Banco de Portugal Stands Up the Plataforma de Monitorização da Fraude Digital With SIBS, Telecoms and the PJ on Monday 25 May — €6.5 Million of Losses Blocked Since the May 2024 IBAN-Beneficiary Tool as 2025 Complaints Lift 45%

The Banco de Portugal formally stood up the Plataforma de Monitorização da Fraude Digital at a Lisbon conference on Monday 25 May 2026, with Governor Álvaro Santos Pereira framing the launch as the first integrated national pipe to braid payment-system operators, telecommunications providers, the Polícia Judiciária, the Ministério Público and the Ministério da Administração Interna into a single anti-fraud workflow. SIBS — owner of the Multibanco and MB Way rails — sat alongside the BdP on the panel and described the file as 'uma batalha sem tréguas' against a digital-fraud frontier that has moved faster than the bilateral bank-by-bank reporting framework can absorb. The platform consolidates real-time signals from operadores de pagamentos, operadores de telecomunicações, criminal-investigation authorities and the judicial system so that account-takeover, social-engineering and IBAN-impersonation patterns can be flagged across institutional silos as they emerge, not after the back-charge cycle has closed.

The Numbers Behind the Launch

The launch came with a tape that reads as the political case for the platform. The BdP's parallel statistics file shows 2,577 fraud-related complaints tied to payment operations in 2025 — a 45% year-on-year lift on the 2024 print and the highest annual count the supervisor has recorded since the dedicated complaint line was opened. Roughly 85% of the loss share on fraudulent transfers is currently borne by the user rather than the bank, even when the originating order traces back to an attacker — a distribution that the platform is designed to reverse over the medium term by shifting more of the detection burden to the institutional layer. Total H1 2025 losses across the Portuguese electronic-payments perimeter ran at €5.3 million on a per-instrument fraud-rate spread between 0.00036% on direct debits and 0.0066% on card-issuer payments — low in absolute terms, but climbing fast on the social-engineering vector.

How the Pre-Platform Toolkit Was Already Working

The BdP also closed the loop on what the existing toolkit has already delivered. The IBAN-beneficiary verification service — the headline 2024 deliverable that surfaces the recipient's name to the payer before the transfer is authorised — has, by the supervisor's own count, prevented €6.5 million of losses since its May 2024 activation across the Portuguese banking perimeter. The SPIN rail, opened in June 2024 for mobile-number-and-NIF-keyed transfers, runs on the same beneficiary-confirmation logic. A second-generation beneficiary-verification service went live in October 2025 across the inter-bank infrastructure. The Plataforma de Monitorização da Fraude Digital is the natural next step — moving from per-transfer beneficiary confirmation to a multi-channel signal exchange that includes telecoms-side caller-ID and SMS-spoofing data, which is the vector that has driven most of the 45% complaint-volume increase.

The SIBS Side of the File

SIBS came to the launch with its own scale tape. The Multibanco operator, which we covered last week as it piloted a Multibanco social network across roughly twenty Juntas de Freguesia in the Cova da Beira and rolled an ATM-side resilience plan into the national payment-resilience pipeline that the BdP also coordinates with energy, telecoms and retail, runs the largest single-fraud-surface in the country. MB Way alone moved past six million users in October 2024 and processes more than 70 million operations a month across the ten million cards tokenised on the app, by SIBS's own October 2024 disclosure. The 2025 Christmas-season tape showed Multibanco purchase volume up 8% on 2024, with MB Way usage running at 3.8x the 2020 base. The fraud surface scales with the rail, and the SIBS 24/7 fraud-prevention monitoring centre has been triaging social-engineering, MB Way-impersonation-call and SMS-phishing patterns at increasing volume through 2025 and into 2026.

