Will ING Refund Scammed Money?

ING can refund money lost to fraud, but only in limited circumstances. The outcome depends on the transaction type, whether the client authorised the payment, and the strength of evidence. For unauthorised transactions and card fraud, ING applies PSD2 protections and the Visa/Mastercard chargeback mechanism. For SEPA and instant transfers, ING explicitly states that payments are final and irrevocable. However, in spoofing cases and documented security failures, ING has voluntarily compensated losses. Immediate contact with ING’s 24/7 emergency line and filing a police report are the critical first steps.

When ING Is Obligated to Refund

The determining factor is whether the transaction was authorised by the client. ING operates strictly within the PSD2 framework – unauthorised transactions trigger the bank’s refund obligation, while authorised payments remain the client’s responsibility. ING draws a sharp distinction between card payments, where chargeback provides a recovery channel, and SEPA or instant transfers, which the bank treats as final and irreversible. The bank also assesses whether the client acted with gross negligence, including responding to phishing, disclosing credentials, or approving transactions under social engineering pressure. This assessment determines whether the refund obligation applies or whether liability shifts to the client.

Unauthorised Transactions – PSD2 Refund Obligation

Under PSD2, where a payment transaction was not authorised by the account holder, ING is required to refund the transaction amount provided the client was not at fault. This applies to account takeover, card theft, and unauthorised access through stolen credentials. The client must notify the bank immediately upon discovering the unauthorised activity. ING may refuse a refund only where it can demonstrate gross negligence or fraud on the part of the client. The burden of proving gross negligence lies with the bank. A victim of sophisticated fraud who could not have identified the breach through reasonable care is not considered to have acted with gross negligence.

SEPA and Instant Transfers – Final and Irrevocable

ING explicitly states that SEPA and instant transfers are final and cannot be reversed. Where the client voluntarily transferred funds to a fraudster – even under the influence of deception – the payment is considered authorised and the bank is not obligated to refund. ING can submit a recall request to the recipient bank, but the recipient bank is not obligated to freeze or return the funds without a court order or law enforcement directive. If the funds have already been withdrawn from the recipient’s account, recovery through the bank recall mechanism alone is unlikely. This is the most restrictive category for recovery through ING’s internal procedures.

SEPA Direct Debits – Reversal Windows

For SEPA direct debit transactions, specific reversal windows apply. The client can request a reversal within 8 weeks of the debit for any reason. For unauthorised direct debit mandates, the reversal window extends to 13 months. These timeframes are established under the SEPA Direct Debit scheme rules and PSD2. The reversal is processed through ING without requiring a dispute or chargeback procedure.

Card Payments – Chargeback Through Visa and Mastercard

For card transactions, ING initiates a chargeback through the Visa or Mastercard payment scheme. Chargeback is available for unauthorised card transactions, non-delivery of goods or services, duplicate debits, and incorrect amounts. The procedure is governed by payment scheme rules and provides a realistic chance of recovery for card fraud. Timeframes depend on the case category and can extend up to 120 days. The dispute is submitted through ING’s online banking or mobile app.

When ING Refuses a Refund

ING refuses refunds in several typical situations. First – the transfer was confirmed by the client through 2FA or app approval, and the bank classifies it as an authorised transaction. Second – the client disclosed credentials or account data to fraudsters through phishing or social engineering. Third – the transaction is a SEPA or instant transfer, which ING treats as final and irrevocable. Fourth – there is insufficient evidence of fraud. ING often requires a police report number before processing a fraud claim. A refusal by ING is not final – the client is entitled to escalate through the bank’s complaints procedure and subsequently to the financial ombudsman or through civil litigation.

Spoofing Cases – Voluntary Compensation

In documented cases where fraudsters impersonated ING staff through call spoofing – making the incoming call appear to originate from ING’s official number – the bank has voluntarily compensated client losses. These cases fall outside the standard PSD2 refund framework because the client technically authorised the transactions. However, proven weaknesses in the bank’s security systems and the sophistication of the spoofing attack create grounds for compensation. Spoofing cases demonstrate that ING’s refusal to refund authorised transfers is not absolute where the bank’s own systems or procedures contributed to the fraud.

