Summary
Payments market in Lithuania
In 2021, 1.62 billion non-cash payment transactions (€436.8 billion in value) were initiated by using the services of Lithuanian payment service providers (PSPs). Compared to 2020, the number of non-cash payment transactions executed by Lithuanian PSPs almost doubled, mainly due to transactions executed by customers residing abroad (their number in Lithuanian PSPs increased significantly after Brexit) in their countries of residence. The payment habits of Lithuanian residents and businesses and the use of payment services are most accurately reflected by domestic payment transactions, i.e. payment transactions executed between the customers of Lithuanian PSPs. In 2021, the total number of domestic non-cash payments went up by 15.7%, compared to 2020, and stood at 738 million with a value of €311.2 billion. Card payments accounted for 58%, credit transfers for 35% and other payment services for 7% of all domestic payment transactions carried out in Lithuania in 2021.
In 2021, despite the easing of pandemic restrictions, the amount of cash withdrawals did not reach the level recorded in the pre-pandemic year 2019. In 2021, 43.3 million cash withdrawals were made in Lithuania using payment cards issued in Lithuania, which is 25% less than in 2019, while the value of cash withdrawals decreased by almost 8% and amounted to €8.9 billion. ATMs were the main place to withdraw cash. The year 2021 marks the switch to using payment cards for payments more often than for cash withdrawals. The use of e-commerce transactions also increased: until 2021, Lithuanian residents and businesses preferred using Bank link service and payment initiation service for e-commerce, but in 2021, remote card payments were used equally frequently.
Banks remain the principal PSPs for Lithuanian residents and businesses, but the market share of non-banks is steadily growing. Considering all payment services provided by Lithuanian PSPs to Lithuanian residents and businesses, including credit transfers, direct debit, card payments, e-money payments and other payment services, in 2021 bank customers carried out 80.8% of all non-cash payment transactions, customers of electronic money institutions (EMIs) and payment institutions (PIs) – 19%, and customers of credit unions (CU) – 0.2%. In 2021, as compared to 2020, the market share of banks providing all non-cash payment services in Lithuania decreased by 3 percentage points in terms of number, with the equal growth of the market share of non-banks. In Lithuania, banks dominate card payments and credit transfers, while non-banks were the main providers of other less used payment services.
In Lithuania, small businesses in different economic sectors offer different non-cash payment options to their customers. The share of small businesses that accept card payments ranges from 20% to almost 80% across sectors, while self-employed natural persons relatively rarely provide the possibility of payment by payment card (17%). It is considered that the attitude of entrepreneurs towards accepting non-cash payments could be changed by the requirement for salaries to be transferred into accounts which came into effect from 2022. If residents pay more often by card and businesses accept more non-cash payments, the need for depositing cash into company accounts will be reduced. Additional incentives are also needed to set up POS terminals or other means for accepting non-cash payments, therefore, partial and temporary reimbursement of the costs of accepting card payments for small businesses could contribute to the development of electronic payments. Some entrepreneurs argue that the reimbursement would encourage them to start accepting card payments, but the mandatory requirement to accept electronic payments is viewed controversially.
As the number of electronic payments in Lithuania increases, so does the number of fraud cases. Card payments (in terms of the number of transactions) and credit transfers (in terms of value) account for the largest share of fraud. The information available to the Bank of Lithuania shows that fraudsters direct their efforts towards the consumer rather than the technical hacking of the payment instrument. Fraudsters engage in various behavioural manipulation techniques and trick consumers into disclosing their sensitive data and confirming the fraudster’s actions by entering their PIN codes. Taking into account the relevance of the fraud problem, the Bank of Lithuania has included in its strategic plan a direction – to increase the resilience of consumers and financial market participants to fraud, to improve financial literacy of consumers for them to be able to safely use electronic payment services, as well as to encourage market participants to prioritise fraud prevention. Market participants are also aware of the importance of fraud prevention and are already taking targeted action.
The investigation phase of the digital euro project has reached the halfway and the initial decisions on the features of the digital euro have been taken. The primary objectives and design options have been sorted out in the digital euro project. One of the key objectives is to preserve the role of central bank’s money as a monetary anchor of the payment system in the context of changing payment habits and the means of payment. The digital euro would be a public service and promote innovation. Following an initial analysis and an assessment of changing payment habits, four areas where the digital euro could be actively used as a means of payment were identified: payments at physical points of sale, e-commerce, person-to-person transfers and government payments. The investigation phase of the digital euro project, which started in 2021, will continue until autumn 2023, and all its work will form the basis for a decision by the Governing Council of the European Central Bank (ECB) on the potential realisation phase of the digital euro in autumn 2023.
Having assessed the level of access to cash in the country, the Bank of Lithuania undertook the initiative to improve it, as cash is still highly relevant to the public. In 2021, the Bank of Lithuania, the Lithuanian Banking Association and financial institutions signed a Memorandum of Understanding for Ensuring Access to Cash in Lithuania (hereinafter – the Memorandum). It was thereby agreed on minimum criteria for access to cash withdrawal services from payment accounts. In 2022, in accordance with the Memorandum, financial institutions installed 100 new ATMs in the regions which enabled the residents to withdraw cash under the same conditions as they do from the ATMs of their credit institutions. This has made access to cash faster and more convenient for people in the regions: around 250,000 residents in 40 municipalities across the country were provided with an improved access to cash. Alternative ways of cash withdrawal contribute to improving access to cash, but the services currently provided are not equivalent to those offered by ATMs, mainly due to limited withdrawal amount, pricing and additional conditions for withdrawals. The Bank of Lithuania will continue to monitor and assess access to cash in Lithuania and, if necessary, take initiatives to ensure access to financial services and payment instruments.
