Cybercrime

Digital innovations make life easier when you make payments and do your banking. For example, you can immediately transfer money or pay for your groceries using our card, smartphone or wearable. At the same time, digitisation has led to new types of crime. Consumers are an important target. Criminals try, for example, to gain access to your bank account by means of phishing. While the number of victims of more conventional types of crimes, such as burglary and theft, has steadily decreased in the Netherlands, an increasing number of people fall victim to cybercrime.

Cybercriminals target not only consumers but also financial institutions. The number of successful cyberattacks on banks doubled in the period 2018-2020. 5% of pension funds and insurers were victims of a successful attack in 2021. Cybercriminals try to steal large sums of money or customer data from them. They may also try to put financial institutions out of operation by means of a cyberattack. This could in turn affect other financial institutions. In a worst-case scenario, all electronic payments would be down. This would cause serious disruption to our economy and society.

All in all, cybercrime poses serious risks. Fortunately, there are several things you can do to prevent becoming a victim. A few examples:

• Never disclose your login details to anyone over the phone, by email or any way other than prescribed by your bank. Your bank will never ask you to share your login details by phone or email.
• Make sure you always install the latest security updates of the banking software on your PC, tablet or smartphone.
• Regularly check your bank account for unauthorised transactions.
• Report incidents to your bank immediately and follow its instructions.

And there is much more you can do. You can find more information on the following websites:

• Veiligbankieren.nl (Dutch only)
• Alertonline.nl (Dutch only)
• Veiliginternetten.nl (Dutch only)

Financial institutions also work hard to fight cybercrime. Each year, banks and other financial institutions invest millions of euros to safeguard the security of online banking and other applications. Working closely alongside the police and law enforcement, they also share information among themselves and join forces to educate the general public, such as in the information campaign on secure banking (Dutch only).

Want to find out more? Check out the websites of the Dutch Banking Association (Dutch only) and the Dutch Payments Associations (Dutch only).

At DNB we are committed to safeguarding the stability of our financial system and our economy. We too are doing much to ensure that financial institutions are resilient to cybercrime:

• We test whether banks and other institutions in the core of our payments infrastructure can withstand cyberattacks, using a programme of test attacks. This TIBER programme was conceived by DNB, but the AFM and other central banks in Europe have also rolled it out.
• We also hold crisis drills with the financial sector on a regular basis to practice our response to fictitious severe disruptions of the payment system, caused for example by a cyberattack.
• As part of our supervision, we also check whether financial institutions adequately manage their IT, including their cybersecurity. This concerns institutions such as banks but also, for example, firms operating as a link between a shop and your bank. We expect them to have their payment systems up for nearly 100% of the time. If a financial institution has shortcomings, we discuss these or may impose specific measures.
• We work alongside and share information with financial institutions and the government.
• We provide input for European laws and regulations. For example, a current trend is that financial institutions outsource their IT processes to an external party, giving rise to new security risks. This is why the European Commission is considering the need for new rules, including on supervision.

Besides cybercrime, online privacy is a subject of vital importance. As you share your personal data with banks and other firms, they must handle those data securely and with due care. Financial institutions can share your data, but only with your express consent, under the revised European Payment Services Directive (PSD2). For more information, go to our PSD2 page. The Dutch Data Protection Authority supervises the processing of personal data.