$3.05 billion in reported losses to business email compromise in 2025 (FBI IC3).See the numbers by country →
80.6%

of fraudulent credit-transfer value in Poland came from manipulating the payer into executing the transfer themselves — 82.0% in the following quarter

Narodowy Bank Polski, quarterly report on fraudulent transactions · Q1 2025 (and Q2 2025)

33,200

fraudulent credit transfers in a single quarter, worth 157.4 million złoty — the highest transaction count in the central bank's series

Narodowy Bank Polski · Q4 2025

33%

of Polish SME employees who faced a fraud attempt were targeted with fraudulent invoices — the second-most-common attack after fake payment-link emails (35%)

BIK, Raport Antyfraudowy 2025 · Calendar 2025

The numbers

What Poland loses to payment fraud.

8,050 zł

average value of a fraudulent credit transfer in Poland — the size of a business payment, not a consumer one

Narodowy Bank Polski · Q1 2025

~32%

of Polish SMEs experienced an attempted financial fraud; 5.8% of SMEs — an estimated 162,000 firms — use no anti-fraud security measures at all

BIK, Raport Antyfraudowy 2025 · Calendar 2025

€163.6M

in fraudulent credit transfers reported by Polish payment providers to EU supervisors, across 124,090 transactions — the EU's own comparable measure

EBA/ECB 2025 Report on Payment Fraud · Calendar 2024

9 July 2027

the date Verification of Payee becomes mandatory in Poland — as a non-euro EU state, Poland gets 21 months longer than the euro area

Instant Payments Regulation, non-euro timeline · Instant Payments Regulation (EU) 2024/886

253,238

computer-fraud incidents registered by Poland's national CERT — but 96.1% were logged against private individuals, not businesses

CERT Polska (NASK), annual report 2025 · Calendar 2025

Behind the numbers

How these losses actually happen.

Narodowy Bank Polski publishes fraud data every quarter, and it separates out the mechanism with unusual clarity. In the first quarter of 2025, 20,122 fraudulent credit transfers moved 162 million złoty — and 80.6% of that value came from what NBP calls fraud "arising from inducing a manipulated payer to execute the transfer" themselves. In the second quarter the share rose to 82.0%.

The trend through 2025 is upward and accelerating. By the fourth quarter, fraudulent credit transfers had reached 33,200 in a single quarter — the highest count in NBP's series — worth 157.4 million złoty. The average fraudulent transfer runs around 8,000 złoty.

For Polish businesses specifically, BIK's 2025 anti-fraud report is the clearest source: nearly a third of Polish SMEs experienced an attempted fraud, and among SME employees who faced an attempt, 33% were targeted with fraudulent invoices — second only to fake payment-link emails at 35%. More than half of victimised SMEs reported incidents recurring up to ten times a year, and 36% rely mainly on "vigilance and intuition" rather than any systematic control.

In the EU's comparable supervisory data, Poland reported €163,627,757 in fraudulent credit transfers in 2024 — a larger total than Italy, Spain or the Netherlands.

What the system covers

Poland has a bank-account check no other EU country has. It was built for tax fraud.

Poland's biała lista podatników VAT — the VAT taxpayer white list — is genuinely distinctive. Any B2B payment above PLN 15,000 must be made to a supplier bank account registered on the tax authority's white list. Pay an off-list account and the consequences are real: you lose the ability to deduct the cost for income-tax purposes, and you become jointly and severally liable for the supplier's VAT on that transaction.

It is tempting to read that as an anti-invoice-fraud control, and it is worth being precise: it was built to fight missing-trader VAT fraud, not bank-detail substitution. It does not verify that the account belongs to your supplier's real identity, and it will not catch a fraudster who has managed to get a legitimate, white-listed account. What it does create is friction and a paper trail for any payment to an unregistered account — a useful side effect, but not a defence anyone has quantified.

Verification of Payee does not reach Poland yet. As a non-euro EU member state, Poland has until 9 July 2027 to implement the name-versus-account check that euro-area banks have had to offer since October 2025. Until then, Polish transfers execute on account number alone.

And there is no reimbursement scheme for authorised push payment fraud. Poland's payment services act gives a fast, burden-reversed refund right for unauthorised transactions, but a transfer executed by the victim's own employee with valid credentials is legally authorised. Some Polish lawyers argue manipulated consent is not true authorisation, and banks are increasingly challenged on it, but there is no settled right — victims largely bear the loss.

What this means for you

A third of Polish SMEs hit by fraud were sent a fake invoice.

BIK's 2025 data is directly on point: among Polish SME employees who faced a fraud attempt, 33% were targeted with fraudulent invoices, second only to fake payment-link emails. Nearly a third of Polish SMEs experienced an attempted fraud at all, over half of the victims saw incidents recur up to ten times a year, and 36% say their main defence is vigilance and intuition.

The structural picture explains why that is not enough. Four in five fraudulent złoty are transferred by the victim's own hand. There is no name check on Polish transfers until July 2027. There is no reimbursement right for a payment your team authorised. And the one distinctive Polish control — the VAT white list — was designed for a different crime and cannot tell you whether the IBAN on today's invoice is the one your supplier actually banks with.

PayHQ fills exactly that gap: it checks each incoming invoice against the supplier record your team has verified and flags a changed account before the przelew is released — the check Poland's rails will not perform for another year.

FAQ

Common questions about fraud in Poland.

How much Polish transfer fraud is push-payment fraud?

The overwhelming majority. Narodowy Bank Polski reports that 80.6% of fraudulent credit-transfer value in Q1 2025 — and 82.0% in Q2 — came from manipulating the payer into executing the transfer themselves.

Does the VAT white list protect against invoice fraud?

Not directly. The biała lista requires B2B payments over PLN 15,000 to go to a registered supplier account, on pain of losing tax deductibility and taking on joint VAT liability. It was designed to fight missing-trader VAT fraud, not bank-detail substitution, and no source quantifies it catching invoice fraud.

Do Polish banks check the payee's name?

Not yet. As a non-euro EU country, Poland has until 9 July 2027 to implement Verification of Payee. Until then, Polish transfers are executed on the account number alone.

Sources & methodology

Where these numbers come from.

Every statistic on this page was checked against the named source in July 2026. NBP's manipulated-payer percentages are shares of credit-transfer fraud specifically, not of all payment fraud. BIK's SME figures come from an industry survey, not an official statistic. CERT Polska's incident counts are overwhelmingly individuals, not businesses, and are included only for scale. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. National figures are not directly comparable between countries, because each country counts differently. When a figure cannot be verified against a primary source, we remove it rather than keep it.

Other countries

Compare with other EU markets.

Protect your supplier payments in Poland.

PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.