A data-driven insight into German transfer fraud: 7.594 cases
Ever bought something and it never arrived?
In Germany, thousands fall victim to bank transfer fraud every year, losing significant sums to scammers who exploit trust in what seem to be secure payment methods.
These scams typically start with fraudsters gaining access to a bank account they can use to receive payments and launder stolen money. These accounts, known as "bankdrops", are not registered in the scammer’s own name, providing a layer of anonymity.
Once they have a bankdrop, the next step is to “fill” the account by tricking unsuspecting individuals into transferring money. Traditionally, scammers have used platforms like Kleinanzeigen (Germany’s version of Craigslist) to sell physical goods they have no intention of delivering. However, a more sophisticated approach is gaining traction: Fakeshops.
These shops look like legitimate e-commerce sites — often built with platforms like Shopware or Magento — but, just like Kleinanzeigen scams, the products are never delivered.
Consumers are more likely to trust a professional-looking website with a .de domain than a random seller on Kleinanzeigen, making this method particularly lucrative for fraudsters.
Once the money is transferred via SEPA, there's usually no way to recover it. Even if victims contact their bank immediately, the funds are typically long gone.
While some banks are beginning to offer SCT Recalls (also known as SEPA Recalls) to their customers, in most cases, the money is irretrievable once the scam has been executed.
The key to transfer fraud: Bankdrops
As you may have realized, the backbone of these scams is the use of anonymous bank accounts, known as "bankdrops."
But once the first victims report the fraud, these accounts are typically frozen by authorities, and the legal owners face prosecution. So, how do scammers acquire these anonymous accounts?
1. Finance Agents
One of the most common methods is through so-called "finance agents." Scammers post job ads promising easy, part-time work from home. Applicants are told they will work as a “finance agent” handling a bank account for a large corporation.
The unsuspecting recruit is instructed to open a bank account in their own name and then transfer any payments to another account or convert the funds into cryptocurrency. This method allows scammers to use a legitimate account without implicating themselves directly, turning the unsuspecting job-seeker into an accomplice in fraud without them even realizing it.
2. Faked or Spoofed Identities
Scammers can also use fake or spoofed identification documents to open bank accounts under a fictitious name. They either create counterfeit documents themselves or purchase them from illicit markets. This method allows them to operate under the radar, as the account does not tie back to a real person.
3. Recruiting Accomplices
A more recent method targets young people, often from underprivileged backgrounds. Scammers, frequently members of the same community, offer them a fixed payment—typically around €200—in exchange for "lending" their bank card and PIN. These young accomplices, not fully aware of the legal consequences, provide access to their account, which is then used to commit transfer fraud. Once the authorities catch up, these youths are left facing serious legal repercussions.
In all cases, the common denominator is deception, where unwitting individuals or vulnerable parties are manipulated into helping scammers move money anonymously.
KYC or get fined tryin’
All of these methods face one significant challenge: Know-Your-Customer (KYC) procedures.
If you’ve ever opened a bank account or registered for a financial service, you’ve likely encountered KYC protocols—whether through PostIdent, or newer methods where you're asked to submit photos of your ID and a selfie.
But based on my experience, the rigor of KYC procedures varies greatly depending on the provider.
For instance, when I registered a SIM card with AldiTalk, I had to join a video chat with an employee. I had to present my ID document on camera, bend and turn it to prove it was genuine plastic, not just printed paper, and show the holograms. It was an in-depth process.
Contrast that with my experience registering for Miles, a car-sharing app. All I had to do was upload a photo of the front and back of my ID card and provide a single selfie. No video chat, no bending the ID, just a few photos.
I had a similar experience with TradeRepublic, a German neobroker. While the platform will offer full financial services, the KYC was relatively simple. When I changed my address with Deutsche Post, however, I had to use PostIdent, recording both a video of my face and my ID card, ensuring the holograms were visible.
This inconsistency struck me as odd. Why is a SIM card provider verifying my identity more thoroughly than a car-sharing company that gives me access to a €30,000+ vehicle, or a bank that handles my financial transactions?
Neobanks, in particular, have come under scrutiny for their lax KYC and risk management procedures. A notable example is N26, which was fined €9.2 million and had restrictions placed on acquiring new customers due to their risk-management and KYC shortcomings.
The BaFin has listed anonymity as their number one warning to banks, to combat money laundering and terrorism financing.
So I wondered: Do transfer scammers have a favorite bank?
One that does not check the identity and intentions of their customers that thoroughly?
Methodology
There is a big board in Germany, where volunteers actively search and report scams. It’s called Auktionshilfe.
Typically either the volunteers find a fakeshop with invalid company details or victims of scams report them there directly.
Either way, they post the bank account details to the thread directly, so potential victims end up at the warning post when they search for the IBAN.
And to find out if scammers have a favorite bank I’ve chosen to webscrape this board, and I ended up with 7.594 unique bank accounts, ranging back to 2017.
I used the schwifty Python library to find out what bank issued the IBANs in my list. The plots were generated using Plotly.
Results
Discussion
While the overall numbers in Figure 2 show that Neobanks like N26, Solaris, Fidor and Paytend are very popular among scammers, Figure 3 shows a more nuanced picture.
Mid 2021 a lot of scams related to N26 and solarisBank were reported to this board, peaking at just short of 250 accounts per month. But this trend declined very fast.
This may be due to more rigorous KYC procedures, users report that the KYC provider of N26, IDNow, explicitly asks the applicants if their account opening is in any way related to a job offer.
And these measures seemed to work!
Nowadays, from 2023 to July of 2024 where this study was conducted, most of the new bank accounts are from “Other banks”, which have less than 40 listed accounts in the dataset.
And finally, Figure 1 shows that the amount of bank accounts being submitted to this board vary from time to time. I do not think that transfer fraud in general has sharply declined, but the activity on this board has.
So the data presented here is not a 1-on-1 sample of overall transfer fraud activity, but rather a small subsample. So take everything with a grain of salt :)
Conclusions
One cannot say that Neobanks are driving the fraud industry, the problem at work is far more complex.
Banks shall exercise due-diligence in not only verifying the identity of their applicants, but also ensure that these actions are not made on behalf of a third party.
Also, digital KYC seems to work if done right.