Payment fraud costs billions – here’s how Sweden can regain control

The media provides ongoing reports on these cases but there is no universal plan for how the fraud should be handled. There is too much focus on who should pay for the payment fraud, rather than creating the right incentives for different players to prevent them in the first place.

The digitalisation of financial services in Sweden has happened fast and is far reaching. This is a positive and important development. But as digitalisation increases, fraud is also increasing. From 2022 to 2023, the amount of fraud in Sweden increased by 22 percent and generated more than SEK 7.5 billion for the criminal world, according to police figures.

The most common types of APP fraud in Sweden are investment fraud (31%) and vishing fraud (9%). In investment scams, victims are lured with promises of high returns on investment to transfer money to fraudulent accounts. Vishing fraud involves attackers spoofing phone numbers so that the call appears to be from a trusted source, such as a bank, government agency, or technical support. Other common scams are invoice and romance scams.

A particularly vulnerable group is citizens with low digital maturity, such as the elderly or people with disabilities, who are manipulated into carrying out transactions themselves. While solutions such as Swish and BankID provide the individual with great flexibility and speed, they also provide criminals with additional tools to commit fraud.

Banks have an obligation to offer bank accounts to everyone in society. They cannot, without evidence, either suspend or lock accounts based on circumstantial evidence or suspicions of fraud. Add to this the fact that bank secrecy and current GDPR legislation mean that sharing personal information between banks and other organisations is very slow and challenging. The availability of AI and other new technologies makes scams more sophisticated.

Here’s what is needed to prevent APP scams:

• Introduce legislation to include a wider range of organisations in the fight against fraud. Telecom companies should be obliged to block suspicious international calls and manipulated numbers. Social media companies should be required to perform Know Your Customer (KYC) checks on advertisers to tackle fraudulent activity. The legislation should also make it easier for customers to report violations.
• Introduce legislation that allows a centralised regulated private provider to manage and share selected information from banks and other actors on suspicious activities that can then be used for fraud prevention and the fight against financial crime. For example, Latvia has licensed companies to operate a "closed KYC service" to share information between organisations when criminal activity is identified or suspected.
• Central banks and banks should focus on introducing variants of existing instant payment products that create a deliberate delay in the payment system, such as Swish, with a delayed payment option for transactions that do not take place face-to-face.
• Banks should focus on identifying vulnerable customers and offering them appropriate payment products with ‘increased friction’. In the UK, all payments include payee verification, as well as supplementary questions and checks on the purpose of the payment to prevent fraud.

This is mainly about creating the right conditions and incentives for different actors to implement measures aimed at preventing these payment frauds. We are aware that authorities and providers of critical services are already working on this. However, other countries have gone further.

In the UK, financial players are partnering with mobile operators to analyse data in real time with the aim of detecting and stopping suspicious financial transactions. In Finland, regulations and measures have gone further to counteract manipulated phone numbers and text messages. Our point is that this work must be accelerated so that even more companies and citizens do not have to pay too high a price because protective measures are not in place.

Read the article in Swedish.