Online Banking Fraud Advisory — Europe EN | FR | DE | ES

Think you are a victim of online banking fraud?

Stay calm. Follow the key steps below to protect your accounts and your rights under European law.

Request a call back See the key steps
Time matters. Under PSD2 (EU Directive 2015/2366), reporting unauthorised transactions promptly is essential to recovering your funds.

The 6 key steps to take immediately

These actions, taken in order, will help you limit damage and meet the legal requirements set out by your bank and European regulators.

01

Block your cards and access

Call your bank's 24/7 fraud line to block your cards, freeze online access, and prevent further transactions. Note the time of your call.

02

Change your credentials

From a trusted, malware-free device, change your online banking password, e-mail password and any reused passwords. Enable two-factor authentication.

03

Gather evidence

Save screenshots, suspicious emails, SMS, transaction references and dates. This documentation will be required by your bank and the police.

04

File a police report

Report the fraud to your local police or national cybercrime unit. In most EU member states, a written complaint (procès-verbal / Anzeige / denuncia) is mandatory for reimbursement.

05

Notify your bank in writing

Send a formal notification to your bank within 13 months — ideally within 24 hours. Include the police report number and a list of disputed transactions.

06

Request a fraud advisor

Submit a request and one of our specialists will call you back to guide you through the recovery procedure, liaise with your bank, and help you escalate to the financial ombudsman if needed.

€4.3B
Lost to card fraud across the EEA each year (ECB, SUERF)
24h
Recommended timeframe to notify your bank after detection
€50
Maximum amount you may be liable for under PSD2 in most cases
13mo.
Maximum legal delay to dispute an unauthorised transaction

How to protect yourself in the future

Most online banking frauds rely on social engineering rather than technical breaches. A few simple habits dramatically reduce your exposure:

  • Never share your bank credentials, OTP codes or card details by phone, e-mail or SMS.
  • Verify the URL before logging in — look for HTTPS and the exact domain of your bank.
  • Activate transaction alerts and set sensible spending limits.
  • Keep your devices, browsers and banking apps up to date.
  • Be cautious with unsolicited calls, even if the caller knows your name or account details.

Useful European resources

  • European Banking Authority (EBA)
  • Europol — European Cybercrime Centre (EC3)
  • Your national financial ombudsman
  • Your national data protection authority (GDPR)

Frequently asked questions

Will my bank refund me?

Under PSD2, your bank must refund unauthorised transactions immediately, unless they can prove gross negligence on your part.

What if I gave my code voluntarily?

If you were tricked into providing it (phishing, vishing, spoofing), you may still be entitled to reimbursement. Recent case law in several EU countries has favoured victims.

How long does the procedure take?

Banks must respond within 15 business days. Complex cases may take up to 35 days. Our advisors can help you escalate if delays occur.

Is your service free?

The first consultation with our advisors is always free of charge and without commitment.

Request a call back from a fraud advisor

Our European-licensed advisors are available Monday to Saturday, 8:00 to 20:00 CET. Free, confidential, and without obligation.

To protect you from fraudulent calls and unsolicited contact, we never publish a direct line. Submit a request and one of our advisors will reach out to you personally.

Request a call back

Average response time: under 2 hours.