Explanatory Memorandum to COM(2017)489 - Combating fraud and counterfeiting of non-cash means of payment - Main contents

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier	COM(2017)489 - Combating fraud and counterfeiting of non-cash means of payment.
source	COM(2017)489
date	13-09-2017

....................................................................................... 3

2. 1. CONTEXT OF THE PROPOSAL ...................................................................................... 3

3. 1.1. Reasons for and objectives of the proposal ............................................................... 3

4. 1.2. Need to implement relevant international standards and obligations and address fraud and counterfeiting on non-cash means of payment in an effective manner ..... 4

5. 1.3. Consistency with existing policy provisions in the policy area ................................. 4

6. 1.4. Consistency with other EU policies ........................................................................... 7

7. 2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY ...................................... 8

8. 2.1. Legal basis ................................................................................................................. 8

9. 2.2. Variable geometry ..................................................................................................... 8

10. 2.3. Subsidiarity ................................................................................................................ 8

11. 2.4. Proportionality ........................................................................................................... 9

12. 2.5. Choice of instrument .................................................................................................. 9

13. 3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS ..................................................................................... 10

14. 3.1. Ex-post evaluations/fitness checks of existing legislation ....................................... 10

15. 3.2. Stakeholder consultations ........................................................................................ 10

16. 3.3. Impact assessment ................................................................................................... 13

17. 3.4. Regulatory fitness and simplification ...................................................................... 14

18. 3.5. Fundamental rights .................................................................................................. 15

19. 4. BUDGETARY IMPLICATIONS ..................................................................................... 15

20. 5. OTHER ELEMENTS ........................................................................................................ 15

21. 5.1. Implementation plans and monitoring, evaluation and reporting arrangements ..... 15

22. 5.2. Explanatory documents ........................................................................................... 16

23. 6. LEGAL ELEMENTS OF THE PROPOSAL ................................................................... 16

24. 6.1. Summary of the proposed action ............................................................................. 16

25. 6.2. Detailed explanation of the specific provisions of the proposal .............................. 19

DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA ........................................................................................ 29

TITLE I: Subject matter and definitions .................................................................................. 29

TITLE II: Offences ................................................................................................................... 30

TITLE III: Jurisdiction and investigation ................................................................................. 32

TITLE IV: Exchange of information and reporting of crime ................................................... 33

TITLE V: Assistance to victims and prevention ...................................................................... 34

TITLE VI: Final provisions ...................................................................................................... 34

EXPLANATORY MEMORANDUM 1. CONTEXT OF THE PROPOSAL

1.1. Reasons for and objectives of the proposal

The current EU legislation that provides common minimum rules to criminalise non-cash payment fraud is Council Framework Decision 2001/413/JHA on combating fraud and counterfeiting of non-cash means of payment .

The European Agenda on Security² acknowledges that the Framework Decision no longer

reflects today’s realities and insufficiently addresses new challenges and technological

developments such as virtual currencies and mobile payments.

In 2013, fraud using cards issued in the Single European Payment Area (SEPA) reached EUR 1.44 billion, representing growth of 8 % on the previous year. Although fraud data exi sts only for card payments, cards are the most important non-cash payment instrument in the EU in terms of number of transactions³.

It is important to deal effectively with non-cash payment fraud as it represents a threat to security. Non-cash payment fraud provides income for organised crime and therefore enables other criminal activities such as terrorism, drug trafficking and trafficking in human beings. In particular, according to Europol, non-cash payment fraud income is used to finance:

• Travel:

• flights: the experience gained from conducting the Global Airline Action Day⁴ operations from 2014 to 2016 indicates a clear link between non-cash payment fraud, airline ticketing fraud and other serious and organised crimes, including terrorism. Some of the people travelling on fraudulently obtained tickets were known or suspected to be involved in other offences;

• other travel fraud (i.e. selling and travelling on tickets that have been obtained fraudulently). The main way to purchase illegal tickets was through the use of compromised credit cards. Other methods included the use of compromised loyalty point accounts, phishing travel agencies and voucher fraud. In addition to criminals, those travelling on fraudulently obtained tickets included victims

of trafficking and people acting as ‘money mules’⁵.

• Accommodation: law enforcement also reports that non-cash payment fraud is also used to facilitate other crimes that require temporary accommodation such as trafficking in human beings, illegal immigration and drug trafficking.

Europol also reported that the criminal market for payment card fraud in the EU is dominated by well-structured and globally active organised crime groups .

Official Journal L 149, 02.06.2001 p.1.

Commission communication A Digital Single Market Strategy for Europe, COM(2015) 192 final.

European Central Bank, Fourth report on card fraud, July 2015 (latest data available).

More details here.

The term ‘acting as a money mule’ indicates a person who transfers proceeds of crime between different

26. countries. Money mules receive the proceeds into their account; they are then asked to withdraw them

and wire the money to a different account, often overseas, keeping some of the money for themselves.

Europol, Situation Report: Payment Card Fraud in the European Union, 2012.

6

In addition, non-cash payment fraud hinders the development of the digital single market in two ways:

• it causes important direct economic losses, as the estimated level of card fraud of

EUR 1.44 billion mentioned above indicates. For example, the airlines lose around USD 1 billion per year globally in card fraud ;

• it reduces consumers’ trust, which may result in reduced economic activity and

limited engagement in the digital single market. According to the most recent Eurobarometer on Cyber Security⁸, the vast majority of Internet users (85 %) feel that the risk of becoming a victim of cybercrime is increasing. In addition, 42 % of users are worried about the security of online payments. Because of security concerns, 12 % are less likely to engage in digital transactions such as online banking.

An evaluation of the current EU legislative framework identified three problems that are driving the current situation concerning non-cash payment fraud in the EU :

1. Some crimes cannot be effectively investigated and prosecuted under the current

legal fra mework.

crimes cannot be effectively investigated and prosecuted due to operational obstacles.

