$3.05 billion in reported losses to business email compromise in 2025 (FBI IC3).See the numbers by country →
€18.9M

lost by Irish SMEs to email-related scams over two years — invoice redirection was the majority of cases, with CEO impersonation second

BPFI / FraudSMART · Two years to March 2026

€22,000+

average loss for an Irish SME that was successfully defrauded by an email-related scam

BPFI / FraudSMART · Two years to March 2026

67%

of Irish SMEs were targeted by financial scams in the past 12 months — and 88.4% of those attempts arrived by email

BPFI / FraudSMART survey with ISME · 12 months to March 2026

The numbers

What Ireland loses to payment fraud.

53%

of Irish SMEs have no fraud-awareness guidelines and no staff training programme

BPFI / FraudSMART · As of March 2026

1 of 6

Ireland is one of only six EU/EEA countries where customers do NOT bear more than 80% of credit-transfer fraud losses — Irish banks absorb more than most. It is still not a reimbursement right

EBA/ECB 2025 Report on Payment Fraud · Calendar 2024

74%

of fraudulent credit-transfer value across the EU/EEA came from "manipulation of the payer" — the account holder was deceived into authorising the transfer themselves (up from 65% in 2023)

EBA/ECB 2025 Report on Payment Fraud · Calendar 2024

Behind the numbers

How these losses actually happen.

Ireland's banks publish what most of Europe does not: a loss figure for the fraud that specifically targets businesses paying invoices. Through FraudSMART, the Banking & Payments Federation Ireland reported €18.9 million lost by SMEs to email-related scams over two years to March 2026 — and named invoice redirection as the majority of cases, with CEO and executive impersonation second.

The per-incident economics are what make this existential for a small company: the average loss for an SME that got hit was more than €22,000. And the exposure is close to universal — 67% of Irish SMEs were targeted by a financial scam in the previous 12 months, with 88.4% of attempts arriving by email. Over half of Irish SMEs, 53%, have no fraud-awareness guidelines or staff training at all.

The regulatory data tells the same story from the bank side. The Central Bank of Ireland's payment-fraud statistics put total fraudulent payments across all instruments at €160.2 million in 2024, up from €128.6 million in 2023 — with €67.7 million of it on credit transfers, the instrument used to pay suppliers.

Ireland is unusual in one respect worth knowing: it is one of only six EU/EEA countries where customers do not bear more than 80% of credit-transfer fraud losses — Irish banks absorb a comparatively larger share than banks elsewhere in Europe. That is a genuine difference, but it is not a reimbursement right, and it should not be mistaken for one.

What the system covers

No reimbursement scheme. A recommendation, twice made, and not yet law.

Ireland has no mandatory reimbursement scheme for authorised push payment fraud — nothing equivalent to the UK regime that splits the cost between sending and receiving banks. The Central Bank of Ireland expects firms to have effective measures to mitigate fraud and to engage with customers; it does not compel them to refund a payment the customer authorised.

The Oireachtas Joint Committee on Finance recommended Ireland consider a UK-style scheme in its October 2024 report on APP fraud, and repeated the call in May 2026. As of July 2026 it remains a recommendation. A business that pays a fraudulent invoice today has no statutory right to get the money back.

Verification of Payee has been mandatory since 9 October 2025 under the EU Instant Payments Regulation, and Irish banks — AIB, Bank of Ireland, PTSB, An Post Money and the credit unions — have rolled it out. As everywhere in the euro area, it warns rather than blocks, and it cannot detect a bank-detail change made inside a hijacked email thread, where the name and IBAN the fraudster supplies match each other.

One Irish development is worth watching for smaller companies: the Central Bank's Consumer Protection Code 2025, in force from March 2026, widens the definition of "consumer" to include incorporated bodies with annual turnover under €5 million — bringing many small Irish businesses inside protections previously reserved for individuals. The detail of how far that reaches in a fraud dispute is still being tested.

What this means for you

Ireland counts invoice redirection because it keeps happening to Irish SMEs.

The Irish data is unusually direct about the exact crime this page is about. Invoice redirection is not a sub-category of something broader here — it is named, counted, and identified as the majority of the €18.9 million Irish SMEs lost to email scams over two years, at more than €22,000 a time.

The exposure numbers explain why it works: two thirds of Irish SMEs were targeted in a year, nearly nine in ten of those attempts came by email, and more than half of Irish SMEs have no fraud training or guidelines in place at all. The attack arrives in the same inbox and the same format as every legitimate invoice.

PayHQ is the control that gap is asking for: every incoming invoice is checked against the supplier record your team has already verified — name, registration and bank details — and a changed account is held for review before the payment is released, rather than discovered afterwards.

FAQ

Common questions about fraud in Ireland.

Will an Irish bank reimburse my business after invoice fraud?

There is no mandatory reimbursement scheme in Ireland for authorised push payment fraud. The Oireachtas finance committee has twice recommended considering one — in October 2024 and again in May 2026 — but as of July 2026 it is not law.

How common is invoice fraud against Irish SMEs?

67% of Irish SMEs were targeted by a financial scam in the 12 months to March 2026, and 88.4% of those attempts arrived by email. More than half of Irish SMEs have no fraud-awareness training or guidelines.

Do Irish banks cover more fraud losses than other EU banks?

Somewhat. Ireland is one of only six EU/EEA countries where customers do not bear more than 80% of credit-transfer fraud losses, so Irish banks absorb a larger share than most. That is a statistical pattern, not a legal right — it does not mean your business will be refunded.

Sources & methodology

Where these numbers come from.

Every statistic on this page was checked against the named source in July 2026. Ireland's SME figures are losses reported by FraudSMART member banks, not a police count. Note that Ireland's CSO recorded-crime statistics are not usable here: the CSO excludes most bank-reported fraud from its published fraud series and formally cautions against reading those figures as complete. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. National figures are not directly comparable between countries, because each country counts differently. When a figure cannot be verified against a primary source, we remove it rather than keep it.

Other countries

Compare with other EU markets.

Protect your supplier payments in Ireland.

PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.