EUROPE · 2026May 31, 202612 min read

Scammed in Europe — can you actually get your money back?

Since October 2025, banks across the euro area have to flash you a warning when the name on a transfer does not match the account number. Heed it — because the moment you click past that warning and send the money yourself, European law mostly stops protecting you. That one distinction, between money taken from you and money you were talked into sending, decides almost everything about whether you get it back. Here is the honest 2026 map, country by country, in English.

€4.2B
EU/EEA payment fraud in 2024 (EBA-ECB)
~85%
of credit-transfer fraud loss falls on users, not banks
9 Oct 2025
Euro-area name-check (Verification of Payee) live
€0
EU-wide auto-refund for authorised scam transfers
The short answer

In Europe, recovery hinges on one line in the law. If a payment was unauthorised — someone used your account or card without permission — your bank must refund it under the EU Payment Services Directive, normally by the next business day. If you authorised it yourself because you were deceived, there is no EU-wide rule forcing a refund, unlike the UK's mandatory scheme. A 2025 EU agreement will start covering bank-impersonation ("spoofing") fraud, but it is not yet in force. Act within hours: your bank can attempt a SEPA recall only while the money is still in the fraudster's account.

"…mainly as a result of scams that tricked users into initiating fraudulent transactions."

— Joint EBA-ECB Report on Payment Fraud, 15 December 2025, explaining why payment service users — not their banks — bore roughly 85% of the EU's credit-transfer fraud losses in 2024 (€2.2 billion of a €4.2 billion total). That sentence is the whole problem in one line: European law refunds the theft, not the con.

If you have just been scammed somewhere in Europe, two things matter more than anything else in the first hours: stopping further loss and creating a record while the evidence still exists. Everything after that — which agency, which form, which refund argument — depends on getting those right. The complication is that "Europe" is not one system. Twenty-seven EU members, plus Switzerland and others, each run their own police and their own banking-dispute machinery on top of a shared EU payments rulebook. This guide gives you the shared rules first, then the country-by-country doors.

If you are reading this with a transfer you already regret, skip to if money has already moved. The first hour is the only window where a bank-side recall reliably works.

The hard line in European law: it refunds the hack, not the con

This is the most important section, because it sets your expectations correctly before you waste a week chasing the wrong outcome.

EU law draws a sharp line between two kinds of loss. Under Article 73 of the Payment Services Directive (PSD2), an unauthorised payment — someone used your card or got into your account without permission — must be refunded by your bank, immediately and no later than the end of the next business day after you report it. Your own liability for a lost or stolen instrument is capped at €50, and is zero in several defined cases, unless you acted fraudulently or with gross negligence. That part of the system works reasonably well across the bloc.

But if you authorised the payment yourself because you were deceived — you logged in and sent the transfer because a convincing "bank security officer" or "investment adviser" told you to — that is legally an authorised transaction, and PSD2 does not put the loss on the bank. This is the same gap that strands scam victims in the United States under Regulation E and in Germany under §675u BGB. It is the gap that nearly every modern scam is built to fall into.

The scale is not abstract. The joint EBA-ECB report published in December 2025 put EU/EEA payment fraud at €4.2 billion in 2024, up from €3.5 billion the year before — €2.2 billion of it on credit transfers, €1.3 billion on cards. And roughly 85% of the credit-transfer losses fell on ordinary users rather than their banks, precisely because the victims were tricked into pressing Send themselves. The law treats that as your decision.

The UK went one way; the EU has not — yet

Britain decided that this was unfair and changed it. Since 7 October 2024, the UK's Payment Systems Regulator requires banks to reimburse victims of authorised-push-payment fraud up to £85,000 per claim, normally within five business days, with the cost split 50/50 between the sending and receiving banks. We cover that regime in full in the UK reporting guide. The EU has no equivalent in force.

It is moving, though, in a narrower form. In November 2025 the European Parliament and Council reached a provisional agreement on a new Payment Services Regulation (PSR) and third Payment Services Directive (PSD3). The headline change for victims: where a fraudster impersonates your own bank — the "spoofing" scam, where the call or text appears to come from your bank's real number — the transaction would be treated as unauthorised, triggering a refund, provided you report it to the police and notify your bank.