The popularity of the instant payment service is steadily growing both in the Bank of Lithuania’s CENTROlink payment system and in Lithuania. The total number of instant payments in the CENTROlink system doubled in the first half of 2022, compared to the same period in 2021. The share of instant payments executed by Lithuanian PSPs ranged from 54% to 61% of all SEPA payments in the first half of 2022. Two important upgrades were carried out in the Bank of Lithuania’s payment system CENTROlink, which will enable PSPs using CENTROlink to reach more PSPs offering instant payment services across the European Economic Area (EEA) and will allow more frequent clearing of SEPA payments. The expansion of instant payments is also supported by the Proxy Lookup Service (PLS) provided by the Bank of Lithuania. It allows initiating payments by selecting the mobile phone number of the beneficiary from the contact list. The CENTROlink operator, on its own initiative, in order to ensure the credibility of the payment system, applies measures for managing money laundering and terrorist financing (ML/TF) risks. The assessment of the ML/TF risks of the PSPs connected to CENTROlink is a continuous and ongoing process.
The importance of the reliability of non-cash payment infrastructure of countries, including Lithuania, was particularly highlighted by the outbreak of the war in Ukraine. With the outbreak of military action in Ukraine, it became clear that non-cash payments are one of the safest and most reliable means of payment for residents, the state and businesses, therefore, efforts were made to ensure that such payments are not restricted: smooth functioning of the national payment system (SEP) operated by the Central Bank of Ukraine was ensured, points of sale continued to accept non-cash payments, possibilities of withdrawing cash were extended beyond ATMs to points of sale (cash-back), refugees in foreign countries were able to pay with payment cards under international payment schemes and withdraw cash from ATMs.
Recently, the biggest threat to the financial and payment infrastructure has been associated with cyber threats, and many measures have been aimed at protection against them. The war in Ukraine has shown that the physical security of the financial infrastructure and the connection between the customer and the bank, as well as between infrastructures, are equally relevant. It should be noted that the financial market infrastructures established in Lithuania are well prepared to operate in extreme conditions, and the Bank of Lithuania, together with the main market participants, taking into account the real experience of other countries, has taken additional measures and actions that will help to strengthen the resilience of Lithuania’s financial infrastructure to extreme events.
1.Use of payment services in Lithuania
In 2021, the number of non-cash payment transactions carried out using the services of Lithuanian PSPs almost doubled, compared to 2020, mainly due to transactions executed by customers residing abroad in their countries of residence. In 2021, 1.62 billion non-cash payment transactions were initiated by using the services of Lithuanian PSPs, with a value of €436.8 billion (see Table 1). According to the number of non-cash payment transactions, 46% (78% in 2020) of the payment transactions were domestic, i.e. those between the payer and the payee with their PSPs established in Lithuania, and 54% of them were cross-border (22% in 2020). The rapid growth in the number and value of cross-border payment transactions executed by Lithuanian PSPs was mainly due to Brexit which led to the transfer of part of the accounts, payment cards and payment transactions of customers of the UK’s PSPs residing in the European Union (EU) to PSPs registered in Lithuania. This is also reflected in the rapid increase in the number of e-money accounts and the number of issued payment cards since mid-2020. At the end of 2021, the number of e-money accounts increased 9.4 times compared to the end of 2019, while the total number of payment accounts went up 3.2 times. The number of payment cards increased 9.5 times in 2021, compared to the end of 2019, with 30.7 million cards issued at the end of 2021 (3.2 million at the end of 2019). Although transactions of customers residing in foreign countries are carried out using the services of Lithuanian PSPs, they are actually carried out in foreign countries.
Table 1. All non-cash payment transactions executed by Lithuanian PSPs, by payment services
Payment services |
Number of transactions |
Value of transactions |
||||
millions |
change, % |
EUR billions |
change, % |
|||
2020 |
2021 |
2020 |
2021 |
|||
Total payments made via PSPs |
817.8 |
1,620.1 |
98.1 |
352.6 |
436.8 |
23.9 |
Credit transfers |
231.7 |
313.3 |
35.2 |
338.7 |
404.1 |
19.3 |
Card payments |
519.7 |
1,234.3 |
137.5 |
10.5 |
28.8 |
174.4 |
Direct debit |
10.2 |
17.6 |
72.9 |
0.2 |
0.5 |
128.5 |
Other payment services |
56.2 |
54.9 |
-2.5 |
3.2 |
3.4 |
9.3 |
Source: Bank of Lithuania calculations.
Note: Due to data confidentiality, e-money payments are not included.
Card payments and credit transfers dominated among non-cash payment transactions executed by Lithuanian PSPs. In 2021, the number of card payments went up 2.4 times, compared to 2020, and accounted for 76% (63.5% in 2020) of all payment transactions. The number of credit transfers grew by 35.2% and accounted for 19.3% of all transactions in 2021 (28.3% in 2020). The number of other payment service transactions executed by Lithuanian PSPs fell by 2.5% and accounted for 3.4% of all transactions, while the number of direct debit transactions went up by 73% and accounted for 0.3% of the market, with all direct debit transactions being cross-border.
Table 2. Domestic non-cash payment transactions executed by Lithuanian PSPs, by payment services
Payment services |
Number of transactions |
Value of transactions |
||||
millions |
change, % |
EUR billions |
change, % |
|||
2020 |
2021 |
2020 |
2021 |
|||
Total payments made via PSPs |
637.9 |
738.0 |
15.7 |
282.9 |
311.2 |
10.0 |
Credit transfers |
218.1 |
259.6 |
19.0 |
273.5 |
299.3 |
9.4 |
Card payments |
367.5 |
425.6 |
15.8 |
6.7 |
9.0 |
33.4 |
Other payment services |
52.3 |
52.7 |
0.8 |
2.7 |
2.9 |
6.8 |
Source: Bank of Lithuania calculations.
Note: Due to data confidentiality, e-money payments are not included.
The use of non-cash payments for domestic settlements continues to grow steadily, with 2021 reaching the fastest growth in five years. It is domestic payment transactions, i.e. payment transactions executed between the customers of Lithuanian PSPs, that most accurately reflect the payment habits of Lithuanian residents and businesses and the use of payment services. In 2021, compared to 2020, the number of all domestic non-cash payments increased by 15.7% (see Chart 1), representing 738 million units and the value amounting to €311.2 billion. The fastest growth was observed in the use of credit transfers: in 2021 the number of credit transfers grew by 19%, compared to 2020, and stood at 259.6 million units. This was driven by the promotion of instant payments in Lithuania. The use of card payments also increased, with 425.6 million domestic payments made by card, representing an increase of 15.8%.
