Credit Card Fraud in Belgium: Protection Guide

In 2024, phishing cost Belgians EUR 49 million. Banks intercept three-quarters of suspicious transactions, but the remaining quarter reaches the fraudsters' accounts. This guide covers the types of fraud targeting credit cards in Belgium, your rights as a cardholder, and the reflexes that make the difference between a scare and a real loss.

How much does bank fraud cost in Belgium?

Phishing remains the most profitable technique for fraudsters operating in Belgium. Febelfin, the Belgian financial sector federation, published its 2024 figures: EUR 49 million stolen through fraudulent messages (emails, SMS, fake banking websites). Banks detect, block, or recover 75% of fraudulent transfers — meaning the gross amount of attempts far exceeds EUR 49 million.

The trend is clear: amounts stolen via phishing in Belgium rose from EUR 34 million in 2020 to EUR 49 million in 2024, despite advances in detection. According to a 2025 ING Belgium study, 61% of Belgians have faced a bank fraud attempt — and 40% of those who do actually lose money.

13% of Belgians report having been a phishing victim at least once. More worrying: 8% of the population has never heard of this type of fraud. Among 16-30 year olds, that figure rises to 23%.

What types of fraud target Belgian credit cards?

Not all fraud looks the same. Some exploits technology, others rely on psychological manipulation. Here are the five most common variants in Belgium.

Classic phishing

An email or SMS imitates your bank (BNP Paribas Fortis, ING, Belfius, KBC) and redirects you to a fake website. You enter your login credentials, card number, and card reader code. The fraudster uses this data in real time to drain your account. This scenario accounts for the bulk of the EUR 49 million lost in 2024.

The fake Card Stop employee scam

The fraudster calls pretending to be a Card Stop employee or someone from your bank. They claim a suspicious transaction was detected and ask for your PIN or ask you to confirm an operation via your banking app. Remember: Card Stop never calls you. Any incoming call presenting itself as Card Stop is fraud.

Skimming

A device is installed on an ATM or payment terminal to copy your card's magnetic strip while a miniature camera captures your PIN. This technique is declining thanks to EMV chip technology, but it hasn't completely disappeared.

Online fraud without the card (Card Not Present)

The fraudster uses a stolen card number (data breach, hacked e-commerce site) to make online purchases. Strong authentication (3D Secure) has significantly reduced this risk in Europe, but some non-EU websites don't require this verification.

Money muling

4% of Belgians have been approached to become a "money mule" — lending their bank account to move money of fraudulent origin. Among young people, 7% have received such a proposal and 12% know someone in this situation. Accepting is a criminal offense, even if you didn't initiate the fraud.

What is your legal liability in case of fraud?

The Belgian Code of Economic Law (Article VII.44), which transposes the European PSD2 directive, sets clear rules on loss allocation.

Before blocking the card: your liability is capped at EUR 50 for unauthorized operations. You don't pay more, unless the bank proves gross negligence on your part (for example, voluntarily sharing your PIN with a third party).

After blocking via Card Stop: the bank bears the full losses. You owe nothing.

Online payment without physical card presentation: if your card number was used for an online purchase without strong authentication, you are fully reimbursed. The fault lies with the merchant or the bank, not with you.

Bank reimbursement: in case of an unauthorized operation, the bank must reimburse no later than the next business day after notification. If it suspects fraud on your part, it must communicate its reasons in writing to the SPF Economy. In practice, a Belgian bank cannot refuse reimbursement solely on the grounds that you clicked on a phishing link — Belgian case law does not systematically consider phishing as gross negligence by the cardholder.

Dispute deadline: you have 13 months from the transaction date to dispute it with your bank. After this deadline, the dispute is no longer admissible. In case of a persistent dispute with your bank, Ombudsfin — Belgium's financial services ombudsman — handles complaints free of charge (ombudsfin.be).

How do you block your card in case of fraud?

Speed of blocking determines the extent of losses. Here's the procedure, step by step.

1. Call Card Stop at 078 170 170 (or +32 78 170 170 from abroad). The service is available 24/7. Enter your account number or postal code and date of birth to be connected to an operator.

2. Contact your bank to report the fraudulent transactions and dispute unauthorized operations. Most Belgian banking apps (ING, KBC, Belfius, BNP Paribas Fortis) also allow temporary card blocking from within the app.

3. File a police report. Keep the report number — your bank may request it when processing your reimbursement case.

4. Forward any suspicious messages to suspect@safeonweb.be. The Centre for Cybersecurity Belgium (CCB) analyzes these reports and blocks fraudulent URLs. In 2025, over 176,000 unique URLs and 40,800 domains were identified as malicious through these citizen alerts.

Does 3D Secure really protect your online purchases?

Strong Customer Authentication (SCA), mandated by the PSD2 directive since 2019, requires banks to verify your identity using at least two factors before every online payment. In Belgium, this translates to 3D Secure: Visa Secure (formerly Verified by Visa) or Mastercard Identity Check.

In practice, when you pay online with your Belgian credit card, your bank sends a push notification to its mobile app. You confirm the payment with your fingerprint, Face ID, or PIN code. Without this confirmation, the transaction is declined.

This system has significantly reduced online fraud across Europe. According to the joint EBA-ECB report from 2025, transactions authenticated via SCA show a markedly lower fraud rate than those without strong authentication. The residual problem is concentrated on payments to non-EU merchants, where 3D Secure isn't always required.

Why are credit cards safer than debit cards for online shopping?

Credit cards offer two protections that debit cards lack — or don't provide at the same level.

Chargeback. If a merchant fails to deliver, delivers a defective product, or makes an unauthorized charge, you can dispute the payment with Visa or Mastercard. The network requires the merchant to prove compliant delivery. Chargeback exists on Visa and Mastercard debit cards too, but it's more limited and less known to consumers.

Cash flow protection. In case of credit card fraud, the debited amount comes from the credit line — not from your current account. Your cash flow stays intact during the reimbursement process, which can take several weeks. With a debit card, the money leaves your account immediately, and you have to wait for reimbursement to get your funds back.

For a full comparison of these two card types, see our credit card vs debit card guide.

How to avoid fraud in daily life?

Technical safeguards (3D Secure, Apple Pay tokenization, EMV chip) do the heavy lifting. But the majority of successful fraud in Belgium relies on human manipulation, not technical hacking. A few habits significantly reduce the risk.

Never share your codes. No Belgian bank will ever ask for your PIN, banking password, or card reader code by phone, email, or SMS. If someone does, it's a fraud attempt — no exceptions.

Type your bank's address yourself. Don't click on a link in an email or SMS to access your online banking. Type the URL directly in your browser or use your bank's official app.

Check your statements regularly. Review your transactions at least once a week. The sooner you report a fraudulent transaction, the better your chances of full reimbursement. Most Belgian banking apps send real-time notifications for every card payment.

Use Apple Pay or Google Pay when possible. These services use tokenization: your real card number is never transmitted to the merchant. In case of a data breach at the merchant, your card remains unaffected. For compatible banks, see our Apple Pay in Belgium guide.

Set payment limits. Most Belgian banks allow you to set daily caps for online payments and withdrawals. Reduce these limits to the minimum you need — you can temporarily increase them from your app when necessary. For details by bank, see our credit card limits guide.

Frequently asked questions