Read the limits carefully. The proposed EU rule targets impersonation of your own payment provider — not every scam. A fake-investment platform, a romance scam, or a bogus online shop, where no bank impersonation occurred, would not be covered by this provision. And as of 2026 the text is a provisional agreement, not applicable law. Treat it as a direction of travel, not a protection you can rely on today.

The one new thing on your side: the name-check (Verification of Payee)

There is a genuine new safeguard worth knowing about, because it changes both your protection and your liability. Since 9 October 2025, under the EU Instant Payments Regulation, payment service providers in the euro area must offer Verification of Payee: before you confirm a euro transfer, your bank checks whether the recipient's name matches the IBAN you entered, and warns you if it does not. The service is free.

What it catches. Paying the wrong account — including a fraudster's 'mule' account opened in a different name from the one you were told. If a scammer tells you to pay 'Maria Schmidt' but the IBAN belongs to someone else, the check flags a mismatch before the money leaves.
What it returns. A simple result: match, close match, or no match. On a close or no match, you see a warning — but you can still choose to proceed.
The catch that matters. If you proceed after a 'no match' warning and send the money anyway, you generally take on the liability for funds that go astray. The warning is the protection; clicking past it transfers the risk back to you.
The rule to adopt. Treat a name mismatch as a hard stop, not a formality. Stop, and verify who you are really paying through a channel you trust — not the one the request arrived on.

If money has already moved — the first hours

Speed is the whole game, and even more so in the EU where there is no automatic refund to fall back on for a scam you authorised. A same-day bank recall is sometimes the only thing that works. This is the maximum-recovery order:

1Call your bank's fraud line immediately and ask them to attempt a SEPA recall of the transfer — an interbank request for the recipient's bank to return the funds. It only works while the money is still in the fraudster's account, usually a matter of hours. Get a reference in writing.
2If the payment was unauthorised (you did not make it), state clearly that you are disputing it under the Payment Services Directive — in Germany, under §675u BGB — and want it refunded. The bank must refund unauthorised payments promptly unless it can show fraud or gross negligence on your part.
3Document everything in one place. Screenshot the conversation, the scammer's numbers, emails and fake websites, and the transaction details — date, time, amount, recipient name and IBAN. Save it as a single PDF before the accounts vanish.
4Report to your national police, and add the specialist body for your country (see the list below). In many EU countries you can file online; keep the case number — your bank or ombudsman may ask for it.
5If the loss involves a business in another EU/EEA country — a fake shop, a bogus booking — contact the European Consumer Centres Network (ECC-Net) for free cross-border help. It handles trader disputes, not pure criminal fraud.
6Block the scammer everywhere and stop engaging. Any "recovery" offer that follows — a lawyer, an agency, someone claiming to be the police or Europol — is the second scam. We took the pattern apart in the recovery-scams piece.
7If the bank wrongly refuses a valid unauthorised-transaction claim, escalate free of charge to your country's financial ombudsman or banking-dispute body, and complain to the financial regulator. For deception-based transfers, the ombudsman and, if needed, a civil claim are the realistic routes.
8Get a second opinion. Describe what happened in our free, confidential case review — a real person replies within 24 hours — and see the honest recovery odds by payment method for what realistically works.
Within days of any public post or report about your loss, "recovery scammers" will find you. They will claim to be a law firm, a chargeback specialist, a "funds recovery" agency, or even the police, a regulator, or Europol — and they will ask for an upfront fee or your banking details. No real European channel charges upfront to recover money, and Europol never contacts individuals at all. See the recovery-scams piece for the full pattern.

Country by country — where to report, and who pays

The EU payments rulebook is shared, but the reporting doors and the goodwill on refunds differ sharply by country. This is the hub; we are building a dedicated guide for each as we go.

