$3.05 billion in reported losses to business email compromise in 2025 (FBI IC3).See the numbers by country →
€216M

in fraudulent credit transfers reported by Belgian payment providers, across 87,235 fraudulent transactions — the instrument Belgian companies pay invoices with

EBA/ECB 2025 Report on Payment Fraud · Calendar 2024

Retail only

Belgium's July 2026 anti-fraud action plan — lower transfer limits, cooling-off periods, a central fraud hotline — is scoped to private customers ("particuliere klanten"); no business-account measures are included

Febelfin / Minister of Consumer Protection · Announced 8 July 2026

34.6%

of internet-fraud complaints to Belgium's financial ombudsman were resolved in the complainant's favour — of 1,010 files, only 349 were found well-founded

Ombudsfin, annual report 2023 · Calendar 2023

The numbers

What Belgium loses to payment fraud.

€49M

stolen via phishing in Belgium — banks detected, blocked or recovered 75% of the fraudulent transfers before this residual loss. This measures phishing, not invoice fraud

Febelfin, phishing figures 2024 · Calendar 2024

144

account-compromise cases handled by Belgium's national cybersecurity centre — its top threat category, roughly double the prior year. It names CEO-fraud scenarios used to trigger urgent payments

Centre for Cybersecurity Belgium, Key figures 2025 · Calendar 2025

€32M

in losses declared by 6,805 victims who reported fraud to the Belgian federal consumer authority — general fraud, not broken out by type

FPS Economy (SPF Economie) · Calendar 2025

Jan 2026

mandatory B2B Peppol e-invoicing began in Belgium — invoices now travel as structured messages over a closed network rather than as PDFs attached to email. No fraud-statistics body has yet measured its effect on fraud rates

Febelfin / Belgian B2B e-invoicing mandate · In force from January 2026

74%

of fraudulent credit-transfer value across the EU/EEA came from "manipulation of the payer" — the account holder was deceived into authorising the transfer themselves (up from 65% in 2023)

EBA/ECB 2025 Report on Payment Fraud · Calendar 2024

Behind the numbers

How these losses actually happen.

Belgian payment providers reported €216,038,048 in fraudulent credit transfers in 2024, across 87,235 transactions — four times the country's card-fraud value of €53 million. The money leaves on transfers.

What Belgium does not publish is an invoice-fraud number. Febelfin quantifies phishing rigorously — €49 million stolen in 2024, with banks detecting, blocking or recovering 75% of fraudulent transfers before that residual loss landed — but phishing is a different crime from a supplier's IBAN being swapped inside an email thread. No Belgian body publishes a euro total for invoice fraud or CEO fraud, and we will not manufacture one.

The qualitative signal is clear enough. The Centre for Cybersecurity Belgium handled 144 account-compromise cases in 2025 — its single largest incident category, roughly double the year before — and names "using CEO fraud scenarios to trigger urgent payments" among the techniques driving it. The Federation of Belgian Enterprises stated publicly that invoice fraud rose worryingly in 2025, without putting a figure on it.

The ombudsman's data is the sobering part. Of 1,010 internet-fraud complaint files handled in 2023 — a category that explicitly includes invoice fraud — only 349, or 34.6%, were closed as well-founded. Even in the narrower category that is nominally protected, most complainants do not get a favourable outcome.

What the system covers

The refund right reaches businesses. It just doesn't reach this fraud.

Belgian law, under Articles VII.43 and VII.44 of the Code of Economic Law, requires a bank to refund unauthorised transactions immediately unless it proves gross negligence. A Dutch-speaking Business Court of Brussels ruling on 19 March 2026 confirmed that this right applies to every payment service user — it is not limited to consumers, and it does reach companies.

That sounds better than it is. The right covers unauthorised transactions only. An invoice-fraud payment — where your own team validated a transfer to an account a fraudster supplied — is authorised, and falls outside the mechanism entirely. The court's ruling extends who is protected, not what is protected.

In July 2026, Belgium's Minister of Consumer Protection and Febelfin announced a substantial anti-fraud action plan: standard transfer limits capped at €5,000 a day by early 2027, a mandatory four-hour cooling-off period on limit increases, fraud cases resolved within 15 banking days, and a central "Fraudstop" hotline. Read the scope: the plan is explicitly for "particuliere klanten" — private customers. No business-account provisions are mentioned.

Verification of Payee has applied since 9 October 2025, and Belgium's implementation does at least reach companies: Febelfin confirms banks report the registered legal-entity name, and urges businesses to keep their name correctly registered with the Crossroads Bank for Enterprises so it matches on invoices. Separately, Belgium's mandatory B2B Peppol e-invoicing regime, live since January 2026, changes how invoices travel: as structured messages over a closed network rather than PDFs attached to email. That removes the email attachment as the delivery vehicle — though no Belgian fraud-statistics body has yet published what it does to fraud rates, and the bank details inside a structured invoice still have to be right.

What this means for you

Belgian companies are outside the plan, and outside the numbers.

Belgium's SME position is defined by two absences. There is no published figure for what invoice fraud costs Belgian businesses — UNIZO, Voka, Febelfin and the FPS Economy run a joint invoice-fraud awareness campaign, and none of them publishes a loss total. And the government's flagship anti-fraud action plan, announced in July 2026, is scoped to retail customers, leaving business accounts outside its transfer limits, cooling-off periods and resolution deadlines.

What is measurable is not reassuring: only 46.4% of Belgian companies have two-factor authentication on externally-accessible connections, while 70% expect to be attacked — and account compromise is now the national cybersecurity centre's largest incident category, with CEO-fraud payment requests named as a driver.

Peppol e-invoicing changes the delivery channel: a structured invoice exchanged over a closed network is not the same target as a PDF attached to an email. No Belgian fraud-statistics body has yet measured what that does to fraud rates, and it is too early to claim a reduction. What is clear is what it does not do — it does not verify that the bank account on a structured invoice is the one your supplier actually uses. That check is what PayHQ performs: every incoming invoice is compared against your verified supplier record, and a changed account is flagged before payment.

FAQ

Common questions about fraud in Belgium.

What does invoice fraud cost Belgian businesses?

No Belgian body publishes that figure. Febelfin quantifies phishing, and the Centre for Cybersecurity Belgium counts account compromise, but there is no published euro total for invoice fraud or CEO fraud in Belgium.

Does Belgium's 2026 anti-fraud action plan protect my company?

No. The July 2026 plan — €5,000 daily transfer limits, cooling-off periods on limit increases, 15-day fraud resolution, a central hotline — is explicitly scoped to private customers. No business-account measures are included.

Will a Belgian bank refund my company after invoice fraud?

Unlikely. A Brussels Business Court ruling in March 2026 confirmed the statutory refund right applies to businesses as well as consumers — but only for unauthorised transactions. An invoice-fraud transfer your own team approved is authorised, so it falls outside that protection.

Sources & methodology

Where these numbers come from.

Every statistic on this page was checked against the named source in July 2026. Belgium publishes no invoice-fraud or CEO-fraud loss total; Febelfin's headline figures measure phishing, which is a different crime, and are labelled as such here. The credit-transfer figure comes from the EU's supervisory data, collected on a comparable basis across the EU/EEA. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. National figures are not directly comparable between countries, because each country counts differently. When a figure cannot be verified against a primary source, we remove it rather than keep it.

Other countries

Compare with other EU markets.

Protect your supplier payments in Belgium.

PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.