What the Platform Will Actually Do

The Plataforma de Monitorização da Fraude Digital is being framed as three integrated capability layers. The first is a real-time signals exchange across the institutional perimeter — bank-to-bank, bank-to-SIBS, bank-to-telecom, bank-to-PJ — so that an account taken over at one institution can be flagged across the receiving-bank network before the second hop closes. The second is a case-management backbone for criminal-investigation hand-off, so the PJ and the Ministério Público can attach fraud complaints to the same incident-graph the institutions are watching, compressing the per-case investigation window. The third is a statistical-supervision feed that lifts the BdP's per-quarter fraud release out of the bilateral-reporting cycle and into a closer-to-real-time tape that the supervisor can use both for macro-prudential signalling and for the European Banking Authority's pan-European fraud-reporting framework, which is itself shifting to a near-real-time data model through 2026 and 2027.

The Behavioural-Supervision Backdrop

The launch lands in the middle of a heavier behavioural-supervision cycle. The supervisor's 2025 behavioural-supervision report walked banks into €8.91 million of consumer-conduct fines on the back of the tightened complaints regime, and the 15-working-day complaint-response deadline the BdP locked in on 23 May means institutions now have to clear customer fraud cases faster than the pre-2026 30-day window allowed. The Plataforma de Monitorização da Fraude Digital sits inside the same regulatory arc: tighter complaint timelines, higher conduct fines, faster institutional signal exchange, and an explicit policy intent to shift the loss-share distribution back towards institutional liability for cases where the underlying defence chain failed.

What This Means for Expats — The Bottom Line

• The IBAN beneficiary-verification check is your first line of defence. The €6.5 million of avoided losses since May 2024 came almost entirely from payers actually reading the recipient name the system surfaces before authorising the transfer. If the on-screen name does not match the invoice or the trusted counterparty, cancel the transfer — full stop. The same logic applies to MB Way and Multibanco transfers initiated by phone number or NIF on the SPIN rail.
• SIM-swap and SMS-phishing risk has moved past account-takeover risk. Most current fraud cases route through a phone-side compromise — a fake bank-staff call, a spoofed SMS, an MB Way 'reset' request — rather than through a direct bank-website hack. If a 'bank caller' asks you to install an app, share an SMS code or 'sync' your account, hang up and call the bank back on the number printed on the card. The Plataforma de Monitorização da Fraude Digital is being built precisely because the telecom-side vector dominates the current loss distribution.
• The complaint-window clock starts at 15 working days, not 30. The BdP's tightened 23 May framework gives banks 15 working days — extendable to a hard 35-day cap — to resolve a written complaint, which now also covers fraud reimbursement requests. Lodge the complaint inside the bank's Livro de Reclamações Eletrónico via the BdP's portal, and the supervisor will track the timeline.
• Loss-share rules favour the user when the bank's anti-fraud chain failed. The European PSD2 reimbursement framework already imposes a strong-customer-authentication requirement on the bank, and Portuguese case law has been moving towards reading 'gross negligence' on the customer side narrowly. The Plataforma de Monitorização da Fraude Digital is policy-aligned with that direction: the more the supervisor sees that a fraud case ran through a known institutional-detection gap, the more likely the loss-share lands on the bank rather than the customer.
• If you are a small-business holder of a Portuguese IBAN, ask your bank for the SEPA Confirmation-of-Payee feature. The SEPA Instant Credit Transfer (SCT Inst) framework requires every euro-area bank to offer a free Confirmation-of-Payee service alongside instant transfers by 9 October 2025 (Regulation EU 2024/886). The BdP file confirms Portuguese rails are now compliant; if your business account does not expose the feature in the online-banking interface, request it in writing.
• If you have already lost money to digital fraud: file the complaint with the bank within 13 months under PSD2, file a separate denúncia with the Polícia Judiciária at denuncia.pj.pt, register the case in the BdP's Livro de Reclamações Eletrónico, and keep the SMS, call-log and email evidence. The Plataforma de Monitorização da Fraude Digital case-management backbone is designed to braid these three filings into one investigation timeline.

The Plataforma de Monitorização da Fraude Digital is the architectural answer to a 45% year-on-year complaint-volume increase that the bilateral bank-by-bank framework was visibly losing ground against. The €6.5 million already blocked by the IBAN beneficiary tool sets the baseline for what the broader institutional pipe can deliver once the telecoms-side signal is plugged in; the BdP's 2026 fraud-statistics file, due in mid-2027, will be the first proper read on whether the integrated platform compresses the loss-share curve back towards the institutional layer.