Financial Crime World

Sweden’s Highest Court Rules in Favor of Compensating Victim of Phishing Scam

In a groundbreaking decision, Sweden’s Supreme Court has ruled that a consumer who fell victim to a phishing scam and unintentionally handed over their BankID and response codes will be eligible for compensation.

The Phishing Scam Incident

The incident took place in August 2018 when a bank customer received a call from a fraudster posing as a representative from the bank’s security department. Over the course of two calls, the consumer was convinced to hand over access to their BankID, an electronic identification system extensively used in Sweden for online banking and other transactions. With an estimated 6.8m users in a population of around 10m people, BankID is a vital component of the Swedish financial sector.

Consumer’s Liability and Compensation

Despite the consumer’s ‘gross negligence’ in disclosing the codes, the Supreme Court determined that the consumer did not intentionally disclose the codes to an unauthorized person and that it could not be proven they acted with the realization of the risk of unauthorized transactions.

Sweden’s Payment Services Act states that if the account holder is found to have acted with gross negligence in connection with the unauthorized transaction, the consumer may be liable for the loss, but only up to SEK12,000 ($1,172). Any losses exceeding this threshold must be covered by the bank.

Implications for Future Claimants

Head of the Consumers’ Banking and Finance Bureau, Kicki Westerståhl, welcomed the decision. She stated, “Many consumers in recent years have been judged to have acted particularly reprehensibly when they have been deceived by skilled fraudsters and thieves, leaving them to bear the entire loss.”

This ruling could have significant implications for future claimants defrauded in Sweden. EU legislators are considering expanding fraud requirements in the Payment Services Directive (PSD2) as a response to similar incidents across Europe. Sweden, like its European neighbors, has taken action to combat fraud, with the government launching a new inquiry in June to prevent fraud and money laundering.

Measures to Prevent Fraud

The following measures are under consideration to prevent fraud and money laundering:

  • Digital identity services like BankID and clearing services such as Bankgirot must provide information on money laundering and suspicious transactions to law enforcement
  • Banks should be allowed to access more information on transaction recipients

Jens Olsson, a fintech advisor in Sweden, believes that entities providing critical financial infrastructure are well-positioned to provide an efficient and holistic view of transactions, potentially leading to the discovery of patterns and saving investigators valuable time in critical investigations.

Extent of Fraud in Sweden

Fraud against individuals in Sweden is estimated to generate approximately SEK3bn ($293m) in criminal profits each year, as per government estimates. Crime profits from fraud have reportedly increased by 49% in just one year, underscoring the importance of a swift and effective response to these cases.

As Olsson put it, “Fraud money fuels the criminal world. The outcomes of these inquiries can have large effects on society as a whole, not just the financial sector.”