Fresh EU Directive strengthens powers against financial cyber fraud
Stolen payment credentials profits criminals over a billion every year, meaning new powers are long overdue
Specifically focussing on fraud and counterfeiting of non-cash means of payment, the language of a new European Directive has been agreed upon to strengthen rules surrounding cyber crime.
The new Directive, supplementing the EU's scaled up response to cyber crime, will enhance member states' capacity to prosecute cyber criminals.
The rules which govern payments made with bank cards, mobile payments and payments via cryptocurrencies, aim to offer the penalties for fraud of this type more uniformity to deter cyber criminals from targeting those in states with more lenient punishments for cyber crime.
General Data Protection Regulation (GDPR) What is the 'right to be forgotten'? EU will fine social media firms for failing to remove extremist material
The Directive is also committed to offering victims of non-cash fraud better access to advice and support to limit the consequential damage against them following a cyber attack. Provisions for the exchanging of information between states will also be improved in an effort to close cross-border cases more quickly.
"We are building a safer Europe for our citizens - offline as well as online, and today we deliver on this commitment," said Dimitris Avramopoulos, Commissioner for Home Affairs, Migration and Citizenship. "These new rules will help us crack down on those who steal from our citizens through online fraud, and ensure that our citizens are better protected."
Current EU law governing non-cash payment fraud was drafted back in 2001 so the new law is required to adequately serve today's challenges and technological developments. Since 2001, mobile payments and virtual currencies have become commonplace and such, the law must reflect the criminal demands of today's society. It's also estimated that cyber criminals may be profiting as much as 1.8 billion every year, so the need for new laws has never been greater.
"Strengthening deterrence is crucial to tackling cybercrime -- malicious cyber actors need to know that they face serious consequences," said Julian King, Commissioner for the Security Union. "Today's agreement gives member states a stronger tool to effectively fight online fraud, and provides a forceful disincentive to would-be cyber-criminals."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The Directive will have to be formally approved and adopted by the European Parliament and the Council, and once it is, member states will have up to two years to draft domestic laws which enforce the Directive's rules.
The initial proposal for the updated Directive was featured in President Jean-Claude Juncker's 2017 State of the Union Address and the news follows Monday's agreement on the language of the new EU Cybersecurity Act.
The new Act aims to better support member states with tackling cyber threats and to establish an EU framework for cyber security certification. The framework will deliver technical guidelines for procedures and standards to ensure a high level of cyber security in IoT devices, smart cards and ICT infrastructure. Once approved by the European Parliament an Council, the Act will be drafted into the EU Official Journal and take effect immediately.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.