victims lost more than 1 million SEK each to CEO fraud in 2025, totalling 161 million SEK — up from just 4 such victims in 2023. The cases are getting bigger, fast
Polismyndigheten, Nationellt bedrägericentrum · Calendar 2025 (vs 2023)
Sweden tracks this crime unusually well: the police publish a proceeds estimate for CEO fraud and BEC specifically, and Brå counts invoice fraud as its own offence. What Sweden does not have is a recipient-name check on ordinary bank transfers — and it will not have one until 2027.
Last reviewed July 2026 · Every statistic card links to its source
estimated criminal proceeds from completed CEO fraud and business email compromise (VD/BEC-bedrägeri) in Sweden — a modelled estimate from police case data, not a measured loss total
Polismyndigheten, Nationellt bedrägericentrum · Calendar 2025
victims lost more than 1 million SEK each to CEO fraud in 2025, totalling 161 million SEK — up from just 4 such victims in 2023. The cases are getting bigger, fast
Polismyndigheten, Nationellt bedrägericentrum · Calendar 2025 (vs 2023)
ordinary Swedish bank transfers in SEK carry no recipient-name check at all — the Riksbank confirms name checking exists only for Swish and Bankgiro payments
Sveriges Riksbank, Betalningsrapport 2026 · As of the Riksbank's 2026 Payments Report
police-reported invoice-fraud (fakturabedrägeri) offences in Sweden — the highest on record, after a 23% jump the year before. This counts reported crimes, not money lost
Brå, reported offences statistics database · Calendar 2025
estimated criminal proceeds from unsolicited invoice fraud (bluffakturor) in Sweden — up 67% in a year, the fastest-growing fraud category in the police estimate
Polismyndigheten, Nationellt bedrägericentrum · Calendar 2025
increase in fraud warnings published on Svensk Handel's Varningslista, driven by a scheme mass-mailing invoices to company inboxes and using 82 foreign bank accounts
Svensk Handel · Calendar 2025
in fraudulent credit transfers reported by Swedish payment providers to EU supervisors, across 39,709 transactions — the EU's own comparable measure
EBA/ECB 2025 Report on Payment Fraud · Calendar 2024
the date Verification of Payee becomes mandatory in Sweden — non-euro EU states get an extra 21 months over the euro area's October 2025 deadline
Sveriges Riksbank, Betalningsrapport 2026 · Instant Payments Regulation (EU) 2024/886
Sweden's own banking association states business owners do not have the same basic protection against financial loss from crime that consumers have
Svenska Bankföreningen (Finance Sweden) · Threat assessment 2025
Sweden's National Fraud Centre publishes something almost no other European police force does: an estimate of criminal proceeds broken out by fraud type, including CEO fraud and business email compromise as their own category. For 2025 it puts VD/BEC-bedrägeri proceeds at 214 million SEK. It is a modelled estimate — average case value multiplied by case volume — not an audited loss figure, and the police say so.
The trend inside that number is the alarming part. In 2023, four people lost more than 1 million SEK each to CEO fraud. In 2024, thirteen did. In 2025, twenty-one did — and their combined losses came to 161 million SEK. The average case is getting dramatically larger, which is what happens when fraudsters move from consumers to companies.
Invoice fraud is counted separately, and it is a Swedish speciality. Brå records fakturabedrägeri as a distinct offence code: reported invoice-fraud crimes jumped 23% in 2024 to 10,007, and rose again in 2025 to 10,180 — the highest on record. Police proceeds estimates put unsolicited invoice fraud — the classic bluffaktura — at 105 million SEK in 2025, up 67% in a year. Svensk Handel's warning list saw publications rise 125% in 2025, driven by a hybrid scheme mass-mailing invoices to company functional inboxes like faktura@.