27. 2. Some obsta

3. Criminals take advantage of gaps in prevention to commit fraud.

This proposal has three specific objectives that address the problems identified:

1. Ensure that a clear, robust and technology neutral policy/legal framework is in place.

2. Eliminate operational obstacles that hamper investigation and prosecution.

3. Enhance prevention.

1.2. Need to implement relevant international standards and obligations and address fraud and counterfeiting on non-cash means of payment in an effective manner

The Council of Europe Convention on Cybercrime (Budapest Convention)¹⁰, in its Title 2 covering computer-related offences, requires the Parties to the Convention to establish computer-related forgery (Article 7) and computer-related fraud (Article 8) as criminal offences under their respective domestic laws. The current Framework Decision complies with these provisions. Revising the present rules will enhance cooperation among police and judicial authorities and between law enforcement and private entities even further, therefore contributing to meeting the overall objectives of the Convention, remaining consistent with its relevant provisions.

1.3. Consistency with existing policy provisions in the policy area

The objectives of this proposal are consistent with the following policy and legislative provisions in the area of criminal law:

28. 7 8 9

10

IATA, 2015.

European Commission, Special Eurobarometer 423 — Cyber Security, February 2015.

Commission Staff Working Document – Impact Assessment accompanying the Proposal for a Directive

on combating fraud and counterfeiting of non-cash means of payment, SWD(2017)298.

Council of Europe Convention on Cybercrime (ETS No 185).

1. Pan-European cooperation mechanisms in criminal matters that facilitate

coordination of investi gati on and prosecution (procedural criminal law):

• Council Framework Decision 2002/584/JHA on the European Arrest Warra nt and the surrender procedures between Member States ;

• Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union¹²;

• Directive 2014/41/EU regarding the European Investigation Order in criminal matters¹³;

• Council Framework Decision 2005/214/JHA on the application of the principle of mutual recognition to financial penalties ;

• Council Framework Decision 2009/948/JHA on prevention and settlement of conflicts of exercise of jurisdiction in criminal proceedings ;

29. 13 14

18

19

20

30. Council Framework Decision 2009/315/JHA

on the organisation and content of

the exchange of information extracted from the criminal record between Member States¹⁶;

• Directive 2012/29/EU establishing minimum standards on the rights, support and protection of victims of crime ;

• Regulation (EU) 2016/794 on Europol¹⁸;

• Council Decision 2002/1 87/JHA setting up Eurojust¹⁹;

• Council conclusions on improving crim ina l j ustice in cyberspace .

As a principle, this proposal does not introduce provisions specific to non-cash payment fraud that would deviate from these broader instruments, to avoid fragmentation which could complicate the transposition and implementation by Member States. The only exception is Directive 2012/29/EU on the rights, support and protection of victims, which this proposal complements.

31. 2002/584/JHA Council Framework Decision of 13 June 2002 on the European arrest warrant and the

surrender procedures between Member States.

32. Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European

Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the

European Union.

33. Directive 2014/41/EU of 3 April 2014 regarding the European Investigation Order in criminal matters

Council Framework Decision 2005/214/JHA of 24 February 2005 on the application of the principle of

mutual recognition to financial penalties.

34. Council Framework Decision 2009/948/JHA of 30 November 2009 on prevention and settlement of

conflicts of exercise of jurisdiction in criminal proceedings.

35. Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the

exchange of information extracted from the criminal record between Member States.

36. Directive 2012/29/EU of the European Parliament and of the Council of 25 October 2012 establishing

minimum standards on the rights, support and protection of victims of crime, and replacing Council

Framework Decision 2001/220/JHA.

37. Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the

European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing

Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA

Council Decision 2002/187/JHA of 28 February 2002 setting up Eurojust with a view to reinforcing the

fight against serious crime.

Council conclusions of 6 June 2016 on improving criminal justice in cyberspace.

12

5

6

7

2. Legal acts that criminalise conduct related to fraud and counterfeiting of non-cash

means of pay m ent (substantive criminal law):

• Directive 2013/40/EU on attacks against information systems²¹:

• this proposal is complementary to Directive 2013/40, by addressing a different aspect of cybercrime . The two instruments correspond to different sets of provisions of the Council of Europe Budapest Convention on Cybercrime²³, which represents the international legal framework of reference for the EU ;

• this proposal is also consistent with Directive 2013/40, as it is based on a similar approach regarding specific issues such jurisdiction or defining minimum levels of maximum penalties.

• Directive 2014/62/EU on the protection of the euro and other currencies against counterfeiting by criminal law :

• this proposal is complementary to Directive 2014/62/EU as it covers counterfeiting of non-cash payment instruments, while Directive 2014/62/EU covers the counterfeiting of cash;

• it is also consistent with Directive 2014/62/EU as it uses the same approach on some provisions such as on investigative tools.

• Directive 2017/541/EU on combating terrorism:

• this proposal is complementary to Directive 2017/541/EU as it aims to reduce the overall amount of funds obtained from non-cash payment fraud, most of which go to organised crime groups to commit serious crimes, including terrorism .

• The proposal for a Directive on countering money laundering by criminal law:

• this proposal and the proposal for a Directive on countering money laundering by criminal law are complementary as the latter provides the necessary legal framework to counter the laundering of criminal proceeds generated by non-

cash payment fraud (‘money mules’) as a predicate offence.

24

25

38. Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks

against information systems and replacing Council Framework Decision 2005/222/JHA.

The EU cybersecurity strategy indicates that ‘cybercrime commonly refers to a broad range of different

39. criminal activities where computers and information systems are involved either as a primary tool or as

a primary target. Cybercrime comprises traditional offences (e.g. fraud, forgery, and identity theft),

40. content-related offences (e.g. on-line distribution of child pornography or incitement to racial hatred)

and offences unique to computers and information systems (e.g. attacks against information systems,

denial of service and malware)’.

41. Council of Europe Convention on Cybercrime (ETS No 185). Directive 2013/40 corresponds to Articles

42. 2 to 6 of the Convention, whereas a new initiative would correspond to Articles 7 and 8 of the

Convention.

43. Commission and the High Representative of the European Union for Foreign Affairs and Security

Policy — Joint Communication on the Cybersecurity Strategy of the European Union: An Open, Safe

and Secure Cyberspace.

44. Directive 2014/62/EU of the European Parliament and of the Council of 15 May 2014 on the protection

of the euro and other currencies against counterfeiting by criminal law, and replacing Council

Framework Decision 2000/383/JHA.

