Ellen Bagley was thrilled when she made her first sale on a popular second-hand clothing app. However, the excitement quickly turned to shock for the 20-year-old from Linköping, Sweden, when she realized she had been robbed just minutes later.
Initially, everything seemed normal when Bagley received a direct message on the platform asking her to verify personal details to complete the transaction. She clicked the link, which activated BankID, the widespread digital authorization system used by nearly all Swedish adults.
After receiving a few error messages, she sensed something was wrong, but it was too late. Over 10,000 Swedish kronor ($1,000) had been drained from her account, and the thieves vanished into the digital abyss.
“The fraudsters are so skilled at making things look legitimate,” said Bagley, who was born after BankID was created. “It’s not easy” to identify scams.
While financial crime hasn’t made as many headlines as the surge in gang-related gun violence, it has become an increasing risk for the country. Internationally, Sweden is seen as a crucial test case for combating cashless crime, as it has moved further away from paper money than almost any other European country.
Online fraud and digital crime have soared in Sweden, with criminals stealing 1.2 billion kronor in 2023 through scams like the one that caught Bagley, doubling the amount from 2021. Law enforcement agencies estimate that Sweden’s criminal economy could be as large as 2.5% of the country’s gross domestic product.
To combat the rise in digital crime, Swedish authorities have pressured banks to tighten security measures, creating a delicate balance. Overzealous measures could slow the economy, while insufficient action erodes trust and harms legitimate businesses.
Using intricate networks of fake companies and forged documents to access Sweden’s welfare system, sophisticated fraudsters have turned Sweden into a “Silicon Valley for criminal entrepreneurship,” according to Daniel Larson, a senior economic crime prosecutor.
While armed violence has captured public attention, with Sweden’s gun-homicide rate tripling between 2012 and 2022, economic crime fuels gang activity and needs to be addressed just as aggressively, Larson added.
“That has been a strategic mistake,” Larson said. “This profit-generating crime is what’s fueling organized crime and, in some cases, leads to these conflicts.”
Sweden’s shift to electronic cash began after a surge of armed robberies in the 1990s. By 2022, only 8% of Swedes reported using cash for their most recent purchase, according to a central bank survey. Along with neighboring Norway, Sweden has Europe’s lowest number of ATMs per capita, according to the IMF.
The widespread use of BankID contributes to Sweden’s vulnerability. The system functions like an online signature, and once used, transactions are executed immediately. Designed by Sweden’s banks to facilitate quick and easy electronic payments, BankID has become an integral part of everyday life since its rollout in 2001. On average, the service, which requires a six-digit code, fingerprint, or face scan for authentication, is used more than twice a day by every adult Swede for everything from filing tax returns to paying for bus tickets.
Initially a product for bank customers, its usage exploded in 2005 after Sweden’s tax agency adopted it for tax returns, giving it official endorsement. The launch of BankID on mobile phones in 2010 further increased its usage, along with the public perception that associated cash with criminality.
The country’s central bank has acknowledged that some of these connotations may have gone too far. “We have to be very clear that there are still honest people using cash,” Riksbank Governor Erik Thedeen told Bloomberg.
BankID is managed by a consortium of private lenders, including Swedbank AB, SEB AB, and Svenska Handelsbanken AB. To improve security, several changes have been implemented, while the government explores the possibility of offering a state-issued digital ID.
“There is dedicated work going on throughout the banking sector to stop the fraudsters, but the police, the political side, and the telecom industry need to do their part,” said Björn Johansson, Swedbank’s head of group fraud prevention. Representatives for SEB and Handelsbanken declined to comment.
For Bagley, the ubiquity of BankID is part of the problem. “It ends up not really being a security measure, but just another step in using a website,” she said. “You don’t really think twice about what the BankID app might say you are logging into.”
It’s not just consumer scams. Government agencies have adopted BankID to simplify setting up legitimate businesses in Sweden, which has also enabled fraudsters. Some use fake companies with phony payrolls to launder money, turning income from fraud and drug sales into tools to secure bank loans and extract payments from the welfare system.
“That means you can generate profits from crime and then ultimately get a state pension based on that income,” said Larson, the Swedish prosecutor. “That is extremely offensive.”
Reported cases of benefit fraud have doubled over the last decade, from just under 9,000 in 2014 to over 23,000 in 2023, according to the Swedish National Council for Crime Prevention. In response, the government created a new agency this year solely focused on tracking erroneous welfare payments.
As the scale of the problems grows, banks are introducing measures to add extra layers of security, such as requiring approval from a trusted second party for large transfers. However, most of these measures are voluntary, with users needing to opt in for two-stage authorization or delayed payments.
“It’s a constant quest to find the right balance between accessibility and security,” said Peter Göransson, a senior security adviser at the Swedish Bankers’ Association. “There will be situations where transfers will be slower — and that is already happening — but that’s the world we live in, and I think there is an understanding among customers for that.”
This situation has led to calls for banks to bear more responsibility when customers fall victim to fraud. In the second half of 2023, payment service providers covered only about 10% of the costs, and the country’s financial watchdog suggested that Sweden might follow the UK’s example. Starting in October, UK banks will be required to reimburse customers who have been conned into making transfers.
Until similar regulations are adopted in Sweden, the chances of recovering lost money are slim for users like Bagley. She reported the February incident to Sweden’s National Board for Consumer Disputes and has tried to raise awareness through social media, overcoming the embarrassment of being duped.
“I’ve heard from so many others who have told me ‘I’ve also been scammed and felt so alone and ashamed’,” she said.