Chart 1. Number of domestic payment transactions carried out in Lithuania and its annual growth rate
Source: Bank of Lithuania calculations.
Note: Due to data confidentiality, e-money payments are not included.
Chart 2. Non-cash payment transactions per capita in Lithuania
Source: Bank of Lithuania calculations.
Notes: Payments made using the services of banks, CUs, PIs and EMIs. Due to data confidentiality, e-money payments are not included.
Card payments account for the largest share of domestic non-cash payment transactions and have a stable market share. Card payments accounted for 57.7%, credit transfers for 35.2% and other payment services for 7.1% of all domestic payment transactions carried out in Lithuania in 2021 (see Chart 3). As for the value of domestic payment transactions, the value of credit transfers covers almost the entire market, i.e. 96.2% of the value of all transactions. Credit transfers are one of the main services used by businesses for settlements and therefore have a high value.
Chart 3. Market share of domestic payment transactions carried out in Lithuania by number and value
Source: Bank of Lithuania calculations.
Note: Due to data confidentiality, e-money payments are not included.
Banks remain the main PSPs for Lithuanian residents and businesses, but the market share of non-banks is steadily growing. Taking into account all payment services provided by Lithuanian PSPs to Lithuanian residents and businesses, including credit transfers, direct debit, card payments, e-money payments and other payment services, in 2021, 80.8% of the total number of non-cash payment transactions were carried out by bank customers (83.8% in 2020), 19% by customers of EMIs and PIs (15.9% in 2020), and 0.2% by customers of CUs (0.2% in 2020) (see Chart 4). Transactions initiated by Lithuanian residents and businesses in banks accounted for 91.1% of the value of all payment transactions executed via Lithuanian PSPs. While the total number and value of executed transactions increased among all PSPs, the market share of banks providing all non-cash payment services in Lithuania decreased: in 2021, their market share by number decreased by 7.7 percentage points compared to 2019, with the same increase in the market share of non-banks.
Chart 4. Market share of PSPs in the provision of all non-cash payment services
Source: Bank of Lithuania calculations.
Note: This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021.
The provision of the most used payment services to Lithuanian residents and businesses is dominated by banks, while non-banks have completely taken over less used specific payment services. In 2021, credit transfers accounted for 30.4% of all non-cash payment transactions, of which 27.8 percentage points were made by banks and 2.6 percentage points by EMIs and PIs (see Chart 5). The share of the latter increased slightly by 1 percentage point compared to 2021. Of the card payments market share (55%), banks accounted for 53 percentage points and non-banks for 2 percentage points. Non-banks were the main PSPs offering e-money payment services, which are often an alternative to credit transfers, as well as other payment services, most of which are money remittances used to pay for utilities or other services, and direct debit. It should be noted that direct debit in Lithuania is provided to businesses and residents of other countries. In 2021, the market share of e-money payments grew from 3.5% in 2020 to 6.6% in 2021. The market share of other payment services declined slightly to 6% in 2021.
Chart 5. Structure of the number of provided different payment services by PSPs
Source: Bank of Lithuania.
Notes: The chart shows the percentage share of PSPs providing different payment services compared to the total number of non-cash payment transactions provided during the year. This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021. The market share of CUs is not shown in the chart as their market share was only around 0.2% in 2020 and 2021.
In 2021, as physical restrictions due to the pandemic in Lithuania eased, the number and value of cash withdrawal transactions remained lower than during the pre-pandemic year 2019. In 2021, 43.3 million cash withdrawal transactions were carried out in Lithuania using payment cards issued in Lithuania, with 42.1 million cash withdrawals from ATMs located in Lithuania and 1.2 million of cash withdrawals at points of sale with POS terminals (see Chart 6). The value of cash withdrawn in 2021 stood at €8.9 billion. The number of cash withdrawals fell by 25% and their value declined by almost 8% in 2021, compared to the pre-pandemic year 2019. Compared to 2020, the number of cash withdrawals in 2021 was almost 8% lower, while the value of cash withdrawals increased by 1%. ATMs were the main place to withdraw cash: 97.2% of all cash withdrawals were made at ATMs in 2020 and 2021, and 96.5% in 2019.
Chart 6. Number and value of cash withdrawals at ATMs or points of sale with POS terminals
Source: Bank of Lithuania.
The use of payment cards for payments rather than for cash withdrawals has been rising, with payment cards being used more often for payments than for cash withdrawals in 2021. In 2021, for the first time, more than half of the value of the money spent using a payment card issued to residents and businesses in Lithuania was spent by paying with a card rather than withdrawn in cash. The share of card payments increased year on year, reaching its peak of 5.6 percentage points (up to 53.2%) in 2021 compared to 2020. In 2021, the share of the value spent by payment card went up by 9.1 percentage points compared to the pre-pandemic 2019 (see Chart 7).
Chart 7. Structure of the amount spent and of the amount of cash withdrawn using a payment card
Source: Bank of Lithuania.
Note: This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021.
E-commerce payments are used more and more by Lithuanian residents and businesses. Compared to 2020, the number of e-commerce transactions initiated by all Lithuanian residents and businesses in 2021 increased by 43.8% (24.5% in 2020), with their value growing by 40.4% (52.5 % in 2020). E-commerce payments in Lithuania mainly consist of two parts: specialised credit transfers (Bank link and payment initiation services) and online card payments. In 2021, Bank link and payment initiation service transactions made by Lithuanian residents and businesses accounted for 13.7% of the total number of credit transfers (14.1% in 2020), while online card payment transactions accounted for 7.3% of the number of card payments (4.6% in 2020).
Until recently, Lithuanian residents and businesses preferred Bank link service and payment initiation service for e-commerce, but in 2021, remote card payments were used equally frequently. The number of domestic and cross-border card payments made via the internet by Lithuanian residents and businesses via the Lithuanian PSPs in 2021 saw the biggest growth of as much as 85.5%, while the number of Bank link and payment initiation services increased by 18%. In 2021, remote card payments became an equally used e-commerce service by Lithuanian residents and businesses, both in terms of number and value, and accounted for 49.2% of the e-commerce payment market by number (see Chart 8).
Chart 8. Number and value of e-commerce transactions
Source: Bank of Lithuania.
