in total payment fraud in the Netherlands across transfers, cards and cash withdrawals — up 22%, across roughly 658,000 fraudulent transactions (up 30%)
De Nederlandsche Bank (DNB) · Calendar 2025
The Netherlands pioneered the IBAN name check eight years before the EU required it. Fraud still rose. And the one scheme that compensates victims outside the law explicitly does not cover businesses.
Last reviewed July 2026 · Every statistic card links to its source
lost to fraud on European credit transfers in the Netherlands, up from €121 million in 2024 — with the number of cases up 55%, to 129,000
De Nederlandsche Bank (DNB) · Calendar 2025
in total payment fraud in the Netherlands across transfers, cards and cash withdrawals — up 22%, across roughly 658,000 fraudulent transactions (up 30%)
De Nederlandsche Bank (DNB) · Calendar 2025
Dutch banks' voluntary compensation scheme for spoofing fraud applies only where the victim is a non-business customer — companies are excluded by its own terms
Nederlandse Vereniging van Banken, Coulancekader spoofing · In force since 2021
reports of acquisitiefraude — ghost invoices — filed by Dutch businesses, plus 327 reports of CEO fraud (up from 247 the previous year)
Fraudehelpdesk, Terugblik 2025 · Calendar 2025
the Dutch government's research institute concluded in June 2026 that a reliable estimate of online-fraud damage to Dutch businesses is not possible — sources range from €14 million to €211 million
WODC (Ministry of Justice and Security), research by Dialogic · Published 2 June 2026
in fraudulent credit transfers reported by Dutch payment providers to EU supervisors, across 95,096 transactions — the EU's own comparable measure
EBA/ECB 2025 Report on Payment Fraud · Calendar 2024
the Netherlands had an IBAN-name check (SurePay) live at Rabobank eight years before the EU made Verification of Payee mandatory — early name-checking did not prevent the 2025 rise
SurePay IBAN-Naam Check rollout · Live since September 2017
of surveyed Dutch and Belgian companies experienced invoice fraud — the top external fraud type, up from 32% (survey covers both countries together, not the Netherlands alone)
Allianz Trade, Fraude Trendrapport 2026 (Benelux) · 2026 edition
of fraudulent credit-transfer value across the EU/EEA came from "manipulation of the payer" — the account holder was deceived into authorising the transfer themselves (up from 65% in 2023)
EBA/ECB 2025 Report on Payment Fraud · Calendar 2024
De Nederlandsche Bank began publishing payment-fraud statistics in this form in 2026, and the first reading is not good: €198 million of payment fraud in 2025 across roughly 658,000 transactions, up 22% in value and 30% in volume. Credit transfers — the instrument businesses pay invoices with — accounted for €148 million of that, up from €121 million, with the number of cases rising 55%.
DNB is explicit about the mechanism, and explicit that it hits companies: "consumers and businesses are often deceived into transferring money themselves," it writes, naming false payment instructions among the causes, and noting fraudsters increasingly use fast payments that are hard to reverse. Read the scope caveat too — DNB's data covers about two-thirds of the market and excludes direct debits, e-money, worldwide transfers, and transfers between accounts at the same bank.
For business-specific fraud types, the Fraudehelpdesk is the source of record. In 2025 it took 1,146 business reports of acquisitiefraude — ghost invoices — and 327 reports of CEO fraud, the latter up from 247 the year before, with €121,000 of reported CEO-fraud damage. But these are reports made to a helpdesk, not a national loss total.
And a national loss total does not exist. In June 2026, the Dutch justice ministry's own research institute (WODC) concluded that a reliable estimate of online-fraud damage to Dutch businesses is not currently possible: existing sources disagree by orders of magnitude, from roughly 1,700 to 190,000 incidents a year and from €14 million to €211 million in damage. The research was commissioned by VNO-NCW and MKB-Nederland precisely because they wanted a number — and it found the data does not support one.
Dutch law splits payment fraud in two. "Bancaire fraude" — a payment the customer never authorised — carries a statutory reimbursement obligation under articles 7:528 and 7:529 of the Burgerlijk Wetboek, absent gross negligence. "Niet-bancaire fraude" — where the victim is deceived into authorising the payment themselves, which is exactly what invoice fraud, CEO fraud and spoofing are — carries no statutory reimbursement obligation at all.
Outside the law, Dutch banks operate a voluntary goodwill scheme, the Coulancekader, for spoofing victims. Its own eligibility criteria state it applies where "the victim is a non-business customer, and the fraud took place on a private account number." Businesses are excluded by design. So a Dutch company hit by invoice fraud has neither a statutory right to reimbursement nor access to the banks' discretionary scheme.
Verification of Payee became mandatory across the euro area on 9 October 2025 — but the Netherlands got there first, with SurePay's IBAN-Naam Check live at Rabobank from September 2017 and across the other major banks by 2018. The EU mandate mainly extended it to cross-border IBANs. The Dutch experience is a useful warning: an early, widely-used name check did not stop transfer fraud from rising 55% in case volume in 2025, because a name check cannot catch a fraudster whose supplied name and IBAN match each other.
The Instant Payments Regulation does create one narrow refund right: if your bank fails to perform the Verification of Payee check correctly, it must refund you. If it correctly warns you of a mismatch and you proceed anyway — the classic invoice-fraud scenario — the liability is yours.
The most telling fact about Dutch SME fraud data is that it does not exist. VNO-NCW and MKB-Nederland commissioned research precisely to quantify what online fraud costs Dutch businesses, and in June 2026 the government's own research institute reported back that no reliable estimate is possible — the available sources are too inconsistent, spanning €14 million to €211 million. The researchers recommended the police start recording whether a fraud victim is a business at all.
What is measurable points one way. Ghost invoices generated 1,146 business reports to the Fraudehelpdesk in 2025 and CEO fraud reports rose to 327. Across the Benelux, 44% of surveyed companies reported experiencing invoice fraud — the most common external fraud type they face.
With no statutory reimbursement for deceived-but-authorised payments, and businesses written out of the banks' goodwill scheme, the Dutch position is unusually stark: the check has to happen before the money leaves. PayHQ compares every incoming invoice against the supplier record you verified and holds a changed IBAN for review before the payment run.
DNB reported €198 million in total payment fraud in 2025 across roughly 658,000 transactions, up 22% in value. Credit transfers accounted for €148 million of that, up from €121 million in 2024, with case volume up 55%.
No, on both routes. Dutch law gives a statutory reimbursement right only for unauthorised payments, and an invoice-fraud transfer is authorised. The banks' voluntary Coulancekader goodwill scheme for spoofing explicitly applies only to non-business customers on private accounts.
Yes — the IBAN-Naam Check went live at Rabobank in 2017 and across the major banks by 2018, years ahead of the EU's Verification of Payee mandate. It still did not stop credit-transfer fraud cases rising 55% in 2025, because a name check cannot catch a fraudster whose name and IBAN match each other.
Nobody knows, and the Dutch government says so. In June 2026 the WODC concluded that no reliable estimate of online-fraud damage to Dutch businesses is currently possible — existing sources range from €14 million to €211 million a year.
Every statistic on this page was checked against the named source in July 2026. DNB's figures cover roughly two-thirds of the Dutch payments market and exclude direct debits, e-money, worldwide transfers, and transfers between accounts at the same bank. Fraudehelpdesk figures are reports made to a helpdesk, not a national loss total — and the Dutch government's own research institute has concluded no reliable business loss total can currently be produced. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. National figures are not directly comparable between countries, because each country counts differently. When a figure cannot be verified against a primary source, we remove it rather than keep it.
PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.