2

22

23

1.4. Consistency with other EU policies

This proposal is consistent with the EU Agenda on Security and the EU Cybersec urity Strategy as these have enhancing security as a main objective.

In addition, this proposal is consistent with the Digital Single Market Strategy which seeks to strengthen user confidence in the digital marketplace, another main objective of the proposal. In the context of the Digital Single Market Strategy, several legal instruments exist to facilitate secure payments across the EU, and with which this proposal is also consistent:

• Revised Payment Services Directive (PSD2)²⁶ contains a number of measures which will enhance the security requirements for electronic payments and will provide a legal and supervisory framework for emerging participants in the payment market.

• Directive 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing , (the fourth Anti-Money Laundering Directive) covers the situation where criminals abuse non-cash payment instruments with a view to concealing their activities. This proposal complements it by addressing the situation where the non-cash payment instruments have been, for instance, unlawfully appropriated, counterfeited or falsified by the criminals.

• Proposal for a Directive amending Directive 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing , from which this proposal takes the same definition of virtual currencies. If this definition changes during the adoption process of the former proposal, the definition in this proposal should be aligned accordingly.

• Other relevant legal acts include Regulation (EU) 2015/847 on information accompanying transfers of funds²⁹; Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market ; Regulation (EU) 2012/260 establishing technical and business requirements for credit transfers and direct debits in euro³¹; and Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive)³².

²⁶ Directive (EU) 2015/2366 of the European Parliament and of The Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

²⁷ Directive 2015/849/EU of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.

²⁸ Proposal for a Directive of the European Parliament and of the Council amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/EC.

²⁹ Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006.

³⁰ Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

³¹ Regulation (EU) No 260/2012 of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009.

³² Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning

45. measures for a high common level of security of network and information systems across the

Union.

In general, these legal acts help put in place stronger preventive measures. This proposal complements them by adding measures to impose sanctions on criminal activity and to enable prosecution where prevention has failed.

2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

2.1. Legal basis

The legal basis for EU action is Article 83(1) of the Treaty on the Functioning of the European Union, which explicitly mentions counterfeiting of means of payment, computer crime and organised crime as areas of particularly serious crimes with a cross-border dimension:

‘The European Parliament and the Council may, by means of directives adopted in accordance with the ordinary legislative procedure, establish minimum rules concerning the definition of cri mina l offences and sanctions in the areas of particular ly serious crime with a cross-border dimension resulting from the nature or impact of such offences or from a special need to combat them on a common basis.

These areas of crime are the following: terrorism, trafficking in human beings and sexual exploitation of women and children, illicit drug trafficking, illicit arms trafficking, money laundering, corruption, counterfeiti ng of means of payment, computer crime and organised crime... ’

2.2. Variable geometry

The Framework Decision 2001/413/JHA on combating fraud and counterfeiting of non-cash means of payment applies to all Member States.

In accordance with Protocol 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice annexed to the Treaties, the United Kingdom and Ireland may decide to take part in the adoption of this proposal. They also have this option after adoption of the proposal.

Since the United Kingdom notified on 29 March 2017 its intention to leave the Union, pursuant to Article 50 of the Treaty on European Union (TEU), the Treaties will cease to apply to the United Kingdom from the date of the entry into force of the withdrawal agreement or, failing that, two years after the notification, unless the European Council, in agreement with the United Kingdom, decides to extend that period. As a consequence, and without prejudice to any provisions of the withdrawal agreement, this above-mentioned description of the participation of the UK in this proposal only applies until the United Kingdom ceases to be a Member State.

Under Protocol 22 on the position of Denmark, Denmark does not take part in the Council’s

adoption of the measures pursuant to Title V of the TFEU (with the exception of visa policy). Therefore, under the arrangements currently in force, Denmark does not take part in the adoption of this proposal and will not be bound by it.

2.3. Subsidiarity

Non-cash payment fraud has a very im portant cross-border dimension both within the EU and beyond. A typical case may involve the skimming (copying) of card data in an EU country, the creation of a counterfeit card using that data, and the cashing out with the counterfeit card outside the EU to circumvent the high security standards. Increasingly, these crimes are moving entirely online.

Therefore, the objective of effectively combating such crimes cannot be sufficiently achieved by Member States acting alone or in an uncoordinated way:

• these crimes create situations where the victim, the perpetrator and the evidence can all be under different national legal frameworks within the EU and beyond. As a result, it can be very time consuming and challenging for single countries to effectively counter these criminal activities without common minimum rules;

• the need for EU action has already been acknowledged through the creation of the existing EU legislation on combating fraud and counterfeiting of non-cash

means of payment (the Framework Decision);

• the need for EU intervention is also reflected in the current initiatives to coordinate Member States measures in this field at EU level, such as a dedicated Europol team working on payment fraud³³ and the EMPACT Policy Cycle priority on operational cooperation against non-cash payment fraud

46. The added value of these initiatives in helping Member States combating these crimes was acknowledged multiple times in the sta keholder consul tation during

this proposal’s preparation, in particular during the expert meetings.

Another added value of EU action is to facilitate cooperation with non-EU countries given that the international dimension of non-cash payment fraud frequently goes beyond EU borders. The existence of minimum common rules in the EU can also inspire effective legislative solutions in non-EU countries thereby facilitating cross-border cooperation globally.

2.4. Proportionality

In accordance with the principle of proportionality, as set out in Article 5 i T EU, the proposed new Directive is limited to what is necessary and proportionate to implement international standards and adapt existing legislation on offences in this area to new threats. Measures related to the use of investigative tools and information exchange are included only to the extent needed for the proposed criminal law framework to function effectively.

The proposal defines the scope of the criminal offences to cover all relevant conduct while limiting it to what is necessary and proportionate.

2.5. Choice of instrument

In accordance with Article 83(1) TFEU minimum rules concerning the definition of criminal offences and sanctions in the area of serious crime with a cross-border dimension, including counterfeiting of means of payment and computer crime, may only be established by means of a Directive of the European Parliament and the Council adopted in accordance with the ordinary legislative procedure.

³³ See Europol’s website.

³⁴ More information here.