Comments: E-commerce payments in Lithuania mainly consist of two parts: specialised credit transfers (Bank link and payment initiation services) and online card payments. This is an estimate of all (domestic and cross-border) non-cash payment transactions executed by Lithuanian PSPs. Customer data of the UK PSPs residing in the EU that were transferred to Lithuanian PSPs after Brexit has been removed from the data for 2020-2021.
2.Non-cash payments in small businesses
Chart 9. Acceptance of card payments by small businesses in different sectors in 2022
(share of businesses accepting card payments, percentages)
Source: Survey of small businesses commissioned by the Bank of Lithuania.
Self-employed natural persons provide for the possibility of payment by card considerably less frequently compared to representatives of small business (enterprises). 17% of self-employed persons surveyed provide the card payment option. Only the retail trade sector stands out, with around half of the persons providing the card payment option, while in other sectors this share is significantly smaller and below the average share of self-employed persons. However, as in the case of enterprises, the option of paying by transfer is provided by a relatively high portion of self-employed persons (50-90% in different sectors). More than half of the income is received in non-cash form by 45% of the self-employed persons surveyed, while 14% of the persons reported receiving all their income in cash.
A large share of small businesses report that they do not accept card payments because their customers do not express a need for them, and because the businesses are not satisfied with the price of the service. 38% of legal entities and 21% of self-employed persons reported that their customers have not inquired about this option. A third of enterprises and a quarter of natural persons said they were not satisfied with the price of the service. Such attitudes are echoed in answering questions about what would encourage entrepreneurs to adopt this method: most entrepreneurs point to the increasing number of customers wishing to pay by card (23%) and the attractive pricing of card payment services (28%). Moreover, a significant number of respondents stated that it would be relevant to temporarily try the service free of charge (18%).
In the view of the Bank of Lithuania, the requirement that salaries be transferred to accounts, which came into force in 2022, could also change the attitude of entrepreneurs towards accepting non-cash payments. In the survey, 19% of enterprises reported that they were negatively affected by this requirement. The main negative aspects referred to include increased costs, dissatisfied employees (because they have no choice about how to get paid), and burden on the company (mainly due to the need to encash more frequently). The need to deposit cash would be reduced if more people paid with payment cards and more enterprises provided the non-cash payment option. 75% of enterprises reported that they were not affected by the requirement to transfer salaries into accounts. It is likely that they had already been transferring salaries into accounts before the requirement came into force.
Various measures, such as temporary reimbursement of the costs of accepting card payments or the introduction of a mandatory requirement for enterprises to accept non-cash payments, could contribute to accelerating the uptake of non-cash payment acceptance solutions in small businesses. Card payments are currently available for payment at points of sale and services at the time of purchase. Credit transfers are not suitable for all situations, for example, they are convenient when the payment is made in advance or when the seller can postpone the payment for a certain period of time. The widespread instant payments that can be initiated via smartphones can also be used in businesses providing beauty and medical services. Incentives are mainly needed for the deployment of POS terminals, as merchants and service providers who do not have them often cite price-related reasons for not accepting card payments. Thus, partial and temporary reimbursement of the costs of accepting card payments by small enterprises could contribute to the development of electronic payments.
Some entrepreneurs argue that the reimbursement would encourage them to start accepting card payments, but the mandatory requirement to accept electronic payments is viewed controversially. One way to incentivise businesses is to reimburse the cost of accepting payment cards for some time. When asked whether they would start accepting card payments if all the costs associated with accepting card payments would be reimbursed for the first year, 15% of enterprises that did not yet accept card payments and 17% of self-employed persons said yes. Another 30% more of the enterprises and self-employed persons would consider this option. Another alternative is to lay down that all merchants (except the smallest ones) must provide the possibility of payment by cards, but in order to ease the burden, the costs for the first year would be reimbursed. This alternative is viewed as rather controversial: 44% of legal entities and 48% of self-employed persons would be in favour of the scheme, while 26% of small enterprises and 15% of self-employed persons would be of an opposite view. The entrepreneurs who take a negative view of such a scheme point out that they would not be satisfied with the element of “mandatory” and the aim of reducing payments in cash, as well as with the fact that they would have to start paying for services after a year.
3.Fraud prevention
Chart 10. Share of the number and value of fraudulent payments as compared to the number and value of all payment transactions executed
Source: Bank of Lithuania.
One of the most common types of fraud in Lithuania has recently been the sending of SMS messages with active links to fake websites of commercial banks (smishing). The complaints received by the Bank of Lithuania from payment service users show that SMS messages are sent on behalf of one of the commercial banks, most often alerting the user of allegedly suspicious activities in their account, the need to update their online bank account, the need to prevent the loss of their account, etc. By clicking on a link in the message, users are taken to a fake website of the bank in question, where they enter their internet banking login details and personal data. Consumer vigilance is often undermined by the fact that sometimes such messages appear in the general stream of other messages received from the bank, and that fictitious bank websites resemble the real ones, thus it requires a lot of diligence to spot differences in the names of the websites or their links (web addresses). Quite often consumers not only enable fraudsters to expropriate their online banking login details and personal data by entering them on a fictitious website, but also confirm the fraudster’s actions by entering their PINs when prompted by the Smart-ID app on their phones. This is used to execute payments disputed by users and sometimes even to create a new Smart-ID account on behalf of users on a device controlled by third parties (fraudsters).
Furthermore, there is a common form of fraud where messages are sent to consumers on behalf of parcel post companies about an alleged receipt of payment by a post terminal operator for goods sold by the consumer which the supposed buyer wants to purchase. In such cases, the consumer’s contact details are obtained from online advertising portals, trading or exchange platforms on which the consumer uploads an advertisement for the product to be sold/exchanged. To supposedly receive the funds, the consumer is asked to click on a link in an SMS or mobile chat app and enter their personal data and payment card details on a fictitious website of the parcel post company. As in the case of fraud on behalf of commercial banks, consumers often not only enter their personal data and personalised security credentials of their payment instruments (payment cards) on a fictitious website upon receipt of messages purporting to be from parcel post companies, but also enter PINs when prompted by the Smart-ID app on their phones. This is how the payments disputed by consumers are made.