Immediate Steps After Discovering Fraud

Step 1 – Contact ING Immediately

ING’s emergency fraud line operates 24/7 at +31 20 228 8800. For retail clients in the Netherlands: 020 22 888 00. For clients in Germany: 069 / 34 22 24. The mobile app and online banking are also available for blocking cards and disputing transactions. The client should block the card and account access immediately to prevent further unauthorised transactions.

Step 2 – File a Police Report

ING often requires a police report number before processing a fraud claim. A criminal complaint should be filed with the relevant national police authority immediately. In the Netherlands, reports can be filed with the local police or online. In Germany, reports are filed with the Polizei or the state cybercrime unit. The police report is an essential evidentiary document for both the bank’s internal review and any subsequent legal proceedings.

Step 3 – Preserve All Evidence

All correspondence with the fraudster, transaction details, payment confirmations, screenshots, phone numbers, website links, wallet addresses, and IBANs must be preserved without alteration. ING requires transaction data to process the fraud claim. Digital evidence forms the foundation for the bank’s investigation, the chargeback procedure, and any subsequent regulatory or judicial proceedings.

Step 4 – Submit a Formal Complaint and Escalate

Where ING refuses the refund, the client should submit a formal complaint through the bank’s complaints procedure. If the complaint is not resolved satisfactorily, the dispute can be escalated to the Klachteninstituut Financiële Dienstverlening (Kifid) in the Netherlands – the independent financial services complaints institute. In Germany, the ombudsman of the Bundesverband deutscher Banken is available.

Alternative Recovery Mechanisms

Financial Ombudsman – Kifid (Netherlands)

Complaints about ING’s refusal to refund fraud losses can be referred to Kifid in the Netherlands. Kifid provides an independent review of the dispute between the client and the bank. The procedure is accessible to both Dutch and international clients. Kifid decisions may be binding on ING depending on the claim category and amount.

Complaint to the Financial Regulator

ING Bank N.V. is regulated by De Nederlandsche Bank (DNB) and the Autoriteit Financiële Markten (AFM) in the Netherlands. In Germany, ING is supervised by BaFin. A regulatory complaint does not return funds directly but initiates a supervisory review and creates regulatory pressure on the bank. Where systemic failures in fraud prevention or PSD2 compliance are identified, the regulator may require the bank to reconsider its position.

Civil Litigation

Civil proceedings against ING are available under Dutch and EU law where a breach of PSD2 obligations is proven, Strong Customer Authentication was not applied, suspicious transaction patterns were ignored, or fraud notifications received an inadequate response. In spoofing cases, civil claims based on the bank’s failure to prevent impersonation of its own staff and phone numbers may be available. Civil proceedings against the fraudster are available in parallel where the fraudster is identified. The European Account Preservation Order (EAPO) enables the freezing of the fraudster’s assets across all EU member states simultaneously.

Criminal Proceedings

A criminal complaint filed with the Dutch police, German police, or the relevant national cybercrime unit initiates an investigation in which law enforcement authorities gain access to bank records, IP logs, payment system data, and telecommunications operator records. Criminal investigation is the primary tool for identifying anonymous fraudsters and tracing the movement of stolen funds across jurisdictions.

ING Contact Details for Fraud Enquiries

ING operates across multiple European jurisdictions with online banking, mobile app, and limited branch presence. Head office: ING Bank N.V., Bijlmerdreef 106, 1102 CT Amsterdam, Netherlands. Emergency fraud line (24/7): +31 20 228 8800. Netherlands (retail): 020 22 888 00. Germany: 069 / 34 22 24. Fraud / security email: fraude@ing.com. Phishing reports (Netherlands): valse-email@ing.nl. Suspicious emails (Germany): info@ing.de. Primary channel: mobile app and online banking for card blocks and transaction disputes. Escalation (Netherlands): Kifid. Escalation (Germany): Ombudsman Bundesverband deutscher Banken.