My personal corner on the web

📁 Investigation Dossier

Dossier: bunq complaints issues — Massive Fraud, Security Deficiencies and Risk Management

Comprehensive analysis of complaints, security issues, massive customer fraud, and regulatory deficiencies documented around the neobank bunq, with special focus on events from 2023–2025

📅 ✍️ By ⏱️ 35 min read 📂 Investigation Reports
Bunq massive fraud investigation - financial security analysis and regulatory compliance documentation
Investigation into massive fraud and security deficiencies at bunq bank

1. Executive Summary

📋 Key Investigation Points

This dossier comprehensively compiles and analyzes the complaints, security issues, massive customer fraud, and regulatory deficiencies documented around the neobank bunq, with special focus on events from 2023–2025 that have generated financial impacts, regulatory sanctions, and public criticism.

The investigation covers:

  • A pattern of massive fraud affecting customers through phishing and helpdesk impersonation.
  • Documented cases with losses of up to hundreds of thousands of euros per victim.
  • Response and compensations from the financial entity after media and government pressure.
  • Systemic security and compliance deficiencies (AML/KYC) detected by authorities.
  • Individual cases and ongoing customer claims.
  • Significant regulatory fines and risk evolution.

This synthesis is useful for executive-level audiences, compliance teams, legal advisors, shareholders, or financial regulators interested in evaluating reputational and business risks associated with bunq complaints issues.

🔍 Key Metrics: Bunq Fraud Investigation Overview

Documented Victims 66+ Source: Hupkes Advocaten Total Estimated Losses €3.3M+ Documented victims Max Loss Per Victim €200K NOS/NRC Investigation DNB Regulatory Fine €2.6M AML Deficiencies 2021-2022 Compensation Growth 2023 vs 2024 2023 €203K 2024 €10.01M +4,800% NOS/NRC Media Investigation 28 victims interviewed

2. Massive Customer Fraud and Security Deficiencies

2.1 Media Investigation: Phishing and Helpdesk Fraud (2023–2024)

In May 2024, a joint investigation by Dutch media outlets NOS and NRC revealed that dozens of bunq customers lost large sums of money within minutes due to fraud involving phishing and helpdesk impersonation:

The scammers impersonated bunq employees to convince customers to share credentials or transfer money.

— NL Times

Summary of Media Findings:

Metric Reported Value Source
Interviewed victims 28 NOS/NRC
Reported losses in investigation up to €200,000 per individual NOS/NRC
Total affected clients according to lawyer 66+ Hupkes Advocaten
Total estimated damage for documented victims €3.3M+ Hupkes Advocaten

Primary sources include reports from NOS and NRC, as well as public documents from law firms compiling cases. NL Times

2.2 Identified Fraud Methodology

The documented modus operandi included:

a. Sophisticated Phishing

Fake websites that imitated the bunq interface and redirected customer credentials to attackers. (documented in phishing email analysis). Security.NL

b. Helpdesk Fraud

Criminals called or contacted victims posing as bunq fraud personnel and pressuring them to provide sensitive information or perform operations.

c. App Address Book Manipulation

Hijacking of contact address book to add credibility during the fraud. Wikipedia

🔄 Fraud Flow: Attack Methodology Map

Bunq Fraud Attack Pathway 🎣 PHISHING Fake bunq website captures credentials 🔑 CREDENTIAL THEFT Login data stolen 📞 HELPDESK IMPERSONATION Fake bunq support 💸 FINANCIAL LOSS Up to €200K 🎣 Phishing Tactics • Cloned bunq login pages • Spoofed email addresses • Urgent security alerts • Malicious links in SMS • Contact book hijacking Source: Security.NL 📞 Helpdesk Fraud • Impersonating fraud team • Pressure tactics • Request for app access • Real-time manipulation • Forced transactions Source: NOS/NRC ⚠️ Missing Controls • No 24h delay on transfers • Weak transaction limits • No multi-card alerts • Poor anomaly detection • Insufficient KYC checks Identified by experts

2.3 Extreme Case: 80 Fraudulent Bank Cards

According to journalistic reports, in one case a customer received more than 80 bank cards without having requested them, which facilitated the withdrawal of funds by attackers:

"That bunq's systems do not flag such behavior as suspicious and block accounts immediately is notable," said a fraud expert.