3. RESULTS OF EX POST EVALUATIONS,

Contents

consultations

1. CONTEXT OF THE PROPOSAL ...................................................................................... 3

1.1. Reasons for and objectives of the proposal ............................................................... 3

1.2. Need to implement relevant international standards and obligations and address fraud and counterfeiting on non-cash means of payment in an effective manner ..... 4

1.3. Consistency with existing policy provisions in the policy area ................................. 4

1.4. Consistency with other EU policies ........................................................................... 7

2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY ...................................... 8

2.1. Legal basis ................................................................................................................. 8

2.2. Variable geometry ..................................................................................................... 8

2.3. Subsidiarity ................................................................................................................ 8

2.4. Proportionality ........................................................................................................... 9

2.5. Choice of instrument .................................................................................................. 9

3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS ..................................................................................... 10

3.1. Ex-post evaluations/fitness checks of existing legislation ....................................... 10

3.2. Stakeholder consultations ........................................................................................ 10

3.3. Impact assessment ................................................................................................... 13

3.4. Regulatory fitness and simplification ...................................................................... 14

3.5. Fundamental rights .................................................................................................. 15

4. BUDGETARY IMPLICATIONS ..................................................................................... 15

5. OTHER ELEMENTS ........................................................................................................ 15

5.1. Implementation plans and monitoring, evaluation and reporting arrangements ..... 15

5.2. Explanatory documents ........................................................................................... 16

6. LEGAL ELEMENTS OF THE PROPOSAL ................................................................... 16

6.1. Summary of the proposed action ............................................................................. 16

6.2. Detailed explanation of the specific provisions of the proposal .............................. 19

countries. Money mules receive the proceeds into their account; they are then asked to withdraw them

2. Some obsta

7 8 9

13 14

Council Framework Decision 2009/315/JHA

2002/584/JHA Council Framework Decision of 13 June 2002 on the European arrest warrant and the

Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European

Directive 2014/41/EU of 3 April 2014 regarding the European Investigation Order in criminal matters

Council Framework Decision 2009/948/JHA of 30 November 2009 on prevention and settlement of

Council Framework Decision 2009/315/JHA of 26 February 2009 on the organisation and content of the

Directive 2012/29/EU of the European Parliament and of the Council of 25 October 2012 establishing

Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the

Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks

criminal activities where computers and information systems are involved either as a primary tool or as

content-related offences (e.g. on-line distribution of child pornography or incitement to racial hatred)

Council of Europe Convention on Cybercrime (ETS No 185). Directive 2013/40 corresponds to Articles

2 to 6 of the Convention, whereas a new initiative would correspond to Articles 7 and 8 of the

Commission and the High Representative of the European Union for Foreign Affairs and Security

Directive 2014/62/EU of the European Parliament and of the Council of 15 May 2014 on the protection

measures for a high common level of security of network and information systems across the

The added value of these initiatives in helping Member States combating these crimes was acknowledged multiple times in the sta keholder consul tation during

1. Open public consultation

2. Targeted

enforcement agencies, virtual currencies industries, representatives of

A contractor organised targeted consultations that included online surveys and interviews. The preliminary results were presented to a validation focus group which then provided

In terms of costs, the costs of creating and implementing a new initiative for Member States are estimated to be around EUR 561 000 (one-off). Continuous costs for implementation and

36 37

39 40

Phishing is a method used by fraudsters to access valuable personal details, such as usernames and

different countries. Money mules receive the proceeds into their account; they are then asked to

1.

consultations

ANDIMPACTASSESSMENTS

STAKEHOLDER

3.1. Ex-post evaluations/fitness checks of existing legislation

The Commission carried out an evaluation³⁵ of the current EU legislative framework together with the impact assessment accompanying this proposal (see corresponding Commission Staff Working Document for more information).

The evaluation detected three problem drivers, each with a number of sub-drivers:

Drivers	Sub-drivers
1. Some crimes cannot be effectively investigated and prosecuted under the current legal framework.	a. Certain crimes cannot be prosecuted effectively because offences committed with certain payment instruments (in particular non-corporeal) are criminalised differently in Member States or not criminalised. b. Preparatory acts for non-cash payment fraud cannot be prosecuted effectively because they are criminalised differently in Member States or not criminalised. c. Cross-border investigations can be hampered because the same offences are sanctioned with different levels of penalties across Member States. d. Deficiencies in allocating jurisdiction can hinder effective cross-border investigation and prosecution.
2. Some crimes cannot be effectively investigated and prosecuted due to operational obstacles.	a. It can take too much time to provide information in crossborder cooperation requests, hampering investigation and prosecution. b. Under-reporting to law enforcement due to constraints in public-private cooperation hampers effective investigations and prosecutions.
3. Criminals take advantage of gaps in prevention to commit fraud.	a. Information sharing gaps in public-private cooperation hamper prevention. b. Criminals exploit the lack of awareness of victims.

The problem drivers indicate that the issue at hand is mostly a regulatory failure, where the current EU legislative framework (the Framework Decision) has become partially obsolete, due mainly to technological developments. The evaluation indicated that this regulatory gap has not been sufficiently covered by more recent legislation.

3.2. Stakeholder consultations

Consultation activities:

Three types of consultation activities were carried out: open public consultation, targeted consultation organised by the European Commission and targeted consultation organised by a contractor:

47. 1. Open public consultation

35

Commission Staff Working Document – Impact Assessment accompanying the Proposal for a Directive on combating fraud and counterfeiting of non-cash means of payment, SWD(2017)298.

The European Commission launched an open public consultation on 1 March 2017, which aimed to gather feedback from the public at large on the problem definition, the relevance and effectiveness of the current legal framework in the field of non-cash payment fraud, as well as options, and their possible impacts to tackle existing issues. The consultation closed after 12 weeks, on 24 May 2017.

33 practitioners and 21 members of the general public answered the consultation’s

questionnaires. Four practitioners provided additional input through written contributions. Practitioners included:

• private companies (private sector);

• international or national public authorities (law enforcement agenc ies, ju dic ial authorities and EU institutions and bodies);

• trade, business or professional associations (e.g. national banking federations);

• non-governmental organisations, platforms or networks;

• professional consultancies, law firms, self-employed consultants.