The problems observed by the Bank of Lithuania in the area of fraud prevention are also related to the lack of consumer education and information, as well as inattentiveness of consumers. Consumers often rush to quickly follow the instructions in the messages without getting to understand the point of what they are doing, they fail to read the text of the message in the Smart-ID app requesting to enter PIN1 and/or PIN2 which usually accurately defines the purpose of the request for PINs. Thus, without realising the point of their actions, consumers confirm payments disputed afterwards or, in some cases, even the creation of a new Smart-ID account in their name on a device controlled by a third party (fraudster). Many consumers also lack knowledge about the payment instruments they use and their security features (e.g. there are cases where consumers do not know what the CVC code of a payment card is and why it should not be disclosed to third parties). The information available to the Bank of Lithuania shows that fraudsters focus their efforts on the consumer rather than on the technical hacking of the payment instrument and use various behavioural manipulation techniques.
In most cases, PSPs consider consumers liable for payment transactions carried out in the face of fraud and see no grounds to compensate for the losses incurred. The experience of examination of complaints and disputes shows that PSPs base their absence of liability for payment transactions disputed by consumers on the fact that such payment transactions, i.e. fraudulent and subsequently disputed by consumers, are to be considered duly authorised, without assessing the individual circumstances in which they were initiated and executed. PSPs recognise such payment transactions as unauthorised without disputing to the circumstances indicated by the consumers that they had not been initiated by them and that they had not intended to authorise them, but they believe that the consumers act (by disclosing the personalised security details of their payment instruments and by authorising the payments) in gross negligence, therefore PSPs are not to be held liable for the losses suffered by the consumers.
Having considered the relevance of the fraud problem, the Bank of Lithuania has included in its Strategic Plan a direction to increase the resilience of consumers and financial market participants to fraud. The change sought by this strategic direction is the increasing financial literacy of consumers in using payment services safely in the online space, the increasing awareness of market participants as well as the need to prioritise fraud prevention by investing in both consumer education initiatives and improved payment transaction authorisation and monitoring tools. In order to achieve these goals, communication tools for consumers (e.g. effective and engaging information campaigns) and proposals to financial market participants on specific measures in line with the best market practices intended to prevent fraud, as well as fostering interinstitutional cooperation to effectively implement and apply in practice fraud prevention measures are envisaged.
In addition to these anti-fraud measures, greater compensation to consumers for losses resulting from unauthorised payment transactions should also be considered. There are countries which, in the face of high levels of fraud, are setting up PSP-funded foundations intended for compensations to victims of fraud for their losses. Such an instrument helps to maintain public confidence in digital payment services and in the activities of PSPs as such. It is therefore appropriate to raise the issue of the possibility to reimburse consumers for the amounts of unauthorised payment transactions resulting from fraud attacks even in cases where the legislation does not provide for this. In this case, each situation should be considered individually. A possible loss-sharing option should also be discussed, which would also support the incentives for consumers to be prudent.
Given that fraud is a complex and constantly evolving problem, an effective approach to tackling it requires not only close cooperation between competent authorities and market participants, but also a forward-looking approach. In most cases, fraud and the challenges it poses are tackled retrospectively, i.e. essentially by responding to a fraud attack that has already taken place or is taking place and analysing the data post factum. A rapid response to attacks in real-time and the all-embracing and coordinated application of planned measures are of key importance for effective fraud prevention. For example, if one market participant shares information about fraudulent activity, the others immediately take adequate measures to prevent the fraud from occurring again. Furthermore, the system of various preventive measures needs to be dynamic, covering various fields and able to anticipate potential areas for fraud, adapt accordingly and redirect efforts in the right direction.
The rising scale of fraud is a relevant problem across the EU, which is why strengthening consumer protection is one of the courses of action proposed by the EC. The EC identified this area in its Retail Payments Strategy published in 2020. The measure for strengthening consumer protection was included by the EC in the Legislative proposal on instant payments. The draft submitted by the EC foresees that PSPs providing instant payments will also have to provide their customers with the service of verifying whether the account number of the beneficiary as provided by the payer matches the name of the beneficiary. This service will help protect PSP customers from transferring funds to fraudsters pretending to be people or companies known to the customer and giving their account details. PSPs will be able to offer this service for instant payments and other payments to accounts in the EU alike.
The PSD2 and the Electronic Money Directive should be merged. As EMIs evolve, the nature of their activities in the provision of payment services differs little from those of banks. For the consumer, e-money is basically not different from money held in accounts, especially when used for payment transactions to other PSPs, such as SEPA transfers and card payments. Payments are initiated by e-money, but the payee simply receives funds in its account instead of e-money. It is therefore worth reconsidering the concept of e-money and whether such transactions should still be regarded as e-money transactions. The term ‘e-money’ would be understood when e-money is used in close-loop systems and is perceived as e-money by all involved subjects. In addition, the prudential requirements should not differ due to the essentially identical activities of EMIs and PIs.
The provisions of the PSD2 need to be updated by taking account of new business models emerging in the market. Market participants develop a variety of business models that are not exactly as specified in the list of payment services, multiple service providers are involved, e.g. models where a product is developed and then provided by other PSPs in their own name (white-label), bundling of several services from different providers (e.g. an account, a card, and a credit limit, where services are provided by different service providers). Regulation must be in place to make it clear as to which service provider is responsible for what to the consumer, etc.
New methods of fraud must be prevented. Strong customer authentication (SCA), which is underpinned by the use of two independent factors for authentication, has helped to successfully reduce the number of unauthorised online card payments. However, new methods of fraud based on social engineering emerge, for example, by manipulating the consumer into confirming payments they did not intend to make or intended to make to another payee (authorised push payments). One of the measures proposed to combat this type of fraud is the functionality of checking the conformity of the payee’s name and their account number (confirmation of payee). It is also important to enable PSPs to exchange information on fraudsters.
It is appropriate to consider how to achieve greater standardisation of APIs. Currently, there is no single standard and operational practices at EU level, which complicates the provision of the payment initiation service (PIS) and the account information service (AIS). In addition, there should be a responsible authority with the power to impose binding requirements on operational aspects (e.g. minimum service level indicators). The proportionality aspect of the requirements for APIs should also be considered, i.e. small institutions could be exempted from the obligation to open their accounts via APIs.
