EU puts in place tighter rules to fight non cash payment fraud

The EU is stepping up the fight against fraud involving non-cash means of payment (credit cards, online shopping, etc.) by upgrading and modernising the existing rules.

The Council formally adopted today the directive on combating fraud and counterfeiting of non-cash means of payment. Member states have 2 years to implement the new rules.

The directive updates the existing rules to ensure that a clear, robust and technology-neutral legal framework is in place. It also gets ride of operational obstacles that hamper investigation and prosecution, and foresees actions to enhance public awareness of fraudulent techniques such as phishing or skimming.

Main provisions of the text

The directive aims to be technology-neutral and encompass not only traditional non-cash payments such as bank cards or cheques but also new ways of making payment which have appeared over recent years, such as electronic wallets, mobile payments and virtual currencies.

Some of the main provisions are:

  • Harmonised definitions of some online crime offences, such as hacking a victim's computer or phishing;
  • Harmonised rules on penalties for natural persons: five, four or three years of prison, depending on the offence, as the minimum penalty in cases where a judge imposes the national “maximum” custodial sentence for non-cash payment fraud;
  • Assistance and support to ensure victims are sufficiently informed of their rights and citizens are advised on how to protect themselves from such frauds;
  • Clarification of the scope of jurisdiction to ensure cross border fraud is tackled more effectively.

The directive provides for minimum rules, so member states are free to go further and implement more stringent rules, including a broader definition of offences or higher penalties.

Next steps

This formal votes marks the end of the legislative process. The directive will now be formally signed and then published in the official journal. Member states will have two years (from the publication in the OJ) to implement the new provisions.


In 2013, it is estimated that €1.44 billion was stolen by criminals through non cash payment fraud. Around 36 billion of phishing messages are sent every year to European citizens.

The directive was proposed by the Commission in September 2017 as part of the EU's response to the challenge of cybersecurity. It updates the Council framework decision 2001/413/JHA dating back to 2001.