— Wikipedia

This case was cited by Dutch media and later referenced in Wikipedia as evidence of failures in early warning internal controls. Wikipedia

2.4 Bunq's Initial Response and Public Reaction

Initially, bunq refused to compensate victims. CEO Ali Niknam compared the fraud cases to "giving your car keys to someone on the street." NL Times

⚠️ Government Response: The Dutch Minister of Finance at the time, Steven van Weyenberg, considered these statements "completely inappropriate." nos.nl

Under media and government pressure, bunq announced on June 20, 2024 an average compensation of 85% of losses, although the calculation and application of this policy was criticized by lawyers representing the victims. NL Times

3. Systemic Security Deficiencies and Risk Management

3.1 Absent Basic Measures

Until mid-2024, bunq lacked several security measures existing at other banks:

🔒 No 24-hour waiting period on suspicious transactions (introduced subsequently). DutchNews.nl

Transfer limits that could be bypassed with ease.

A system that did not detect obvious anomalous patterns such as massive card requests or unusual transactions. Wikipedia

Experts pointed out that if these measures had been in place before, the majority of documented fraud cases could have been prevented.

— Hupkes cs advocaten

3.2 Deficiencies in Fraud Control and AML/KYC

💰 €2.6 Million Fine for AML Control Deficiencies

In May 2025, De Nederlandsche Bank (the Dutch financial regulator) imposed a fine of €2.6 million on bunq for failures in its anti-money laundering controls and customer monitoring between 2021 and 2022. dnb.nl

The regulator identified that bunq:

Deficiency Description
Suspicious Transaction Alerts Did not adequately investigate alerts from suspicious transactions.
Criminal Activity Signals Did not carry out effective follow-up of signs of possible criminal activity.
High-Risk Customer Knowledge Had deficiencies in ongoing knowledge of customers identified as high risk. dnb.nl

This sanction underscores a systematic compliance risk that goes beyond the specific operational vulnerabilities of direct fraud.

4. Customer Claims and Complaints Issues

4.1 Public Claims on Review Platforms

Reviews on platforms like Trustpilot show a wide range of customer complaints related to:

📱 Poor customer service and intensive use of automated systems that do not solve complex problems. Trustpilot

🔐 Accounts blocked without adequate notice and lack of clear support. Trustpilot

💸 Cases of customers who claim to have lost large amounts without satisfactory explanations. Trustpilot

These testimonials reinforce the narrative of ongoing problems in the management of claims services and post-incident attention, a critical component in bunq complaints issues. Trustpilot

4.2 Legal Claims and Victim Groups

In August 2024, groups of affected customers requested sworn statements from bunq's management team to explain their response to fraud. NL Times

⚖️ This evidences that:

• There are active ongoing lawsuits related to insufficient compensation.

• Some customers still do not receive compensation offers or with amounts well below the announced average. NL Times

5. Risk Assessment and Conclusions

5.1 Reputational Risk

The combination of massive fraud, poorly managed statements by management, regulatory sanctions, and persistent customer complaints has eroded the public and corporate trust of bunq.

📊 Bunq Risk Assessment Matrix

Risk Factor Assessment Reputational Risk HIGH (85%) Regulatory Risk HIGH (80%) Operational Risk MED-HIGH (75%) Legal/Litigation Risk MEDIUM (70%) Financial Impact Risk MEDIUM (65%) High Risk (70-100%) Medium Risk (40-69%)

6. Proposed Annexes (Infographics and Charts)

6.1 Infographic — Fraud Map and Exposure Pathways

Suggested content for graphic:

• Attack mode (phishing → helpdesk → forced transactions).

• Phishing to financial loss conversions.

• Period without controls vs. after the introduction of 24h waiting period.

6.2 Bar Chart — Compensations 2023 vs 2024

Year Total Compensations (€)
2023 ~€203,000
2024 ~€10,016,000

📈 Compensation Evolution: 2023 vs 2024

€10M €8M €6M €4M €2M 2023 €203K 2024 €10.01M +4,833%

6.3 Timeline of Key Events

Mar–May 2024
NOS/NRC investigation into fraud cases at bunq.
June 2024
bunq announces new security measures and compensation policy.
August 2024
Customers demand sworn statements from bunq management.
May–Aug 2025
€2.6M AML fine imposed by DNB regulator.

7. Sources and Referenced Documentation

Each of the following sources was used to analyze bunq complaints issues and prepare this dossier:

📰
Media investigation of fraud and compensations — NL Times / NOS / NRC:
https://nltimes.nl/2024/06/21/bunq-compensate-fraud-victims
🔒
Customer trust reviews on Trustpilot:
https://nl.trustpilot.com/review/bunq.com
🎣
Phishing documentation against customers:
https://www.security.nl/posting/834710/bunq%2Bphishing
💰
🏛️
⚖️
📚
Wikipedia summary of controversies:
https://en.wikipedia.org/wiki/Bunq

8. Recommended Documents and Resources

📝 Bunq fraud and complaints report form:
https://www.bunq.com/en-es/contact/report

🔐 Bunq security and phishing reporting guide:
https://www.bunq.com/en-es/about/security