48. 2. Targeted

consultation organised by the

European Commission:

large expert meetings with representatives from police and judicial authorities from all EU countries (selected by Member States) and experts from the private sector (financial institutions, payment service providers, merchants, card

schemes);

• various meetings with experts and stakeholders from academia, law

49. enforcement agencies, virtual currencies industries, representatives of

consumer organisations, representatives of private financial institutions and representatives of financial regulators.

3. Targeted consultation organised by a contractor:

50. A contractor organised targeted consultations that included online surveys and interviews. The preliminary results were presented to a validation focus group which then provided

feedback and verified the consultation’s results.

Overall, 125 stakeholders were involved from 25 Mem ber States.

Main results:

Dimension of crime:

Costs related to non-cash payment fraud were generally perceived as high and were expected to increase in the coming years. Stakeholders from all categories faced difficulties when asked to quantify the criminal phenomenon. Statistics are rare and not always accessible. Some of them, however, provided case-based evidence implying the significance of certain types of non-cash payment fraud.

Criminal law framework:

Most stakeholders considered the current EU legal framework only partially relevant to current security needs, especially concerning the definition of payment instruments and criminal offences. Some confirmed that national legal frameworks would need to be amended.

Procedural criminal law:

Despite the existing legal framework, the current level of cooperation between Member States for investigations and prosecutions was perceived to be only partially satisfactory. Europol’s support in facilitating cross-border cooperation was widely acknowledged.

Reporting to law enforcement authorities:

Views on reporting to law enforcement authorities differed: some were satisfied with the current level of reporting, while others believed it should be improved. The different categories of stakeholders agreed that future policy options on reporting need to be balanced with the actual capacities of law enforcement authorities to follow-up on cases.

Public-private cooperation:

Stakeholders felt that cooperation between public and private entities was beneficial overall and agreed that it should be encouraged to better tackle non-cash payment fraud, particularly when it comes to prevention.

Most of the stakeholders considered that public-private cooperation should be improved to combat non-cash payment fraud. Private sector representatives appeared to be the most dissatisfied. They perceive the main obstacles to cooperation to include, for instance, limitations in the possibility to share information with law enforcement authorities and in related tools used to enable the exchange.

The vast majority of stakeholders agreed that in order to investigate and prosecute criminals, financial institutions should be allowed to spontaneously share some of the victim’s personal information with the national police or the police of another EU country (e.g. name, bank account, address, etc.).

Poor cooperation between private and public authorities was also mentioned by several stakeholders as an obstacle to fighting non-cash payment fraud.

Legislation, misalignment of priorities and lack of trust, together with practical and organisational issues, were seen by private enterprises, public authorities, trade, business and professional associations as obstacles to successful cooperation between public authorities and private entities when participants are based in different EU countries. A lack of appropriate technology (e.g. channel of communications) was mentioned as an obstacle by private enterprises and public authorities.

Victims’ rights:

Stakeholders stressed the importance of protecting victims of fraud. Some of them felt that victims are not sufficiently protected, although initiatives taken at Member State level to protect them are appreciated. Victims associations have developed good cooperation mechanisms with law enforcement authorities. Several stakeholders considered it necessary to better protect victims against identity theft, which they perceived as affecting natural persons as well as legal persons. Therefore victims should be protected regardless of their legal nature.

3.3. Impact assessment

In accordance with the Commission’s Better Regulation Guidelines³⁶, the Commission

conducted an impact assessment to assess the need for a legislative proposal.

The impact assessment was presented to and discussed with the Regulatory Scrutiny Board (RSB) on 12 July 2017. The Board acknowledged the efforts to quantify costs and benefits. It gave a positive opinion , with a recommendation to further improve the report with respect to the following aspects:

1. The report did not sufficiently explain the policy context, including the relationship with and complementarity of existing and envisaged judicial and pan-European cooperation mechanisms.

2. The objective of the initiative related to growth seemed overstated.

The impact assessment report was revised taking into account the recommendations of the Board in its positive opinion.

After mapping the possible policy measures to tackle each of the problems identified in the evaluation, and analysing which measures to retain and which to discard, the measures were grouped into policy options. Each policy option was built to address all the problems identified. The various policy options considered were cumulative, i.e. with an increasing level of EU legislative action. Given that the problem at hand is basically a regulatory failure, it was important to lay out the full range of regulatory tools to determine the most proportionate EU response.

The different options considered were:

• option A: improve implementation of EU legislation and facilitate self-regulation for public-private cooperation;

• option B: introduce a new legislative framework and facilitate self-regulation for public-private cooperation;

• option C: same as option B but with provisions on encouraging reporting for public-private cooperation instead of self-regulation, and new provisions on raising awareness;

• option D: same as option C but with additional jurisdiction provisions complementing European Investigation Order and injunction rules.

Option C was the preferred option, both qualitatively and in terms of costs and benefits.

In terms of benefits, the preferred option would pave the way towards more effective and efficient law enforcement action against non-cash payment fraud, through a more coherent application of rules across the EU, better cross-border cooperation, and stronger public-private cooperation and exchange of information. The initiative would also foster trust in the digital single market, by strengthening security.

51. In terms of costs, the costs of creating and implementing a new initiative for Member States are estimated to be around EUR 561 000 (one-off). Continuous costs for implementation and

52. 36 37

38

More information on Better Regulation Guidelines is available here.

Commission Staff Working Document – Impact Assessment accompanying the Proposal for a Directive

on combating fraud and counterfeiting of non-cash means of payment, SWD(2017)298.

European Commission Regulatory Scrutiny Board – Opinion on the Impact Assessment – Combating

fraud and counterfeiting of non-cash means of payment, SEC(2017)390.

enforcement for Member States are estimated to be around EUR 2 285 140 per year (total all Member States).

As no mandatory rules on reporting are envisaged by the proposal, there should be no impact with regard to additional costs for businesses, including SMEs. The other provisions that would be included in the proposal also do not affect SMEs.

