The European Parliament and the Council established new rules on combating fraud and the counterfeiting of non-cash means of payment. Directive 2019/713 was published in Official Journal L 123/18 of 10 May 2019. The Directive goes back to a Commission proposal of September 2017 (see eucrim 3/2017, 109 andeucrim 1/2018, 17). It replaces Council Framework Decision 2001/413/JHA and therefore “lisbonizes” another area of substantivecriminal law.

The Directive above all harmonizes the criminal conduct of natural or legal persons in relation to non-cash means of payment. The reform of the Framework Decision was considered particularly necessary in order to update the EU response to new technologies involving payment instruments that are beneficial to business and consumers, on the one hand, but also increasingly benefit criminals, on the other. As a result, the new rules must also be seen in the context of the EU’s efforts to provide better cybersecurity.

Directive 2019/713 includes common definitions in the areas of fraud and the counterfeiting of non-cash means of payment. Criminal liability has now also been extended to virtual currencies (insofar as they can be commonly used to make payments) and digital wallets.

The Directive defines the constituent elements of criminal conducts, which have been categorized as follows:

• Fraudulent use of non-cash payment instruments;
• Offences related to the fraudulent use of corporal non-cash payment instruments;
• Offences related to fraudulent use of non-corporal non-cash payment instruments;
• Fraud related to information systems;
• Tools used to commit offences.

The Directive clarifies that incitement, aiding and abetting, and attempt of any of the above-mentioned offences must also be made punishable as a criminal offence.

As another main element, the Directive lays down minimum rules for sanctions and penalties for natural and legal persons. The Directive follows the common EU approach of defining minimum/maximum terms of penalties. Depending on the offence, maximum terms of imprisonment for natural persons range from at least one to three years. More severe penalties apply if a crime is committed within the framework of a criminal organisation (as defined in Framework Decision 2008/841/JHA).

The Directive also includes rules on the following issues:

• Jurisdiction and conflicts of jurisdiction;
• Investigative tools to effectively investigate fraud and the counterfeiting of non-cash means of payments;
• Exchange of information by national points of contact that are available 24/7;
• Establishment of channels that facilitate reporting of the offences described in the Directive;
• Encouragement for financial institutions and other legal persons to report suspected fraud or counterfeiting to law enforcement authorities.

The Directive also strengthens the assistance to and support of victims – provisions that were mainly shaped by the European Parliament during the negotiations. It adapts the rights of victims under Directive 2012/29 to the special needs of victims of fraud in conjunction with non-cash means of payment. In this context, the Directive, inter alia, obliges Member States to ensure that natural and legal persons can obtain specific information and advice on how to protect themselves against the negative consequences of the offences, e.g., reputational damage. A list of dedicated institutions that deal with different aspects of identity-related crime and victim support is also provided. Furthermore, Member States are encouraged to set up single, national online information tools to facilitate access to assistance and support for victims whose personal data were misused.

Member States must implement the provisions of the Directive by 31 May 2021. The Commission has been called upon to submit an implementation report by 31 May 2023 and carry out an evaluation on the impact of the Directive by 31 May 2026.