Credit Card Fraud in Belgium: How to Protect Yourself and React

Forty-nine million euros. That's how much was stolen via phishing in Belgium in 2024, according to Febelfin. Banks intercept three-quarters of suspicious transactions, but the remaining quarter ends up in fraudsters' pockets. According to a 2025 ING Belgium study, 61% of Belgians have faced a bank fraud attempt. This guide covers your rights, the blocking procedure, and the reflexes that make the difference between a scare and a real loss.

How much does fraud cost Belgians?

Phishing remains the number-one threat. In 2024, fraudsters extracted EUR 49 million from Belgian individuals and businesses through fraudulent messages, according to figures published by Febelfin. This amount is only the visible part: banks detected, blocked, or recovered 75% of phishing-related fraudulent transactions before they reached victims.

The victim profile has shifted. The 18-34 age group, long considered more digitally savvy, shows surprising gaps: 23% of young Belgians have never heard of phishing, compared to 8% of the general population. This partly explains why 5% of young people would share their banking codes without verification — a rate that has dropped from 13% in 2022 but remains concerning.

What types of fraud target Belgian credit cards?

Five techniques dominate the Belgian landscape. Some exploit technology, others rely on psychological manipulation.

Phishing via email or SMS. A fake message from your bank, bpost, or the SPF Finances asks you to "verify" your details via a link. The site perfectly imitates your bank's website. You enter your credentials, and the fraudster uses them in real time to drain your account. This scenario accounts for the bulk of the EUR 49 million lost in 2024.

Vishing (voice phishing). A phone call from a supposed bank or Card Stop employee. The fraudster sometimes knows your name and bank — information gathered from social media or a previous phishing attack. They push you to "confirm" a card block by sharing your PIN or validating a transaction in your banking app. Remember: Card Stop never calls you.

Card collectors. A fake courier shows up at your door to "collect" your bank card, claiming a technical issue or replacement. Febelfin has issued several warnings about this technique, which particularly targets elderly people. No Belgian bank ever sends a courier to collect a card.

Online fraud without the card (Card Not Present). The fraudster uses a stolen card number (data breach, hacked e-commerce site) to make online purchases. Strong authentication (3D Secure) has reduced this risk within Europe, but some non-EU websites don't require this verification — card fraud there is 17 times higher according to the 2025 joint EBA-ECB report.

Skimming. A device attached to an ATM copies your card's magnetic strip while a micro-camera captures your PIN. This technique has been virtually eradicated in Belgium thanks to the widespread use of EMV chips — the number of cases dropped from over 1,400 to single digits per year. The risk persists mainly abroad.

How to react if your card is compromised?

Speed of blocking determines the extent of losses. Here's the procedure, in order.

Step 1: Block the card via Card Stop. Call 078 170 170 (or +32 78 170 170 from abroad) — available 24/7, in French, Dutch, and English. The call is charged at the standard rate (no surcharge). The operator identifies you, blocks the card, and assigns you a case number. Keep this number: it serves as proof of the date and time of the block, which determines how liability is shared.

Step 2: Contact your bank. Report the fraudulent transactions to your bank by phone or via the banking app. Most Belgian banking apps (ING, KBC, Belfius, BNP Paribas Fortis) also allow temporary card blocking from within the app. Request a detailed statement of suspicious transactions.

Step 3: File a police report. Go to your local police station with your Card Stop case number, your ID, and available evidence (screenshots of the fraudulent message, bank statement). Keep the report number — your bank may request it when processing your reimbursement case.

Step 4: Report the fraud online. Forward any suspicious message to suspect@safeonweb.be (Centre for Cybersecurity Belgium). In 2025, over 176,000 unique URLs and 40,800 domains were identified as malicious through these citizen reports.

What does Belgian law say about your liability?

The Belgian Code of Economic Law (Article VII.44), which transposes the European PSD2 directive, sets clear rules on loss allocation.

Before blocking the card: your liability is capped at EUR 50 for unauthorized transactions. You don't pay more, unless the bank proves gross negligence on your part.

After blocking via Card Stop: the bank bears the full losses. You owe nothing.

Online payment without strong authentication: if your card number was used for an online purchase without 3D Secure, you are fully reimbursed. The fault lies with the merchant or the bank, not with you.

Bank reimbursement: in case of an unauthorized operation, the bank must reimburse no later than the next business day after notification. If it suspects fraud on your part, it must communicate its reasons in writing to the SPF Economy. Simply clicking on a phishing link does not automatically constitute gross negligence under Belgian case law.

Dispute deadline: you have 13 months from the transaction date to dispute it. After this deadline, the dispute is no longer admissible.

Does 3D Secure really protect your online purchases?

Strong Customer Authentication (SCA), mandated by the PSD2 directive since September 2019, requires banks to verify your identity using at least two factors before every online payment. In Belgium, this translates to 3D Secure: Visa Secure (formerly Verified by Visa) or Mastercard Identity Check.

In practice, when you pay online with your Belgian credit card, your bank sends a push notification to its mobile app. You confirm the payment with your fingerprint, Face ID, or PIN. Without this confirmation, the transaction is declined.

This mechanism has two direct effects. First, it blocks the vast majority of payment attempts with stolen card data — the fraudster has the card number, but not your smartphone. Second, it transfers liability: if a merchant accepts a payment without 3D Secure and that payment turns out to be fraudulent, the loss is shared between the merchant and the bank, not the consumer.

How to avoid fraud in daily life?

Technical safeguards (3D Secure, Apple Pay tokenization, EMV chip) do the heavy lifting. But the majority of successful fraud in Belgium relies on human manipulation, not technical hacking.

Never share your codes. No Belgian bank will ever ask for your PIN, banking password, or card reader code by phone, email, or SMS. If someone does, it's a fraud attempt — no exceptions.

Type your bank's address yourself. Don't click on a link in an email or SMS to access your online banking. Type the URL directly in your browser or use your bank's official app.

Enable transaction notifications. All Belgian banks let you receive a push notification for every payment. An unfamiliar purchase appears? You can block the card within a minute via the app or Card Stop.

Use Apple Pay or Google Pay when possible. These services use tokenization: your real card number is never transmitted to the merchant. In case of a data breach at the merchant, your card remains unaffected. For compatible banks, see our Apple Pay in Belgium guide.

Set payment limits. Most Belgian banks allow you to set daily caps for online payments and withdrawals. Reduce these limits to the minimum you need — you can temporarily increase them from your app when necessary. For details by bank, see our credit card limits guide.

To understand the differences between Visa and Mastercard in terms of security, see our Visa vs Mastercard comparison. For cards with solid insurance coverage, our credit card insurance guide details coverage bank by bank. And to understand why a credit card protects your online purchases better than a debit card, our credit card vs debit card guide explains the chargeback mechanism.

FAQ

Answers to frequently asked questions about credit card fraud in Belgium are available above in the article's structured data.