$3.05 billion in reported losses to business email compromise in 2025 (FBI IC3).See the numbers by country →
214M SEK

estimated criminal proceeds from completed CEO fraud and business email compromise (VD/BEC-bedrägeri) in Sweden — a modelled estimate from police case data, not a measured loss total

Polismyndigheten, Nationellt bedrägericentrum · Calendar 2025

21

victims lost more than 1 million SEK each to CEO fraud in 2025, totalling 161 million SEK — up from just 4 such victims in 2023. The cases are getting bigger, fast

Polismyndigheten, Nationellt bedrägericentrum · Calendar 2025 (vs 2023)

No check

ordinary Swedish bank transfers in SEK carry no recipient-name check at all — the Riksbank confirms name checking exists only for Swish and Bankgiro payments

Sveriges Riksbank, Betalningsrapport 2026 · As of the Riksbank's 2026 Payments Report

The numbers

What Sweden loses to payment fraud.

10,180

police-reported invoice-fraud (fakturabedrägeri) offences in Sweden — the highest on record, after a 23% jump the year before. This counts reported crimes, not money lost

Brå, reported offences statistics database · Calendar 2025

105M SEK

estimated criminal proceeds from unsolicited invoice fraud (bluffakturor) in Sweden — up 67% in a year, the fastest-growing fraud category in the police estimate

Polismyndigheten, Nationellt bedrägericentrum · Calendar 2025

+125%

increase in fraud warnings published on Svensk Handel's Varningslista, driven by a scheme mass-mailing invoices to company inboxes and using 82 foreign bank accounts

Svensk Handel · Calendar 2025

€116M

in fraudulent credit transfers reported by Swedish payment providers to EU supervisors, across 39,709 transactions — the EU's own comparable measure

EBA/ECB 2025 Report on Payment Fraud · Calendar 2024

9 July 2027

the date Verification of Payee becomes mandatory in Sweden — non-euro EU states get an extra 21 months over the euro area's October 2025 deadline

Sveriges Riksbank, Betalningsrapport 2026 · Instant Payments Regulation (EU) 2024/886

No protection

Sweden's own banking association states business owners do not have the same basic protection against financial loss from crime that consumers have

Svenska Bankföreningen (Finance Sweden) · Threat assessment 2025

Behind the numbers

How these losses actually happen.

Sweden's National Fraud Centre publishes something almost no other European police force does: an estimate of criminal proceeds broken out by fraud type, including CEO fraud and business email compromise as their own category. For 2025 it puts VD/BEC-bedrägeri proceeds at 214 million SEK. It is a modelled estimate — average case value multiplied by case volume — not an audited loss figure, and the police say so.

The trend inside that number is the alarming part. In 2023, four people lost more than 1 million SEK each to CEO fraud. In 2024, thirteen did. In 2025, twenty-one did — and their combined losses came to 161 million SEK. The average case is getting dramatically larger, which is what happens when fraudsters move from consumers to companies.

Invoice fraud is counted separately, and it is a Swedish speciality. Brå records fakturabedrägeri as a distinct offence code: reported invoice-fraud crimes jumped 23% in 2024 to 10,007, and rose again in 2025 to 10,180 — the highest on record. Police proceeds estimates put unsolicited invoice fraud — the classic bluffaktura — at 105 million SEK in 2025, up 67% in a year. Svensk Handel's warning list saw publications rise 125% in 2025, driven by a hybrid scheme mass-mailing invoices to company functional inboxes like faktura@.

Sweden's banking industry is candid about why businesses are being targeted. Finance Sweden's own threat assessment states plainly that business owners "do not have the same basic protection against financial loss from crime as consumers" — and warns that as consumer-focused fraud gets harder, criminals are deliberately pivoting to companies, where the payoff per case is larger and the legal protection is weaker.

What the system covers

No name check until 2027. And in May 2026, the Supreme Court closed the other door.

