Banco de Portugal Floats a National Black-List of Bank Accounts Used in Payment Fraud Inside the 2030 Retail-Payments Strategy — 28 July Consultation Window and a Parallel Digital-Fraud Monitoring Platform Frame the Security Pillar

The Banco de Portugal (Bank of Portugal — BdP) has opened a public consultation on a new Estratégia Nacional para os Pagamentos (National Payments Strategy) running through 2030, and the document floats one headline tool that will reshape how the financial system reacts to payment fraud: a centralised national black-list of bank accounts used in fraudulent operations. The supervisor opened the consultation on Tuesday and will receive submissions until 28 July before publishing the final framework, the central bank confirmed in materials accompanying the launch.

The black-list sits inside the strategy's security and anti-fraud vector and is accompanied by a second new instrument — a digital-fraud monitoring platform that would aggregate near-real-time signals from banks, payment institutions and other regulated entities. "Digital fraud is not just an operational problem; it is a challenge with the potential to affect confidence in the financial system" and "demands a collective and structured response", BdP Governor Álvaro Santos Pereira said when previewing the work earlier this year. The strategy embeds that line as a core organising principle for the four-year horizon.

Beyond fraud, the document broadens the BdP's push to digitise public payments. The bank says it will expand the electronic instruments available to citizens and companies — both Portuguese and foreign — for payments to the Portuguese State, building on the gradual rollout already running through the Agência para a Modernização Administrativa (Agency for Administrative Modernisation — AMA) and the Autoridade Tributária (Tax Authority — AT). The supervisor also revives an item that has appeared in earlier strategic plans without making it into law: a legislative obligation requiring businesses to accept, alongside cash, at least one electronic payment instrument. The proposal would close a gap that currently lets retailers refuse card, MB Way or other electronic tenders provided cash is accepted.

A sustainability vector rounds out the package. The BdP signals it will consider measures to discourage the use of cheques, a payment instrument whose volumes have fallen sharply over the past decade but which still imposes meaningful processing costs on the banking system and a heavier carbon footprint than digital alternatives. The supervisor stops short of proposing an outright phase-out date, framing the move as a calibrated set of disincentives.

For consumers, the fraud-account black-list is the practical headline. If finalised in line with the consultation draft, regulated entities would be required to feed the registry with the account identifiers (IBAN) used in confirmed fraudulent operations and to query the database before executing transfers flagged by automated systems. That would compress the response time when a victim reports a phishing-driven SEPA transfer, today often measured in days, into something closer to minutes — the window in which most stolen funds are still recoverable from the receiving institution.

The consultation lands as Portuguese banks report a steady rise in social-engineering fraud aimed at retail customers, with phishing campaigns increasingly tailored to mimic Caixa Geral de Depósitos (Portugal's state-owned bank), Millennium BCP, Novobanco and Santander Totta interfaces. The BdP's draft sits alongside parallel work at European level on a real-time payments anti-fraud framework under the EU's Instant Payments Regulation, which already obliges banks to offer name-IBAN verification on euro-denominated SEPA Instant transfers.

Stakeholders — banks, payment institutions, consumer associations and the Comissão Nacional de Proteção de Dados (National Data Protection Commission — CNPD) — have until 28 July to file written contributions. The final strategy and any accompanying legislative initiative are expected to follow during the second half of 2026.