Overall, the cumulative impact of the proposed measures on administrative and financial costs is expected to be higher than the current levels, as the numbers of cases to be investigated would put a strain on law enforcement resources in this area, which would need to be increased. T he main reasons for that are:

• a broader definition of the means of payment and additional offences to be tackled (preparatory acts) is likely to increase the number of cases that police and judicial authorities are responsible for;

• additional resources would be required to step up cross-border cooperation;

• an obligation for Member States to gather statistics would create an additional administrative burden.

On the other hand, establishing a clear legal framework to tackle enablers for non-cash payment fraud would provide a chance for detecting, prosecuting and sanctioning fraud-related activities earlier on. Moreover, while enhancing public-private cooperation has a cost in terms of resources, the return on investment in terms of effectiveness and efficiency of law enforcem ent action is immediate.

3.4. Regulatory fitness and simplification

Qualitatively, this proposal has simplification potential in a few areas, e.g.:

• further approximation of national criminal law frameworks (e.g. by providing common definitions and a common minimum level of sanctions for the maximum penalties) would simplify and facilitate cooperation between national law enforcement agencies investigating and prosecuting cross-border cases;

• in particular, clearer rules on jurisdi cti on, a reinforced stronger role for national contact points and the sharing of data and information between national police authorities and with Europol could further simplify the procedures and practices for cooperation.

It is not possible to quantify the simplification potential due to a lack of data (and in some cases the impossibility to isolate the effects of the Framework Decision).

Overall, the regulatory fitness potential of this initiative is very limited:

1. Firstly, the 2001 Framework Decision is already a relatively simple legal act with limited potential to be further simplified.

2. Secondly, this initiative aims to increase security by addressing the current gaps.

This would normally entail more administrative costs to investigate and prosecute crimes that are not currently covered, rather than significant savings that would result from simplifying cross-border cooperation

3. Thirdly, the initiative does not aim to impose additional legal obligations on businesses and citizens. It requests Member States to encourage and facilitate reporting through appropriate channels (rather than imposing mandatory reporting),

in line with other EU instruments such as Directive 2011/93 on combating the sexual abuse and sexual exploitation of children and child pornography (Article 16(2)).

3.5. Fundamental rights

The proposal includes provisions to adapt the legal framework on combating fraud and counterfeiting of non-cash means of payment to new and emerging threats and to regulate forms of non-cash payment fraud not currently covered.

The final objective of these measures is to protect the rights of victims and potential victims. Establishing a clear legal framework for law enforcement and judicial authorities to act upon criminal activities directly affecting the personal data of the victims, including the criminalisation of preparatory acts, may in particular have a positive impact on the protection of victims’ and potential victims’ right to privacy and right to protection of personal data.

At the same time, all measures as provided for in this proposal respect fundamental rights and freedoms as recognised by the Charter of Fundamental Rights of the European Union, and must be implemented accordingly. Any limitation on the exercise of such fundamental rights and freedoms is subject to the conditions set out in Article 52(1) of the Charter, namely that they be subject to the principle of proportionality with respect to the legitimate aims of genuinely meeting objectives of general interest recognised by the Union and protecting the rights and freedoms of others. Limitations must be provided for by law and respect the essence of the rights and freedoms set out in the Charter.

A variety of fundamental rights and freedoms enshrined in the Charter have been taken into account in this respect, including: the right to liberty and security; the respect for private and family life; the freedom to choose an occupation and right to engage in work; the freedom to conduct a business; the right to property; the right to an effective remedy and to a fair trial; the presumption of innocence and right of defence; the principles of the legality and proportionality of criminal offences and penalties as well as the right not to be tried or punished twice in criminal proceedings for the same criminal offence.

In particular, this proposal respects the principle that criminal offences and penalties must be set out in law and be proportionate. It limits the scope of the offences to what is necessary to allow effective prosecution of acts that pose a particular threat to security and it introduces minimum rules on the level of sanctions in accordance with the principle of proportionality, having regard to the nature of the offence.

This proposal is also designed to ensure that data of persons suspected of the offences listed by this Directive be handled in accordance with the fundamental right to protection of personal data and existing applicable legislation, including in the context of public-private cooperation.

4. BUDGETARYIMPLICATIONS

This proposal has no immediate budgetary implications for the EU.

5. OTHERELEMENTS

5.1. Implementation plans and monitoring, evaluation and reporting arrangements

The Commission will monitor the implementation of the Directive using information provided by the Member States on the measures taken to bring into force the laws, regulations and administrative provisions necessary to comply with the Directive.

After two years following the deadline for implementing this Directive, the Commission will submit a report to the European Parliament and to the Council assessing the extent to which the Member States have taken the necessary measures to comply with this Directive.

In addition, the Commission will conduct an evaluation of the impacts of this Directive six years after the deadline for its implementation, to ensure that there is a sufficiently long period to evaluate the effects of the initiative after it has been fully implemented across all Member States.

5.2. Explanatory documents

No explanatory documents on the transposition are considered necessary.

6. LEGALELEMENTSOFTHEPROPOSAL

6.1. Summary of the proposed action

This proposal, while repealing Framework Decision 2001/413/JHA, updates most of its current provisions and is consistent with the findings of the evaluation and the impact assessment (e.g. with regard to the preferred option).

The following table shows how this proposal corresponds with the Framework Decision and indicates which articles are new and which ones have been updated from the Framework Decision:

	DIRECTIVE	FRAMEWORK DECISION	Comments
Article	Recital	Article	Recital
I. Subject matter and definitions	1. Subject matter	1-6	None	1-7	New
2. Definitions	7-8	1. Definitions	10	Updated
II. Offences	3. Fraudulent use of payment instruments	9	2. Offences related to payment instruments	8-10
4. Offences preparatory to the fraudulent use of payment instruments
5. Offences related to information systems	3. Offences related to computers
6. Tools used for committing offences	4. Offences related to specifically adapted devices
7. Incitement, aiding and abetting and attempt	5. Participation, instigation and attempt
8. Penalties for natural persons	10-11	6. Penalties	9
9. Liability of legal persons	None	7. Liability of legal persons	None
10. Sanctions for legal persons	8. Sanctions for legal persons
III. Jurisdiction and investigation	11. Jurisdiction	12-14	9. Jurisdiction; 10. Extradition and prosecution	11
12. Effective investigations	15	None	None	New
IV. Exchange of information and reporting of crime	13. Exchange of information	16-18	11. Cooperation between Member States; 12. Exchange of information	11	Updated
14. Reporting of crime	19	None	None	New
V. Assistance and support to victims and prevention	15. Assistance and support to victims	20-22	None
16. Prevention	23	None
VI. Final provisions	17. Monitoring and statistics	24	None
18. Replacement of Framework Decision	25	None
19. Transposition	None	14. Implementation [14(1)]	Updated
20. Evaluation and reporting	14. Implementation [14(2)]
21. Entry into force	15. Entry into force
None	26-29	13. Territorial application	Deleted

