fortune.com
Ellen Bagley was delighted when she made her first sale on a popular second-hand clothing app, but just a few minutes later, the thrill turned to shock as the 20-year-old from Linköping in Sweden discovered she’d been robbed.
Everything seemed normal when Bagley received a direct message on the platform, which asked her to verify personal details to complete the deal. She clicked the link, which fired up BankID — the ubiquitous digital authorization system used by nearly all Swedish adults.
After receiving a couple of error messages, she started thinking something was wrong, but it was already too late. Over 10,000 Swedish kronor ($1,000) had been siphoned from her account and the thieves disappeared into the digital shadows.
“The fraudsters are so skilled at making things look legitimate,” said Bagley, who was born after BankID was created. “It’s not easy” to identify scams.
Although financial crime has garnered fewer headlines than a surge in gang-related gun violence, it’s become a growing risk for the country. Beyond its borders, Sweden is an important test case on fighting cashless crime because it’s gone further on ditching paper money than almost any other country in Europe.
Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021. Law-enforcement agencies estimate that the size of Sweden’s criminal economy could amount to as high as 2.5% of the country’s gross domestic product.
To counter the digital crime spree, Swedish authorities have put pressure on banks to tighten security measures and make it harder on tech-savvy criminals, but it’s a delicate balancing act. Going too far could slow down the economy, while doing too little erodes trust and damages legitimate businesses in the process.
Using complex webs of fake companies and forging documents to gain access to Sweden’s welfare system, sophisticated fraudsters have made Sweden a “Silicon Valley for criminal entrepreneurship,” said Daniel Larson, a senior economic crime prosecutor.
While the shock of armed violence has grabbed public attention — the nation’s gun-homicide rate tripled between 2012 and 2022 — economic crime underlies gang activity and needs to be tackled as aggressively, he added.
“That has been a strategic mistake,” Larson said. “This profit-generating crime is what’s fueling organized crime and, in some cases, leads to these conflicts.”
Sweden’s switch to electronic cash started after a surge of armed robberies in the 1990s, and by 2022, only 8% of Swedes said they had used cash for their latest purchase, according to a central bank survey. Along with neighboring Norway, Sweden has Europe’s lowest number of ATMs per capita, according to the IMF.
The prevalence of BankID play a role in Sweden’s vulnerability. The system works like an online signature. If used, it’s considered a done deal and the transaction gets executed immediately. It was designed by Sweden’s banks to make electronic payments even quicker and easier than handing over a stack of bills.
Since it’s original rollout in 2001, it’s become part of the everyday Swedish life. On average, the service — which requires a six-digit code, a fingerprint or a face scan for authentication — is used more than twice a day by every adult Swede and is involved in everything from filing tax returns to paying for bus tickets.
Originally intended as a product by banks for their customers, its use exploded in 2005 after Sweden’s tax agency adopted the technology as an identification for tax returns, giving it the government’s official seal of approval. The launch of BankID on mobile phones in 2010 increased usage even further, along with public perception that associated cash with criminality.
The country’s central bank has acknowledged that some of those connotations may have gone too far. “We have to be very clear that there are still honest people using cash,” Riksbank Governor Erik Thedeen told Bloomberg.
BankID is controlled by a consortium of the country’s private lenders, including Swedbank AB, SEB AB and Svenska Handelsbanken AB. A number of changes have been implemented to improve its security, as the government investigates the prospects of offering a state-issued digital ID.
“There is dedicated work going on throughout the banking sector to stop the fraudsters, but the police, the political side and the telecom industry need to do their part,” said Björn Johansson, Swedbank’s head of group fraud prevention. Representatives for SEB and Handelsbanken declined to comment.
For Bagley, the fact that BankID is so commonplace is part of the problem. “It ends up not really being a security measure, but just another step in using a website,” she said. “You don’t really think twice about what the BankID app might say you are logging into.”
It’s not just consumer scams. Government agencies have adopted BankID to make it easy to set up legitimate businesses in Sweden, which has also enabled fraudsters. Some have used fake companies with phony payrolls to launder money. Through such schemes, organized criminals can turn income from fraud and drug sales into a tool to get bank loans and extract payments from the welfare system.
“That means you can generate profits from crime and then ultimately get a state pension based on that income,” said Larson, the Swedish prosecutor. “That is extremely offensive.”
Reported cases of benefit fraud have doubled in the last decade, from just under 9,000 in 2014 to over 23,000 in 2023, according to the Swedish National Council for Crime Prevention. In its efforts to clamp down on crime, the government created a new agency this year solely focused on tracking erroneous welfare payments.
As the scale of the problems grow, banks are introducing measures that will allow additional layers of security, including requiring approval from a trusted second party for large transfers. But for the most part, they’re voluntary, with users needing to opt in to set up two-stage authorization or delay payments.
“It’s a constant quest to find the right balance between accessibility and security,” said Peter Göransson, a senior security adviser at the Swedish Bankers’ Association. “There will be situations where transfers will be slower — and that is already happening — but that’s the world we live in and I think there is an understanding among customers for that.”
The development has led to calls for banks to bear a bigger share of the burden when their customers are exposed to fraud. In the second half of 2023, payment service providers only footed about 10% of the bill, and the country’s financial watchdog has said that Sweden might do well to follow an example from the UK, which from October will require banks to reimburse customers who have been conned into making transfers.
Until similar regulation is adopted in Sweden, the chances of getting money back for users like Bagley are slim. She reported the February incident to Sweden’s National Board for Consumer Disputes and has tried to raise awareness through social media, overcoming the feeling of embarrassment for being duped.
“I’ve heard from so many others who have told me ‘I’ve also been scammed and felt so alone and ashamed’,” she said.