Swedish businesses paying suppliers today do so without a recipient-name check. The Riksbank's 2026 Payments Report confirms it: banks offering payments in euro are already required to provide Verification of Payee, but for payments in Swedish kronor, such checks exist only within Swish and for payments to Bankgiro numbers. An ordinary bank-to-bank SEK transfer is executed on the account number alone.

That gap has a date on it, and it is not soon. Because Sweden is outside the euro area, the Instant Payments Regulation gives it until 9 July 2027 — 21 months after euro-area banks had to comply. Until then, the name on the invoice is not checked against the account it points at.

Swedish law draws the same line other countries do, and in May 2026 the Supreme Court reinforced it. Where credentials or BankID codes are stolen and the bank executes the transfer, a 2022 Supreme Court ruling caps the customer's liability and the bank generally pays. But where the customer is manipulated into pushing the payment themselves — which is every invoice fraud and every CEO fraud — the Supreme Court in May 2026 let stand an appeal-court ruling that the bank is not liable. Sweden currently offers no reimbursement right for the exact fraud pattern this page describes.

Legislation is moving, but not at this. A government bill of March 2026 would require telecom and messaging providers to block messages that traffic data suggests are fraudulent — aimed at the delivery channel, not at bank liability. Parliamentary motions calling for stricter bank duties and clearer reimbursement rights remain motions, not law.

What this means for you

Bluffakturor are the most common crime committed against Swedish businesses.

Företagarna's member survey finds that over five years, 44% of Swedish employer-businesses have been victims of crime — and bluffakturor, fake invoices, are the single most common crime type, ahead of theft and vandalism. Fraud exposure among its members rose from 41% in 2023 to 61% in 2025, and the share reporting an actual financial loss rose from 12% to 19%.

Brå's more rigorous random-sample survey of companies gives a lower figure — just over one in five companies exposed to fraud in 12 months, rising from 37% for solo firms to 83% for firms with 50+ employees. The two surveys measure different things and should not be blended, but they point the same way: exposure is normal, and it scales with size.

The Swedish position is unusually exposed. No name check on SEK transfers until July 2027, no reimbursement right after the Supreme Court's May 2026 decision, and the banking association itself acknowledging businesses lack consumers' basic protection. The verification has to happen before the payment leaves — which is exactly what PayHQ does, checking each incoming invoice against the supplier record your team verified and holding a changed account for review.

FAQ

Common questions about fraud in Sweden.

Do Swedish banks check the recipient's name on a transfer?

Not on ordinary SEK bank transfers. The Riksbank confirms name checking exists only for Swish and Bankgiro payments. Verification of Payee does not become mandatory in Sweden until 9 July 2027, because Sweden is outside the euro area.

Will a Swedish bank reimburse my company after invoice fraud?

No. In May 2026 the Supreme Court let stand a ruling that the bank is not liable where the customer was manipulated into making the payment themselves — which is what invoice fraud and CEO fraud are. Sweden's own banking association states businesses lack the basic protection consumers have.

How common is invoice fraud in Sweden?

Brå recorded 10,180 reported invoice-fraud offences in 2025 — the highest on record, after a 23% jump to 10,007 the year before. Sweden counts fakturabedrägeri as its own offence code. Företagarna finds bluffakturor are the most common crime committed against Swedish employer-businesses over a five-year window.

Sources & methodology

Where these numbers come from.

Every statistic on this page was checked against the named source in July 2026. Sweden's figures come from two different systems and must not be added together: Brå counts reported invoice-fraud offences (crimes reported to police, not money lost), while the police National Fraud Centre publishes a modelled estimate of criminal proceeds (average case value × case volume, with a stated margin) rather than an audited loss figure. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. National figures are not directly comparable between countries, because each country counts differently. When a figure cannot be verified against a primary source, we remove it rather than keep it.

Other countries

Compare with other EU markets.

Protect your supplier payments in Sweden.

PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.