Sweden's banking industry is candid about why businesses are being targeted. Finance Sweden's own threat assessment states plainly that business owners "do not have the same basic protection against financial loss from crime as consumers" — and warns that as consumer-focused fraud gets harder, criminals are deliberately pivoting to companies, where the payoff per case is larger and the legal protection is weaker.
Swedish businesses paying suppliers today do so without a recipient-name check. The Riksbank's 2026 Payments Report confirms it: banks offering payments in euro are already required to provide Verification of Payee, but for payments in Swedish kronor, such checks exist only within Swish and for payments to Bankgiro numbers. An ordinary bank-to-bank SEK transfer is executed on the account number alone.
That gap has a date on it, and it is not soon. Because Sweden is outside the euro area, the Instant Payments Regulation gives it until 9 July 2027 — 21 months after euro-area banks had to comply. Until then, the name on the invoice is not checked against the account it points at.
Swedish law draws the same line other countries do, and in May 2026 the Supreme Court reinforced it. Where credentials or BankID codes are stolen and the bank executes the transfer, a 2022 Supreme Court ruling caps the customer's liability and the bank generally pays. But where the customer is manipulated into pushing the payment themselves — which is every invoice fraud and every CEO fraud — the Supreme Court in May 2026 let stand an appeal-court ruling that the bank is not liable. Sweden currently offers no reimbursement right for the exact fraud pattern this page describes.
Legislation is moving, but not at this. A government bill of March 2026 would require telecom and messaging providers to block messages that traffic data suggests are fraudulent — aimed at the delivery channel, not at bank liability. Parliamentary motions calling for stricter bank duties and clearer reimbursement rights remain motions, not law.
Företagarna's member survey finds that over five years, 44% of Swedish employer-businesses have been victims of crime — and bluffakturor, fake invoices, are the single most common crime type, ahead of theft and vandalism. Fraud exposure among its members rose from 41% in 2023 to 61% in 2025, and the share reporting an actual financial loss rose from 12% to 19%.
Brå's more rigorous random-sample survey of companies gives a lower figure — just over one in five companies exposed to fraud in 12 months, rising from 37% for solo firms to 83% for firms with 50+ employees. The two surveys measure different things and should not be blended, but they point the same way: exposure is normal, and it scales with size.
The Swedish position is unusually exposed. No name check on SEK transfers until July 2027, no reimbursement right after the Supreme Court's May 2026 decision, and the banking association itself acknowledging businesses lack consumers' basic protection. The verification has to happen before the payment leaves — which is exactly what PayHQ does, checking each incoming invoice against the supplier record your team verified and holding a changed account for review.
Swedish police estimate 214 million SEK in criminal proceeds from CEO fraud and business email compromise in 2025. It is a modelled estimate from case data, not an audited loss total. Twenty-one victims lost over 1 million SEK each, up from four in 2023.
Not on ordinary SEK bank transfers. The Riksbank confirms name checking exists only for Swish and Bankgiro payments. Verification of Payee does not become mandatory in Sweden until 9 July 2027, because Sweden is outside the euro area.
No. In May 2026 the Supreme Court let stand a ruling that the bank is not liable where the customer was manipulated into making the payment themselves — which is what invoice fraud and CEO fraud are. Sweden's own banking association states businesses lack the basic protection consumers have.
Brå recorded 10,180 reported invoice-fraud offences in 2025 — the highest on record, after a 23% jump to 10,007 the year before. Sweden counts fakturabedrägeri as its own offence code. Företagarna finds bluffakturor are the most common crime committed against Swedish employer-businesses over a five-year window.
Every statistic on this page was checked against the named source in July 2026. Sweden's figures come from two different systems and must not be added together: Brå counts reported invoice-fraud offences (crimes reported to police, not money lost), while the police National Fraud Centre publishes a modelled estimate of criminal proceeds (average case value × case volume, with a stated margin) rather than an audited loss figure. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. National figures are not directly comparable between countries, because each country counts differently. When a figure cannot be verified against a primary source, we remove it rather than keep it.
PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.