Ireland. Report to An Garda Síochána (your local station, or 112/999) and, for serious fraud, the Garda National Economic Crime Bureau. The consumer-awareness service is FraudSMART, run by Banking & Payments Federation Ireland. On refunds: Ireland has no mandatory reimbursement scheme — an Oireachtas finance committee recommended creating one in October 2024, which tells you one does not yet exist. Treat any bank refund for a deception transfer as goodwill, not a right.
Netherlands. Report to the Fraudehelpdesk and the police (politie.nl); the conduct regulator is the AFM. The Netherlands is the bright spot: Dutch banks voluntarily reimburse victims of bank-impersonation ("spoofing") fraud — around 89% of the roughly €51 million lost that way in 2022 was repaid, according to figures from the Dutch banking sector — and dispute rulings have since made reimbursement easier. The scheme covers spoofing specifically, not every scam.
Germany. There is no single national hotline. File a criminal complaint (Strafanzeige) at your federal state's Online-Wache, forward phishing to the Verbraucherzentrale, and check investment firms with BaFin. Under §675u BGB the bank must refund unauthorised transactions; there is no automatic refund for the con. The full map is in the dedicated Germany guide.
Switzerland (outside the EU). Report online to the National Cyber Security Centre at report.ncsc.admin.ch. Switzerland sits outside both the EU's rules and the UK's, so there is no mandatory reimbursement regime — and the NCSC has specifically warned about fake "official" websites promising to recover lost funds. Recovery of an authorised transfer is difficult; speed and a bank recall are your best shot.
Austria. Use Watchlist Internet to check and report fraudulent sites, and report crime to the Bundeskriminalamt's Cybercrime Competence Centre (against-cybercrime@bmi.gv.at). On refunds, Austria follows the standard EU position: unauthorised refunded, authorised generally not.
United Kingdom (the outlier). Not in the EU, and the only country here with a mandatory rule: banks must reimburse authorised-push-payment scams up to £85,000 since October 2024. The full reporting and refund directory is in the UK guide.

For a scam that crosses borders — and most do — remember two things. Europol does not take reports from the public; it works only through national police, so your report always starts at home. And for a dispute with a legitimate-looking business in another EU/EEA country, ECC-Net is the free cross-border channel. For the wider directory beyond Europe, see where to report a scam by country.

The habits that keep you out of the machinery entirely

Reporting is downstream. Prevention is upstream, and in a continent with no automatic refund the upstream habits matter more than almost anywhere:

Treat the name-check as a verdict, not a nuisance. From October 2025 your euro-area bank tells you when a payee name does not match the IBAN. That warning exists because the mismatch is usually a scam. Stop when you see it.
Never move money because of a call, text, or message you did not initiate. Real banks, real police, and real prosecutors never phone to demand an urgent transfer to a 'safe account' or a code to 'secure' your money. Hang up and call the institution back on a number from your card or its official site.
Treat any money conversation that jumps to WhatsApp or Telegram as hostile. Investment "advisers", recruiters, and romance contacts across Europe overwhelmingly pivot to private messaging. The move off a verifiable platform is the single most reliable scam signal — the same playbook behind the family-impersonation scams hitting the whole region.

If you are unsure whether something is a scam before any money moves, the fastest second opinion is the Scam Checker on this site, or our free case review. Both are read by a human and answered within 24 hours.

From the field. The pattern we see most across Europe in 2026 is the bank-impersonation call: the number on the screen is your bank's real number (spoofed), the "fraud officer" already knows your last transaction, and the script is always the same — your account is compromised, move everything to a "safe" account right now, and do not hang up. Because the victim makes the transfer themselves, most European banks classify it as authorised and decline to refund. The Netherlands chose to reimburse this exact scam; the proposed EU rule would too, narrowly. Until that is law everywhere, the only reliable defence is the oldest one: hang up, and call your bank back on the number printed on your card.

One rule, end to end

If you take one habit from this piece, take this: any unsolicited call, message, or email that pressures you to move money or share a code is a scam until you have hung up and verified it by calling the institution back on a number you already trust. Across most of Europe there is no rule that will undo it for you afterwards — which makes that one pause worth more than the entire reporting machinery downstream of it.

Scammed in Europe and not sure where to start? Let's look at it together.

Describe the message, the call, the transaction. A real expert reviews every case and replies within 24 hours. Free, confidential, no pressure.

Submit a free case review →Full international reporting directory

Common questions about getting scammed money back in Europe

Can you get scammed money back in the EU?

