Paying by card is safe in Sweden, but card fraud can occur when a debit card or credit card is read during payment, or when withdrawing cash from an ATM. In a European comparison made by the ECB, Sweden was just above the European average concerning the number of card frauds up until 2018. However, according to statistics from the police, the number of card frauds in Sweden has decreased over the last year. So far in 2020, the average monthly number of card frauds has been 29 per cent lower than in 2019.
The risk of fraud is low for card payments in shops in Sweden. Most card frauds take place in cross-border online payments, so-called Card Not Present frauds, where card details may have been stolen in a data security breach. The risk of fraud is greatest in Card Not Present payments outside the EEA area.
Since September 2019, payment transactions within the EEA have required strengthened customer authorisation. This requirement aims to protect consumers and others using payment services against card fraud. Strengthened customer authorisation means, as a principal rule, that a customer must provide identification using at least two of the following factors when making a digital payment or logging on to a payment account:
- knowledge (something that only the user knows, for example a password or a PIN code)
- a possession (something that only the user has, for example a card or a telephone)
- a unique characteristic (a physical feature of the user, for example a fingerprint)
In Sweden, the requirement for strengthened customer authorisation means that, as a rule, a PIN code for a card or Bank-ID is needed to make a payment transaction in a shop or online. For example, many people now have a code sent to their mobile telephone to verify online purchases. There are, however, a number of exceptions from the requirement for strengthened customer authorisation, among other things for low-value transactions and in contactless payments in shops.