4.Digital euro
The investigation phase of the digital euro project has reached the halfway and the initial decisions on the potential features of the digital euro have been taken. Since the start of the investigation phase of the digital euro project in October 2021, the Eurosystem has been engaged in a wide range of activities, including the formation of a project team, the creation of stakeholder working groups, the initiation of thematic meetings with market professionals, the selection of financial institutions for the development of the prototype, the analysis and public opinion surveys, and the cooperation with the EC which is working on the proposal for a regulatory framework of the digital euro. All this will form the basis for a decision by the Governing Council of the ECB in autumn 2023 on the possible realisation phase of the digital euro. If issued, the digital euro would not replace but complement cash.
Chart 11. Digital euro as a new payment instrument
Source: Bank of Lithuania.
The primary objectives and design options for the digital euro have been sorted out in the digital euro project. One of the key objectives is to preserve the role of the central bank’s money as a monetary anchor of the payment system. Currently, the only central bank money available to the public is cash, and in the digital age it is becoming less and less attractive for payments. As a result, the digital euro would be an electronic payment instrument provided by the central bank, thus preserving the role of central bank money as a stabiliser of the payments market. Historically, the hybrid structure of the payments market has always worked well – the central bank provides the monetary base (central bank deposits to banks) and cash to the public, and the banks provide customers with payment instruments (e.g. payment cards) to make money settlements in a bank account. An essential element of the hybrid structure is the ability of citizens to exchange private bank money (deposits) for central bank money (cash) at any time, thus maintaining mutual trust in the institutions and the currency and maintaining financial stability. However, as payment habits change, the balance of the payments market is also changing, with the emergence of a growing variety of payment instruments (e.g. digital currencies), the emergence of new PSPs (e.g. large technology companies), and the diminishing attractiveness of cash. The central bank digital currency (CBDC) could balance the way the payments market works.
Payments in the digital euros would be a public good and would promote innovation. As the use of cash for payments declines, the digital euro would be a central bank money settlement service available to the public. Such a service would be available throughout the Eurosystem, increasing the efficiency of payments and economic efficiency in the EU. The digital euro could improve the availability of payments and other ancillary services, thus enabling financial institutions, as intermediaries, to offer innovative solutions to the euro area as a whole. Smaller institutions could also take advantage of the platform to provide advanced services at competitive prices. One of the missions of central banks is to safeguard the integrity of the monetary and payments system for the benefit of citizens, and the digital euro, as a new payment instrument, could contribute to this mission and create value for the economy and society.
The success of the digital euro will depend on its use in everyday life. Following an initial analysis and an assessment of changing payment habits, four areas where the digital euro could be actively used as a means of payment were identified: payments at physical points of sale, e-commerce, person-to-person transfers and government payments. A survey of citizens and businesses revealed a number of features that would be valuable and contribute to the spread of the digital euro. Respondents say that the most valuable features of the digital euro would be a wide network of merchants accepting the digital euro, ease of use, low cost, fast payment process and consumer protection. For merchants, it is important that this payment instrument is inexpensive, easy to use and integrated with existing systems. Another important feature of the digital euro is the protection of privacy. Users should be able to choose how much and what information they wish to disclose (in accordance with applicable laws). It is essential to ensure financial inclusion because access to financial services without having a bank account is limited (except for cash). The digital euro would ensure that those who do not have a bank account or are less financially literate can make payments easily. By selecting priority use cases and taking into account the most valuable design features, the digital euro could be a successful addition to the range of payment instruments.
CBDC are becoming more relevant in today’s geopolitical context. The war in Ukraine, which broke out in February this year, has also led to financial sanctions against russia. The crypto-assets market also saw a stir at the time, as part of payments we made through alternative platforms. Payments were made not only to possibly avoid sanctions or restrictions on cash withdrawals, but also to support Ukraine or to transfer funds to relatives. Crypto-assets (e.g. bitcoin) is not a suitable payment instrument as its value fluctuates considerably. This year, the crypto-assets market is experiencing a crisis known as the crypto winter, as the value of cryptocurrencies fell significantly and remained at low levels for a long time. During the crypto winter, some cryptocurrencies collapsed, while others will suffer long-term consequences due to loss of liquidity. CBDC could be an alternative means of payment in the event of such crises, where traditional systems are disrupted, where throughput is reduced due to increased activity, or where there is a need to adapt quickly to a changing situation. An electronic version of the central bank’s money would make it possible to ensure accessibility to all groups of society, could speed up public payments to residents, and maintain independence from private payment systems.
Since 2017, an independent Lithuanian payments market forum – the Payments Council – has been operating in Lithuania. It develops discussions among market participants on selected payments market issues and makes recommendations for improving the payments market in Lithuania. The Payments Council brings together representatives of payment service users, PSPs, state institutions formulating and implementing payments policies as well as academia. In 2021, the Payments Council addressed two issues: ensuring access to cash in Lithuania and access to the data in state registers.
The Payments Council explored options for ensuring access to cash in Lithuania, focusing on sustainable access to cash in the regions as well as the improvement and development of alternative cash access methods in 2021. The Payments Council supported the Memorandum signed by the Bank of Lithuania and market participants and considered that the installation of additional cash access points by financial institutions in the regions would significantly improve access to cash to the population in the regions. The Payments Council also identified possible directions for improving and developing alternative ways to access cash, such as increasing the number of PSPs which provide the cash-with-purchase service (cashback service) with their cards and the number of points of sale offering cash services, and raising the awareness of alternative cash withdrawal services. Following the recommendations of the Payments Council, the Lithuanian Banking Association entered into discussions with VISA in order to assess the possibility of activating the cashback functionality for payments with cards of the Baltic PSPs, and the Bank of Lithuania started publishing summary information on access to cash and an accessibility map (ATMs). The Payments Council decided to revisit the issue of access to cash in 2023, when the effectiveness of the ATMs installed in the country under the Memorandum will be assessed.
