Fraud and counterfeiting of non-cash means of payment are threats to security, as they represent a source of income for organised crime and are therefore enablers for other criminal activities such as terrorism, drug trafficking and trafficking in human beings.

Fraud and counterfeiting of non-cash means of payment also represent obstacles to the digital single market, as they erode consumers' trust and cause direct economic loss.

Significant gaps and differences in Member States' laws in the areas of fraud and of counterfeiting of non-cash means of payment can obstruct the prevention, detection and sanctioning of those types of crime and other serious and organised crimes related to and enabled by them, and make police and judicial cooperation more complicated and therefore less effective, with negative consequences for security.

Fraud and counterfeiting of non-cash means of payment have a significant cross-border dimension, accentuated by an increasing digital component, which underlines the need for further action to approximate criminal legislation in the areas of fraud and of counterfeiting of non-cash means of payment.

Recent years have brought not only an exponential increase in the digital economy, but also a proliferation of innovation in many areas, including payment technologies. New payment technologies involve the use of new types of payment instruments, which, while creating new opportunities for consumers and businesses, also increase opportunities for fraud. Consequently, the legal framework must remain relevant and up-to-date against the background of those technological developments, on the basis of a technology-neutral approach.

Fraud is not only used to fund criminal groups, but also limits the development of the digital single market and makes citizens more reluctant to make online purchases.

Common definitions in the areas of fraud and of counterfeiting of non-cash means of payment are important to ensure a consistent approach in Member States' application of this Directive and to facilitate information exchange and cooperation between competent authorities. The definitions should cover new types of non-cash payment instruments which allow for transfers of electronic money and virtual currencies. The definition of non-cash payment instruments should acknowledge that a non-cash payment instrument may consist of different elements acting together, for example a mobile payment application and a corresponding authorisation (e.g. a password). Where this Directive uses the concept of a non-cash payment instrument, it should be understood that the instrument puts the holder or user of the instrument in a position to actually enable a transfer of money or monetary value or to initiate a payment order. For example, unlawfully obtaining a mobile payment application without the necessary authorisation should not be considered as an unlawful obtainment of a non-cash payment instrument as it does not actually enable the user to transfer money or monetary value.

This Directive should apply to non-cash payment instruments only insofar as the instrument's payment function is concerned.

This Directive should cover virtual currencies only insofar as they can be commonly used for making payments. The Member States should be encouraged to ensure in their national law that future currencies of a virtual nature issued by their central banks or other public authorities will enjoy the same level of protection against fraudulent offences as non-cash means of payment in general. Digital wallets that allow the transfer of virtual currencies should be covered by this Directive to the same extent as non-cash payment instruments. The definition of the term ‘digital means of exchange’ should acknowledge that digital wallets for transferring virtual currencies may provide, but do not necessarily provide, the features of a payment instrument and should not extend the definition of a payment instrument.

Sending fake invoices to obtain payment credentials should be considered as an attempt at unlawful appropriation within the scope of this Directive.

By using criminal law to give legal protection primarily to payment instruments that make use of special forms of protection against imitation or abuse, the intention is to encourage operators to provide such special forms of protection to payment instruments issued by them.

Effective and efficient criminal law measures are essential to protect non-cash means of payment against fraud and counterfeiting. In particular, a common criminal law approach is needed as regards the constituent elements of criminal conduct that contribute to or prepare the way for the actual fraudulent use of a non-cash means of payment. Conduct such as the collection and possession of payment instruments with the intention to commit fraud, through, for instance, phishing, skimming or directing or redirecting payment service users to imitation websites, and their distribution, for example by selling credit card information on the internet, should thus be made a criminal offence in its own right without requiring the actual fraudulent use of a non-cash means of payment. Such criminal conduct should therefore cover circumstances where possession, procurement or distribution does not necessarily lead to fraudulent use of such payment instruments. However, where this Directive criminalises possession or holding, it should not criminalise mere omission. This Directive should not sanction the legitimate use of a payment instrument, including and in relation to the provision of innovative payment services, such as services commonly developed by fintech companies.

With regard to the criminal offences referred to in this Directive, the concept of intent applies to all elements constituting those criminal offences in accordance with national law. It is possible for the intentional nature of an act, as well as any knowledge or purpose required as an element of an offence, to be inferred from objective, factual circumstances. Criminal offences which do not require intent should not be covered by this Directive.

This Directive also refers to tools which can be used in order to commit the offences referred to in it. Given the need to avoid criminalisation where such tools are produced and placed on the market for legitimate purposes and, though they could be used to commit criminal offences, are therefore not in themselves a threat, criminalisation should be limited to those tools which are primarily designed or specifically adapted for the purpose of committing the offences referred to in this Directive.

The sanctions and penalties for fraud and counterfeiting of non-cash means of payment should be effective, proportionate and dissuasive throughout the Union. This Directive is without prejudice to the individualisation and application of penalties and execution of sentences in accordance with the circumstances of the case and the general rules of national criminal law.

As this Directive provides for minimum rules, Member States are free to adopt or maintain more stringent criminal law rules with regard to fraud and counterfeiting of non-cash means of payment, including a broader definition of offences.

Jurisdictional rules should ensure that the offences referred to in this Directive are prosecuted effectively. In general, offences are best dealt with by the criminal justice system of the country in which they occur. Each Member State should therefore establish jurisdiction over offences committed on its territory and over offences committed by its nationals. Member States may also establish jurisdiction over offences that cause damage in their territory. They are strongly encouraged to do so.