EN

17

EN

Specifically, this proposal:

defines the payment instruments in a more encompassing and robust way which also includes non-corporeal payment instruments, as well as digital mediums of exchange;

makes it a self-standing offence, aside from using such instruments, to possess, sell, procure for use, import, distribute or otherwise make available a stolen or otherwise unlawfully appropriated counterfeited or falsified payment instrument;

expands the scope of the offences related to information systems to include all payment transactions, including transactions through digital exchange mediums;

introduces rules on the level of penalties, in particular setting a minimum level for maximum penalties;

includes aggravated offences for:

situations where the criminal acts are committed within the framework of a criminal organisation, as defined in Framework Decision 2008/841/JHA, irrespective of the penalty provided for therein;

situations where the criminal act causes considerable aggregate damage or provides considerable economic benefit for the offenders. This aims to address the cases of high-volume, low individual losses, in particular in card-not-present fraud.

clarifies the scope of the jurisdiction regarding the offences referred to in the proposal by ensuring that Member States have jurisdiction in cases either where the offence has been committed using an information system located within the territory of the Member State while the offender may be located outside of it or if the offender is located within the territory of the Member State but the information system may be located outside of it;

clarifies the scope of the jurisdiction regarding the effects of the offence by ensuring that Member States are able to exercise jurisdiction if the offence causes damage in their territory, including damage resulting from the theft of a

person’s identity;

introduces measures to improve Union-wide criminal justice cooperation by strengthening the existing structure and use of the operational contact points;

enhances the conditions for victims and private entities to report crime;

addresses the need to provide statistical data on fraud and counterfeiting of non-cash means of payment by obliging Member States to ensure that a suitable system is in place for recording, producing and providing statistical data on the offences referred to in the proposed directive;

provides for victims to have access to information about their rights and about available assistance and support, regardless of whether their country of residence is different from the one of the perpetrator of the fraud or where the criminal investigations take place.

6.2. Detailed explanation of the specific provisions of the proposal

Article 1: Subject matter — this Article sets out the scope and purpose of the proposal.

Article 2: Definitions — this Article sets out definitions which apply throughout the instrument. Article 2 includes the same definition of virtual currencies as in the Commission Proposal for a Directive of the European Parliament and of the Council amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directive 2009/101/EC.³⁹ If this definition changes during the adoption process of the above proposal, the definition of virtual currencies in this Article should be aligned accordingly.

Article 3: Fraudulent use of payment instruments — this Article lists the offences relating to criminal conduct that directly and immediately constitutes fraud, namely fraudulent use of payment instruments, including both stolen and counterfeited instruments. The offences apply to all payment instruments, whether corporeal or not, so this also covers fraud committed using stolen or falsified payment credentials or other records enabling or used to initiate a payment order or other monetary transfer, including transfers of virtual currency.

Article 4: Offences preparatory to the fraudulent use of payment instruments — this Article sets out offences relating to criminal conduct that, while not immediately constituting the actual fraud leading to loss of property, are committed in preparation for fraud. These include the theft or counterfeiting of a payment instrument and various acts involved in trafficking of those stolen or counterfeited instruments. It includes possession, distribution or making them available to be used fraudulently, including cases where the offender is aware of the possibility of fraudulent use (dolus eventualis). Like Article 3, it covers all offences involving payment instruments, whether they are corporeal or not, and therefore also applies to behaviour such as trade in stolen credentials (‘carding’) and phishing⁴⁰.

Article 5: Offences related to information systems — this Article sets out offences relating to information systems to be criminalised by Member States. The list contains elements that distinguish the offences from illegal system interference or illegal data interference under Directive 2013/40/EU, such as the transfer of monetary value to procure unlawful gain. This provision has been included with a view to criminalising conduct such as hacking a victim’s computer or a device in order to re-direct the victim’s traffic to a forged online banking website, thus causing the victim to make a payment to a bank account controlled by the offender (or ‘money mules’)⁴¹. It also covers other forms of criminal conduct, such as pharming⁴², which exploit information systems to make an unlawful gain for the perpetrator or another person.

Article 6: Tools used for committing offences — this Article sets out offences relating to tools used for committing offences referred to in Article 4(a) and 4(b) and Article 5, to be

53. 39 40

42

COM(2016) 450 final.

54. Phishing is a method used by fraudsters to access valuable personal details, such as usernames and

passwords. Most commonly, an email that appears to be from a well-known and trusted company is sent

to a large list of email addresses. The email may direct the recipient to a spoofed Web page, where he or

she is asked for personal information.

The term “acting as a money mule” indicates a person who transfers proceeds of crime between

55. different countries. Money mules receive the proceeds into their account; they are then asked to

withdraw it and wire the money to a different account, often one overseas, keeping some of the money

for themselves (ActionFraudUK, 2017). Sometimes they know the funds are crime proceeds; sometimes

they are deceived into believing that the funds are genuine.

Pharming is a scamming practice in which malicious code is installed on a personal computer or server,

misdirecting users to fraudulent Web sites without their knowledge or consent.

41

criminalised by Member States. It aims at criminalising the intentional production, sale, procurement for use, import, distribution or otherwise making available of, for example, skimming devices used for stealing credentials, as well as malware and forged websites used for phishing. This Article is largely based on Article 4 of Framework Decision 2001/413/JHA and Article 3(d)(i) of Directive 2014/62/EU on the protection of the euro and other currencies against counterfeiting by criminal law.