Sometimes — and it depends almost entirely on how the payment was made. If the transaction was unauthorised (someone used your account or card without your consent), your bank must refund it under the EU Payment Services Directive, normally by the end of the next business day. If you authorised the payment yourself because you were deceived — you logged in and sent the transfer because a convincing 'bank officer' or 'investment adviser' told you to — there is no EU-wide rule forcing your bank to refund it. The single biggest factor in recovery is speed: contact your bank within hours so it can attempt a recall while the money may still be in the fraudster's account.

Does my European bank have to refund a scam?

Only for unauthorised payments. Under Article 73 of PSD2, a payment service provider must refund an unauthorised transaction immediately, and consumer liability for a lost or stolen instrument is capped at €50 (and is zero in several defined cases) — unless you acted fraudulently or with gross negligence. But money you were tricked into transferring yourself is legally an authorised payment, and PSD2 does not put that loss on the bank. That is the gap most scams are engineered to fall into. Some countries close part of it voluntarily — Dutch banks reimburse bank-impersonation fraud, for example — but most of the EU does not.

What is Verification of Payee and does it protect me?

Verification of Payee (VoP) is a name-check on bank transfers. Since 9 October 2025, payment service providers in the euro area must check whether the recipient's name matches the IBAN you entered and warn you if it does not — free of charge. It is a genuine new safeguard against paying the wrong account, including fraudster 'mule' accounts opened in a different name. But it is a warning, not a wall: if you proceed after a 'no match' alert and send the money anyway, you generally take on the liability for it. Treat a name mismatch as a hard stop, not a formality to click past.

Is there an EU version of the UK's mandatory refund rule?

Not yet, but it is coming in narrower form. The UK's Payment Systems Regulator has, since 7 October 2024, required banks to reimburse authorised-push-payment scam victims up to £85,000. The EU has no equivalent in force. In November 2025 the European Parliament and Council reached a provisional agreement on a new Payment Services Regulation (PSR) and third Payment Services Directive (PSD3) that would treat bank-impersonation ('spoofing') fraud as unauthorised — triggering a refund — provided you report it to police and notify your bank. It is narrower than the UK rule (it targets impersonation of your own bank, not every scam) and, as of 2026, not yet applicable. Check its status before relying on it.

Who do I report a scam to in Europe?

There is no single pan-European front door. Report to your national police first (in many countries via an online crime-reporting portal), and contact your bank the same hour. Then add the specialist body for your country: FraudSMART and An Garda Síochána in Ireland; the Fraudehelpdesk and politie.nl in the Netherlands; your state Online-Wache and the Verbraucherzentrale in Germany; the NCSC in Switzerland; Watchlist Internet and the Bundeskriminalamt in Austria. If a business in another EU/EEA country is involved, the European Consumer Centres Network (ECC-Net) gives free cross-border help. Europol does not take reports from the public.

Can Europol or the EU recover my money?

No. Europol works only with national law-enforcement agencies and never takes reports or recovers funds directly for individuals — and it warns that anyone phoning, texting or emailing you while claiming to be Europol is themselves running a scam. The realistic recovery levers in Europe are your bank (a fast SEPA recall while the funds are still there), your national police complaint, your country's financial ombudsman, and — for a cross-border dispute with a legitimate-looking business — ECC-Net. Anyone who contacts you offering to 'recover' your money for an upfront fee is the second scam.

Sources & further reading

Every figure in this piece is drawn from these authorities. Click any of them to verify.

EBA-ECB — 2024 Payment Fraud Report (Dec 2025)European Commission — Verification of PayeeEBA — PSD2 Article 73 (unauthorised refunds)European Commission — PSD3 & PSR ReviewUK PSR — APP Fraud Reimbursement§675u BGB — Unauthorised Payments (DE)FraudSMART — Ireland (BPFI)Fraudehelpdesk — NetherlandsNCSC — Switzerland ReportingWatchlist Internet — AustriaECC-Net — Cross-Border DisputesEuropol — Report a Crime

Keep reading

DE · 2026
Where to report a scam in Germany — no single hotline, no automatic refund
UK · 2026 UPDATE
Where to report a scam in the UK — and how the banks were told to start paying
THE HONEST ODDS
Money back after a scam: the 72-hour playbook by payment method