In 2021, the Payments Council also carried out an analysis of access to the data in state registers and identified areas for improvement. The task force formed by the Payments Council (hereinafter – the Task Force) examined the ways of increasing the accessibility of data held in state registers and other state-owned information systems in order to improve the quality of financial services, broaden their variety and promote their development. The Task Force identified areas for improvement in Lithuania: there is a need for clearer regulation of national data availability processes in Lithuania, it is beneficial to revise the state policy on pricing of the provision of data to market participants, there should be consistency in the form and technical tools of the provision of data to market participants (standardised methods and formats, use of APIs), and expansion of the scope of the accessible data is necessary. The Task Force will make final recommendations to the relevant authorities and market participants after assessing the ongoing and planned parallel legislative work in Lithuania, as well as the planned structural transformation of the state institutions dealing with public data.
5.Access to cash
Chart 12. Effect of implementation of the Memorandum
Source: Bank of Lithuania.
In 2022, the expansion of the network of cash access points in Lithuania implemented by financial institutions under the Memorandum made it possible for the residents of the regions to access cash faster and more conveniently: access to cash was improved for around 250 thousand people in 40 municipalities across the country. Prior to the Memorandum, ATMs were available in 91 localities (mostly in bigger towns), and after the implementation of the Memorandum, ATMs are now available to residents in as many as 191 localities. The ATM expansion is focused on regions, with 100 new ATMs installed in localities with fewer than 4,000 inhabitants (fewer than 2,000 in most of them) that have never had an ATM. People can withdraw cash from the new ATMs under the same conditions as from the ATMs of their credit institution. After the implementation of the Memorandum, 91% of the population can reach the nearest ATM within 10 kilometres and 99% of them – within 20 kilometres, compared to 82% and 95% respectively before signing the Memorandum. The effectiveness of the new cash access points and their compliance with residents’ expectations will be assessed in the future.
Following the changes to the cash infrastructure made by financial institutions in 2021, the cash access network for their customers expanded. In 2021, the connection of the ATM network of Luminor Bank AS Lithuanian Branch (hereinafter – Luminor) to the Medus network improved access to cash for the customers of Luminor and LKU group of CUs, as it ensured the possibility to use the ATM services of the joint networks on the same conditions as the ATMs of one’s credit institution. After the merging, customers of Luminor have access to ATMs in 1.1 times more localities, and customers of the LKU group of CUs – in 1.5 times more localities.
The network of alternative cash access points in Lithuania is widely distributed throughout the country and contributes to improving access to cash, but the services currently provided cannot be considered equivalent to cash withdrawal services provided via ATMs. As an alternative to ATMs, residents can withdraw funds from their accounts at UAB Perlo paslaugos terminals (hereinafter – Perlas terminals), using a payment card, and at cash desks of points of sale, when paying for their purchases by card (cashback service).
6.Bank of Lithuania’s payment system CENTROlink
Two important upgrades were carried out in the payment system CENTROlink, which will enable PSPs using CENTROlink to reach more PSPs offering instant credit transfers across the EEA and will facilitate more frequent clearing of SEPA payments. In December 2021, following the technological changes in CENTROlink and the connection to the TARGET Instant Payment Settlement Platform (TIPS), the accessibility of the instant credit transfers was extended and more PSPs offering instant credit transfers across the EEA can now be accessed via the Bank of Lithuania’s retail payment system. In 2022, CENTROlink is ready for the changes to the European retail payment system STEP2, which will enable more frequent clearing of outgoing and incoming SEPA credit transfers in the future, i.e. faster credit transfers. This became possible in November this year, when all STEP2 participants implemented the necessary changes.
Chart 13. Number and value of all SEPA payments and instant credit transfers processed in the payment system CENTROlink
Source: Bank of Lithuania.
The popularity of instant credit transfers is steadily growing both in the payment system CENTROlink and in Lithuania. The speed of payment execution, convenience, 24/7/365 availability, the growing list of PSPs providing the service, and the geography of accessibility, as with other types of payments, increase the attractiveness of instant payments. At the end of July 2022, 62 PSPs from Lithuania and EEA countries (47 at the end of 2021) were able to provide instant credit transfers to their customers using the payment system CENTROlink. A total of 149 PSPs (from 18 EEA countries) were using CENTROlink services at the time. The total number of instant credit transfers in CENTROlink doubled in the first half of 2022 compared to the same period in 2021, reaching 55 million. The number of all SEPA payments (credit transfers, instant credit transfers and direct debit) executed via CENTROlink also increased significantly during this period (see Chart 13). In the first half of 2022, the number of SEPA payments increased by 50% compared to the first half of 2021. The share of instant credit transfers in CENTROlink in the first half of 2022 reached 43% of all payments (see Chart 14). It should be noted that the share of instant credit transfers executed by all Lithuanian PSPs also grew substantially, with the share of instant credit transfers rising from 44% in January to 51% in December in 2021 and ranging from 54% to 61% between January and June 2022.
Chart 14. Share of instant credit transfers against the total number of payments executed in CENTROlink
Source: Bank of Lithuania.
The expansion of instant credit transfers is also supported by the Proxy Lookup Service provided by the Bank of Lithuania. It allows initiating payments by selecting the mobile phone number of the beneficiary in the contact list. In order to use the mentioned payments service, the user has to agree to link their phone number to the selected account in the bank’s mobile application. To transfer money, it is only needed to select the recipient from the contact list in the mobile app or enter the payee’s phone number. A payment is possible if the payee has also linked their phone number to an account. At the end of June 2022, the number of phone number links to IBAN account numbers stored in the PLS database reached 500 thousand, while at the end of July 2021, there were only 200 thousand active links, and the number of PSP customer contacts to the PLS per day went up from 20 thousand at the beginning of 2021 to 50 thousand at the end of the first half of 2022. PSPs from Lithuania and other EEA countries are able to join the system and enable their customers to process fast and convenient payments. So far, only two banks have joined the PLS system and provide such services to their customers.
The CENTROlink’s operator is continuously improving the tools used to manage ML/TF risks, therefore, it updates the KYC and risk management procedures, assessment forms, questionnaires for PSPs, develops a methodology for individual risk assessment, analyses the applicability of modern payment monitoring tools to CENTROlink operations, and looks for other ways to deepen and streamline its internal processes, while at the same time alleviating the burden of the process that falls on PSPs.
