The EU is tightening the rules on online payment fraud

On 9 March 2018, the Council adopted its position on the directive on combating fraud and counterfeiting of non-cash means of payment. The Council is now ready to start negotiations with the Parliament as soon as the latter agrees on its position.

The directive aims at updating the current rules to ensure a clear, robust and technology-neutral legal framework is in place. It also eliminates operational obstacles that hamper investigation and prosecution as well as foresees actions to enhance public awareness of fraudulent techniques such as phishing or skimming.

Fraud with credit cards or online shopping is rapidly increasing. Not only it is used to finance criminal groups but it undermines the development of the digital single market as citizens become more reluctant to shop online. We need to put a stop to this and send a clear message to fraudsters that they you will no longer be able to exploit loopholes between Member states. We will now have common rules which will be robust and will ensure that fraudulent behaviours are punished. Tsetska Tsacheva, Bulgarian minister of Justice

Main elements of the directive

The directive aims to be technology-neutral to encompass not only traditional non-cash payments such as bank cards or cheques but also new ways of making payment which have appeared over recent years : electronic wallets, mobile payments, virtual currencies, etc.

The directive includes provisions on:

Expanding the scope of the offences to include, for example, transactions through virtual currencies;

Harmonising the definitions of some online crime offences, such as hacking a victim's computer or phishing

Introducing minimum level for the highest penalties for natural persons

Clarifying the scope of jurisdiction to ensure cross border frauds are better dealt with;

Improving EU-wide criminal justice cooperation;

Improving prevention and awareness-raising to reduce the risk of becoming a victim of fraud.

The directive provides for minimum rules so member states are free to go beyond and implement more stringent rules, including a broader definition of offences or higher penalties.

Background

In 2013, it is estimated that €1.44 billion were gained by criminals through non cash payment fraud. Around 36 billion of phishing messages are sent every year to European citizens.

The directive was proposed by the Commission in September 2017 as part of the EU's response to the challenge of cybersecurity. It replaces the Council framework decision 2001/413/JHA dating back to 2001.

Next steps

Once the European Parliament has defined its position, currently planned for June, trilogues negotiations will start with a view of reaching an agreement as soon as possible.