Tougher EU payment fraud penalties move one step closer

The changes, if approved by the European parliament and council, will update EU fraud rules to better reflect the growth of digital payments and address the "gaps and differences" in the laws of different EU member states that can "hamper prevention, detection and punishment" of these crimes, according to the Civil Liberties Committee.

"Digitalisation has transformed the way we pay," said committee rapporteur Sylvia-Yvonne Kaufmann.

"As non-cash payments are used more and more, criminals exploit loopholes in the current rules. In today's vote we managed to harmonise the definitions of online crime offences throughout the EU, introduce a minimum level for penalties for them and improve the protection of victims of non-cash fraud."

The proposals were backed by 31 of the 32 MEPs on the committee. They will now be voted on by the full European parliament and by the council of EU member states.

Once approved, the new rules would expand the EU definition of non-cash payment fraud to include virtual currency transactions, as well as the likes of credit card theft, skimming and phishing. A minimum penalty of five, four or three years in prison, depending on the offence, would be imposed in cases where a judge imposes the national 'maximum' custodial sentence for non-cash payment fraud.

The new rules would also improve EU-wide cooperation on cross-border fraud and improve the support available to victims. They include a prevention and awareness-raising package incorporating permanent online fraud information tools; and psychological support, financial advice and free legal aid for those who lack sufficient resources to pursue a fraud case.

Civil fraud and asset recovery expert Jennifer Craven of Pinsent Masons, the law firm behind Out-Law.com, welcomed the committee action.

"As the landscape for digital currency grows, so does the number of non-cash related frauds," she said. "Criminals are becoming increasingly creative in the way they exploit loopholes through 'phishing' and intersecting cryptocurrency transactions, taking advantage of users drawn to these platforms hoping to make a quick profit."

"The directive took traction following a series of attacks on household retailers which had to temporarily suspend online transactions when fraudsters tried to intercept their payment systems. Whilst there tends to be a lot of public coverage of large companies being targeted by fraudsters, it is more often individuals or smaller companies that are most vulnerable. Safeguarding measures should be implemented as soon as possible to help make individuals and small companies aware of the common traps fraudsters use. This may include training on phishing tactics, watching out for fraudulent domain names or unexpected requests for personal information," she said.