Given the need for special tools to effectively investigate fraud and counterfeiting of non-cash means of payment, and their relevance to effective international cooperation between national authorities, investigative tools that are typically used for cases involving organised crime or other serious crime should be available to competent authorities in all Member States, if and to the extent that the use of those tools is appropriate and commensurate with the nature and gravity of the offences as defined in national law. In addition, law enforcement authorities and other competent authorities should have timely access to relevant information in order to investigate and prosecute the offences referred to in this Directive. Member States are encouraged to allocate adequate human and financial resources to the competent authorities in order to properly investigate and prosecute the offences referred to in this Directive.

National authorities investigating or prosecuting offences referred to in this Directive should be empowered to cooperate with other national authorities within the same Member State and their counterparts in other Member States.

A number of instruments and mechanisms exist at Union level to enable the exchange of information among national law enforcement authorities for the purposes of investigating and prosecuting crimes. To facilitate and speed up cooperation among national law enforcement authorities and make sure that those instruments and mechanisms are used to the fullest extent, this Directive should strengthen the importance of the operational points of contact introduced by Framework Decision 2001/413/JHA. It should be possible for Member States to decide to make use of the existing networks of operational points of contact, such as the one set up in Directive 2013/40/EU. The points of contact should provide effective assistance, for example by facilitating the exchange of relevant information and the provision of technical advice or legal information. To ensure the network runs smoothly, each point of contact should be able to communicate quickly with the point of contact in another Member State. Given the significant trans-border dimension of crimes covered by this Directive and in particular the volatile nature of electronic evidence, Member States should be able to deal promptly with urgent requests from the network and provide feedback within eight hours. In very urgent and serious cases, Member States should inform the European Union Agency for Law Enforcement Cooperation (Europol).

In order to facilitate the prompt and direct reporting of crime, the Commission should carefully assess the establishment of effective online fraud-reporting systems by Member States and standardised reporting templates at Union level. Such systems could facilitate the reporting of non-cash fraud which often takes place online, thereby strengthening support for victims, the identification and analysis of cybercrime threats and the work and cross-border cooperation of national competent authorities.

The offences referred to in this Directive often have a cross-border nature. Therefore, combating these offences relies on close cooperation between the Member States. Member States are encouraged to ensure, to the extent appropriate, effective application of mutual recognition and legal assistance instruments in relation to the offences covered by this Directive.

Investigation and prosecution of all types of fraud and counterfeiting of non-cash means of payment, including those involving small amounts of money, are particularly important in order to combat them effectively. Reporting obligations, information exchange and statistical reports are efficient ways to detect fraudulent activities, especially similar activities that involve small amounts of money when considered separately.

Fraud and counterfeiting of non-cash means of payment can result in serious economic and non-economic consequences for its victims. Where such fraud involves, for example, identity theft, its consequences are often aggravated because of reputational and professional damage, damage to an individual's credit rating and serious emotional harm. Member States should adopt assistance, support and protection measures aimed to mitigate those consequences.

Often a considerable amount of time can pass before victims find out that they have suffered a loss from fraud and counterfeiting offences. During that time a spiral of interlinked crimes might develop, thereby aggravating the negative consequences for the victims.

This Directive should provide for the right for legal persons to access information in accordance with national law about the procedures for making complaints. This right is necessary in particular for small and medium-sized enterprises and should contribute to creating a friendlier business environment for small and medium-sized enterprises. Natural persons already benefit from this right under Directive 2012/29/EU.

Member States should, with the assistance of the Commission, establish or strengthen policies to prevent fraud and counterfeiting of non-cash means of payment and measures to reduce the risk of such offences occurring by means of information and awareness-raising campaigns. In this context, Member States could develop and keep up to date a permanent online awareness-raising tool with practical examples of fraudulent practices, in a format that is easy to understand. That tool could be linked to or be part of the single national online information tool for victims. Member States could also put in place research and education programmes. Special attention should be paid to the needs and interests of vulnerable persons. Member States are encouraged to ensure that sufficient funding is made available for such campaigns.

It is necessary to collect statistical data on fraud and counterfeiting of non-cash payment instruments. Member States should therefore be obliged to ensure that an adequate system is in place for the recording, production and provision of existing statistical data on the offences referred to in this Directive.

This Directive aims to amend and expand the provisions of Framework Decision 2001/413/JHA. Since the amendments to be made are substantial in number and nature, Framework Decision 2001/413/JHA should, in the interests of clarity, be replaced in its entirety for the Member States bound by this Directive.

In accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union (TEU) and to the Treaty on the Functioning of the European Union (TFEU), and without prejudice to Article 4 of that Protocol, those Member States are not taking part in the adoption of this Directive and are not bound by it or subject to its application.

In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark annexed to TEU and to TFEU, Denmark is not taking part in the adoption of this Directive and is not bound by it or subject to its application.

Since the objectives of this Directive, namely to subject fraud and counterfeiting of non-cash means of payment to effective, proportionate and dissuasive criminal penalties and to improve and encourage cross-border cooperation both between competent authorities and between natural and legal persons and competent authorities, cannot be sufficiently achieved by the Member States, but can rather, by reason of their scale or effects, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

This Directive respects fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, including the right to liberty and security, the respect for private and family life, the protection of personal data, the freedom to conduct a business, the right to property, the right to an effective remedy and to a fair trial, the presumption of innocence and right of defence, the principles of the legality and proportionality of criminal offences and penalties, as well as the right not to be tried or punished twice in criminal proceedings for the same criminal offence. This Directive seeks to ensure full respect for those rights and principles and should be implemented accordingly,