7.War in Ukraine and payment infrastructure
The importance of non-cash payment infrastructure has been particularly highlighted by the war in Ukraine. The non-cash payment infrastructure of Western countries, including Lithuania, has become an instrument to affect russia’s financial system. Furthermore, russia’s military actions in Ukraine have prompted Lithuania and other countries close to the aggressor to re-evaluate the preparedness of the payment infrastructure and to consider how to ensure its reliable operation in unforeseen circumstances.
Payments were among the first targets of sanctions at the outbreak of russia’s war against Ukraine. On 12 March 2022, seven russian banks were disconnected from the SWIFT specialised system for financial telecommunications and in June 2022, russia’s largest commercial bank – Sberbank – was disconnected from SWIFT, as part of the implementation of the EU’s 6th sanctions package in response to the war against Ukraine. In August 2022, a total of ten russian commercial banks were disconnected from SWIFT. Payments on the part of russian entities continue to be restricted and accounts are frozen. Some payment providers – international card schemes VISA, MasterCard, American Express, JCB – independently decided to cease operations in russia.
The payment-related sanctions have affected russia’s payments with other countries, limited the ability of russian banks to provide services but have not destroyed payments in russia itself. Signals that russian banks may be disconnected from SWIFT have appeared before, after the annexation of Crimea. This is likely to have been one of the reasons behind russia’s development of its own financial messaging system (SPFS). According to the central bank of russia, 52 banks from 12 countries were using the SPFS (data as of April 2022). Moreover, russia had developed a national payment card scheme MIR, thus, neither the disconnection from SWIFT nor the withdrawal of international cards from russia stopped domestic payments but had a significant impact on the possibility of payments abroad and with foreign countries. Transfers between EU and russian banks covered by the sanctions are no longer possible. It is not possible to pay at points of sale, on the Internet or to withdraw cash using cards issued by russian banks under the VISA, MasterCard, American Express and JCB brand. This situation has opened up opportunities for the Chinese card scheme UnionPay to expand in the russian market. This could be an alternative for russian bank customers to pay and withdraw cash in foreign countries where merchants accept these cards.
In war-torn Ukraine, the non-cash payment infrastructure is running, providing the possibility to pay for citizens, the state and businesses. According to information from the Central Bank of Ukraine, payments in the country (in areas where the infrastructure has not been physically destroyed) are continuing as normal. With the outbreak of military action and disturbances related to them in Ukraine, it became clear that non-cash payments are one of the safest and most reliable means of payment, therefore, efforts were made to ensure that such payments are not restricted, that smooth functioning of the SEP payment system operated by the Central Bank of Ukraine was ensured and points of sale continued to accept non-cash payments. Moreover, realising that wartime situations can be unpredictable, the environment is unsafe and logistics are complex, possibilities to withdraw cash were expanded beyond ATMs and into points of sale. As non-cash payments were not restricted, refugees in foreign countries were able to pay with payment cards under international payment schemes and withdraw cash from ATMs.
Recently, the biggest threat to the financial and payment infrastructure has been associated with cyber threats, and many measures have been aimed at protection against them. The events of the summer of 2022, in particular the attacks of russian hacktivists on the Lithuanian public sector, energy and financial institutions, have confirmed that the threats of cyber-attacks are real. Although the websites and electronic self-services of several institutions and companies were disrupted, according to publicly available information, the hacking attempts did not have a lasting impact on their activities. In the event of such an attack, the ability of the institution or company to respond, to prevent the attack from spreading, and to resume the activities quickly is crucial. Payment and settlement systems were not disrupted by cyber-attacks, but the operators of these systems have increased their vigilance against the likelihood of such attacks.
The war in Ukraine has shown that the physical security of financial infrastructure is equally important. Financial sector participants and supervisory authorities need to (re)assess what the worst-case risk scenario could be, incorporate the likelihood of war into the risk map and foresee appropriate measures that would enable the provision of at least a limited amount of payment services. Such measures to ensure the continuity of services could include maintaining (back-up) infrastructure (databases, systems, software, etc.) in another, more remote, friendly and reliable country, or using international service providers. According to various public sources, Ukraine also uses third-party hosting arrangements and has transferred certain data and services outside the territory of Ukraine. Another important aspect is connection (the customer’s connection to the bank, the bank’s connection to the data centres it uses, payment systems, other banks, etc.), because, even with reliable and operational data centres, the whole chain of connection needs to be operating, from the customer all the way through to the final point of payment (ATM, point of sale, payment system or correspondent bank).
The financial market infrastructures established in Lithuania are well prepared to operate in extreme conditions. In light of the outbreak of hostilities in Ukraine, the financial market infrastructures established in Lithuania (including the Bank of Lithuania), together with the major financial market participants, have reviewed their business continuity and recovery plans to ensure that they can be prepared to provide the most essential services to Lithuanian residents, businesses and state authorities even under the most adverse conditions. The Bank of Lithuania monitors and supervises that such plans and the measures provided therein are up-to-date, sufficient and in line with applicable requirements. In addition, the Bank of Lithuania, together with the main market participants, taking into account the real experience of other countries, has taken additional measures and actions that would help to strengthen the resilience of Lithuania’s financial infrastructure to extreme events.
Abbreviations
AML/CTF anti-money laundering and counter-terrorist financing
CBDC central bank digital currency
CU credit union
EC European Commission
ECB European Central Bank
e-commerce online trading
EEA European Economic Area
EMI electronic money institution
e-money electronic money
EU European Union
FATF Financial Action Task Force
Memorandum Memorandum of Mutual Understanding for Ensuring Access to Cash in Lithuania
ML/TF money laundering and terrorist financing
NCSC National Cyber Security Centre
PI payment institution
PLS Proxy Lookup Service
PSP payment service provider
© Lietuvos bankas Gedimino pr. 6, LT-01103 Vilnius The review was prepared by the Market Infrastructure Department of the Bank of Lithuania. The review is available in PDF
format ON the Bank
of Lithuania website. Reproduction for educational and non-commercial purposes is permitted provided that the source is acknowledged. ISSN 2351-5945 (online) |