Fraud in Focus: The Escalating Threat of Fraud Across the EU and the Nordics

Cybercrime and fraud continue to be a growing problem for countries within the EU. In Finland, for example, the total sum of defrauded funds was almost 80 million euros in 2023, of which 44 million euros was lost to the fraudsters. Although the number of losses prevented by financial institutions increased considerably, the number of actual losses due to fraud also increased significantly. Scams targeting Finns are carried out outside Finland as well. In March 2024, the Helsinki Police Department warned the public of a phenomenon during which scam calls are made to Finnish-speaking elderly people living in Norway and Denmark in the name of a senior constable.

Finland is not alone. In April 2024, Europol published a new report highlighting, among other things, how fraud continues to be a significant threat and affects millions of people in the EU every day. According to the report, fraud, and in particular online fraud, is the second most common crime committed by criminal networks operating within the EU. In Denmark, the number of reported frauds is increasing and, as is the case in Finland, fraud is suspected to be a significantly larger issue than reported in Norway. 

In Sweden, fraud has been reported to be the fastest growing type of crime. Fraud offences against the elderly, carried out by organized crime groups in particular, have increased so significantly that the Prime Minister and government have called for urgent action to address the situation. First, in late 2023, the government required the Swedish postal and telecommunications sector to draw up proposals to prevent spoofing and other forms of telecommunications fraud, and recently, financial institutions and the police convened to strengthen both their cooperation, and the financial sector's role in fraud prevention.

Technology aids and challenges

With developing technology, many things have become easier. Unfortunately, this includes fraud as well. A highly digitalized payment services sector is vulnerable to abuse, and, with ever-evolving technologies, fraud is constantly changing shape, effectively exploiting the weaknesses of financial institutions identified at any given time. Each institution and the controls they use must be able to keep up with the phenomena, and even strive to be one step ahead of fraudsters. At the same time, customers continue to expect a seamless experience and delay-free transactions – without compromising on security. However, additional difficulties arise when customers have insufficient awareness of the significance of their own actions and, at worst, have blind trust in payment service providers. 

Although each fraud case is assessed individually, common decision-making practice shows that payment service providers' liability for damages is extensive: the bar for interpreting a customer as grossly negligent is quite high, and it is not only careless or regular negligent actions that make the customer liable. Institutions therefore have a growing responsibility to prevent fraud, and this will be further reinforced by the upcoming Payment Services Regulation (PSR). 

Tightening regulatory environment

In March of 2024, the FIN-FSA published its conclusions on a survey it commissioned concerning payment security, noting that there is room for improvement and proposing concrete measures to improve security. Such measures included, for example, user-oriented security restrictions, more efficient and accurate blocking of payments that deviate from a customer’s payment history and actively informing customers about different types of scams. In May 2024, Finance Finland launched an information campaign in Finland with the goal of increasing fraud awareness, informing people how to avoid being scammed and what to do if you become a victim of fraud.

The FIN-FSA's recommendations reflect and anticipate future changes at the EU level. With the adoption of the Instant Payments Regulation (IPR) by the Council of the EU, customers can "transfer money within ten seconds at any time of the day, including outside business hours, not only within the same country but also to another EU member state". To counterbalance the instant payments, the Regulation requires instant payment providers to check that the beneficiary’s IBAN and name match. The same is required by the proposed PSR. In addition, the Payment Services Regulation further expands the liability of payment service providers for instance in cases of spoofing and requires customers to be informed of fraud risks. 

Noteworthy

Effective management of fraud risks as required by current and future legislation requires payment service providers to have both technical and administrative capabilities. As the operating environment is becoming increasingly complex, service providers must act well in advance before the situation escalates. At the same time, however, service providers must ensure that they continue to provide customers with the same seamless and swift service that they expect to receive. Considering the situation in Sweden and the requirements of the regulatory environment, even experienced payment service providers should pay particular attention to the following areas: 

• Fraud Strategy: Drawing up a long-term development strategy and identifying effective means of addressing and preventing fraud, along with clearly communicating this to legislators or supervisors.
• Technical capabilities: The ability to effectively detect fraud, for example based on the customer's payment history, and to identify certain payments to be stopped in accordance with the PSR.
• "Incident response": Prompt response to reports of misuse and minimizing accidents caused by both the institutions and its customer.
• Customer communication and training: Organizing awareness-raising campaigns and raising the risk awareness of customers, especially the elderly or disadvantaged. For example, financial institutions have hosted podcasts related to fraud detection, and some even have a dedicated customer service phone number solely for fraud cases.
• Improved cooperation: Increasing cooperation between banks, Traficom and operators in the fight against fraud.