Article 7: Incitement, aiding and abetting and attempt — this Article applies to conduct relating to the offences referred to in Articles 3 to 6 and requires Member States to criminalise all forms of preparation and participation. Criminal responsibility for attempt is included for the offences referred to in Articles 3 to 6.

Article 8: Penalties for natural persons — to effectively fight fraud and counterfeiting of non-cash means of payment, penalties have to be deterrent in all Member States. In line with other EU instruments approximating the level of criminal penalties, this Article stipulates that the maximum penalty under national law should be at least three years of imprisonment except for offences under Article 6, for which the maximum penalties should be at least two years. It provides for more severe penalties for aggravated offences, namely a maximum penalty of at least five years, where the crime is committed by a criminal organisation, as defined in Council Framework Decision 2008/841/JHA of 24 October 2008 on the fight against organised crime⁴³, or where a crime is conducted on a large scale, thus causing extensive or considerable damage, in particular including cases with low individual impact but high volume overall damage, or where a crime involves an aggregate advantage for the offender of at least EUR 20 000.

The offences listed in Articles 2 to 5 of Framework Decision 2001/413/JHA appear to be punishable by means of specific penalties in most of the Member States where information was available. However, in general, there is no approximation: while all Member States have penalties involving deprivation of liberty (at least in serious cases), the level of penalties for the same conduct varies significantly. Consequently, the deterrent effect is lower in some Member States than in others.

The disparities in the level of penalties may also impede judicial cooperation. If a Member State has low minimum penalties in its criminal code, this could lead law enforcement and judicial authorities to give low priority to investigating and prosecuting card-not-present fraud. This may in turn impede cross-border cooperation, when another Member State asks for assistance, in terms of timely processing of the request. Those who benefit most from such disparities in sanction levels are likely to be the most serious offenders, i.e. transnational organised crime groups with operative bases in several Member States.

Articles 9 and 10: Liability of and sanctions for legal persons — these Articles apply to all offences referred to in Articles 3 to 7. They require Member States to ensure liability of legal persons, without excluding the liability of natural persons, and to apply effective, proportionate and dissuasive sanctions to legal persons. Article 10 lists examples of sanctions.

Article 11: Jurisdiction — based on the principles of territoriality and personality, this Article lists situations in which Member States must establish jurisdiction for the offences referred to in Articles 3 to 7.

It has elements taken from Article 12 of Directive 2013/40/EU on attacks against information systems. In cases of fraud and counterfeiting of non-cash means of payment taking place online, the crime is likely to span several jurisdictions: it is often committed using information

⁴³ OJ L 300, 11.11.2008, p. 42.

systems outside the territory in which the offender is physically located and has consequences in another country where the evidence may also be located. Therefore, Article 11 aims at ensuring that territorial jurisdiction covers situations where the offender and the information system that the offender uses to commit the crime are located in different territories.

This Article includes a new element that addresses the need to assert jurisdiction if damage is caused in a jurisdiction other than that in which the conduct took place, including damage resulting from the theft of a person’s identity. The aim is to cover situations not addressed in Directive 2013/40/EU on attacks against information systems, which are common to non-cash payment fraud crimes. These include cases in which none of the offences associated with the crime (e.g. stealing card credentials, cloning a card, unlawful withdrawal from an ATM) have been committed in the Member State where the damage occurs (e.g. where the victim has the bank account from which the money has been stolen). In these cases the victim is most likely to refer the incident to the authorities of the Member State in which the economic loss was detected. That Member State needs to be able to exercise jurisdiction to ensure effective investigation and prosecution, serving as the starting point for investigations that may involve multiple Member States and non-EU countries.

Article 12: Effective investigations — this Article aims at ensuring that the investigative tools provided for in national law for organised crime or other serious crime cases can also be used in cases of fraud and counterfeiting of non-cash means of payment, at least in serious cases. This Article also aims to ensure that, following lawful injunctions, information is provided to the authorities without undue delay.

Article 13: Exchange of information — this Article aims at encouraging greater use of operational national points of contact.

Article 14: Reporting of crime — this Article aims at addressing the need identified in the impact assessment to increase and facilitate reporting. It seeks to ensure the availability of appropriate channels for victims and private entities to report crimes, and to encourage reporting without undue delay in line with a similar provision under Article 16(2) of Directive 2011/93/EU on combating the sexual abuse and sexual exploitation of children and child pornography. Examples of actions to be undertaken are provided in Recital 19.

Article 15: Assistance and support to victims — this Article requires Member States to ensure that victims of non-cash payment fraud are offered information and channels to report a crime and advice on how to protect themselves against the negative consequences of fraud and against reputational damage arising from it.

This Article covers both natural and legal persons, which are also affected by the consequences of the offences covered by the proposal. It also introduces provisions to extend a number of specific rights established for natural persons under Directive 2012/29/EU to legal persons.

Article 16: Prevention — this Article addresses the need to raise awareness and thus reduce the risk of becoming a victim of fraud by means of information and awareness-raising campaigns, and research and education programmes. The impact assessment identified prevention gaps as a problem driver for non-cash payment fraud. This Article follows a similar approach to Article 23 (Prevention) of Directive 2011/93/EU on combating the sexual abuse and sexual exploitation of children and child pornography.

Article 17: Monitoring and statistics — this Article addresses the need to provide statistical data on fraud and counterfeiting of non-cash means of payment by making it obligatory for the Member States to ensure that an adequate system is in place for the recording, production and provision of statistical data on the offences referred to in the proposed directive, and on

monitoring the effectiveness of their systems (covering all judicial phases) to fight non-cash payment fraud. It follows a similar approach to Article 14 (Monitoring and statistics) of Directive 2013/40/EU on attacks against information systems, and Article 44 of Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (fourth Anti-Money Laundering Directive). It also aims to contribute to addressing the current limited availability of fraud data, which would assist in evaluating the effectiveness of national systems in fighting non-cash payment fraud.

Article 18: Replacement of Framework Decision 2001/413/JHA — this Article replaces the current provisions in the area of fraud and counterfeiting of non-cash means of payment, for Member States participating in this Directive.

Articles 19, 20, and 21 — these Articles contain further provisions on transposition by Member States, evaluation and reporting by the Commission and entry into force of the Directive.