.svg)
Sweden needs tougher measures in place to combat rising fraud, including enhanced transaction monitoring and enforced caps or delays to payments, the country’s banking industry group has said.
In recommendations to the government, the Swedish Bankers Association said that Sweden’s tradition of transparency would need to be curtailed to prevent fraudsters obtaining personal data that they could use to target victims.
Changing payment trends have created a challenge for combating payments fraud across Europe. The Swedish National Council for Crime Prevention reports that fraud experienced the most significant increase in 2023 among crime categories, with card fraud cases specifically up by 44 percent from 2022.
The Swedish Bankers' Association has proposed the continued enhancement of transaction monitoring systems and product offerings, including the implementation of mechanisms such as transaction time delays and payment amount limits, with provisions for secure modification.
The industry group also said that opportunities for criminals to use banks' products must be further restricted or closed completely. Payment service providers must be able to block the use of mobile payment system Swish and digital identity service BankID by fraudsters and money mules more effectively, it said.
In other countries, payment delays have already been promoted as a means to reduce fraud.
For instance, the UK government has published draft legislation to permit payment service providers to delay outbound payments processing when there are reasonable grounds to suspect fraud or dishonesty and when more time is required to contact the customer or relevant third parties.
Fraud issues have persistently become a policy priority for governments and regulators across Europe. At the EU level, there are enhanced provisions in the Payment Services Regulation, Payment Services Directive (PSD3) and the incoming Instant Payments Regulation. Several national governments, including Lithuania and Spain, have also strengthened their rules.
Sweden has been no different. In October last year, the government said it had tasked the country’s Financial Supervisory Authority with reviewing how payment service providers work to prevent fraud to increase consumer protection.
In 2022, the Ministry of Finance released a memorandum on online payments fraud, which proposed requiring payment service providers and consumer credit institutions to apply strong customer authentication (SCA) when a consumer uses a payment method that involves a deferred payment when purchasing goods or services online.
Downside of transparency
The Swedish Bankers' Association also joined other financial organisations this week in raising concerns about the exploitation of personal data by criminals in Sweden in a joint letter.
The letter has brought attention to loopholes in current Swedish legislation that enable criminals to freely access and misuse personal information, posing significant risks to individuals and society as a whole.
Sweden is a very transparent society, with citizens able to, for example, source information such as people’s salaries. The trade associations warn that criminals are exploiting the availability of personal data provided by various search services on their websites.
These bad actors operate under voluntary release certificates, which grant them constitutional protection under the Freedom of Expression Act. This protection subsequently allows them to publish personal data without individuals' consent and even charge for it.
Moreover, obtaining a voluntary release certificate is a simple process, enabling anyone, including criminals, to start a search service.
The existing Swedish legislation, the letter argues, is at odds with the EU's General Data Protection Regulation (GDPR). The voluntary release certificates permit the publication of information prohibited by the GDPR, prioritising public access over individuals' privacy rights and protection against crime.
This misalignment with international standards poses significant challenges in combating fraud and safeguarding citizens, according to the trade associations.
One of the major concerns raised is the anonymity of users of these search services, coupled with the lack of notification to individuals when their personal data is accessed.
This lack of transparency creates fertile ground for criminals to systematically target potential victims, exploiting details such as age, marital status, income and address, with the trade associations warning that this poses a threat of negative repercussions including financial fraud.
While acknowledging the value of Sweden's principle of openness, the signatories emphasise the need for legislative adaptation to address evolving societal and technological landscapes.
The letter refers to a government-commissioned investigation into the constitutional protection of search services, due to report in November 2024.
But the anticipated timeline for implementing any recommended constitutional amendments is between three to five years, allowing criminals to continue exploiting personal data in the interim.
The organisations have criticised this delay and called on the government to take immediate action to update data protection legislation.
They have urged swift amendments to limit criminals' access to personal data via private search services and advocate for greater transparency and regulation of these services.
The letter also emphasises the need to balance privacy rights with legitimate access to personal data by authorities and employers for security purposes.
The fight against organised crime, the signatories stress, requires concerted efforts from all sectors of society, whether that be politicians and authorities, or payment service providers and other private entities.
The organisations have said that these must collaborate to strengthen societal resilience and adapt legislation to address emerging threats effectively, stating that the protection of personal data should serve as a safeguard for all citizens, rather than a tool for criminal exploitation.
As long as vulnerabilities in data privacy persist, the letter concludes, meaningful progress in combating organised crime will remain elusive.
