that the source is acknowledged.

ISSN 2351-5945 (online)