Project XBY

Europe · GDP rank #38

Denmark

DK · DKK @ 0.1554/USD

Denmark is one of the most digitalised payment economies in Europe — almost nine in ten in-store payments are digital — built around two structurally different rails. Dankort still runs ~40% of card transactions, but it has lost share steadily to international schemes and Apple/Google Pay. MobilePay (Vipps MobilePay since the 2022 merger) carries the mobile leg with ~4.5m users out of a population of ~6m. The krone is pegged to the euro via ERM-II at the central rate of 7.46038, and the Riksbank-equivalent debate about cash resilience and offline payments is now an explicit policy priority.

Tab 06

Fraud & security

Headline fraud totals and typology splits, the rollout of EMV chip, tokenisation, 3DS and biometrics, and the controlling data-protection and payments statutes.

Annual fraud losses

kr.490M +18% vs 2023

DKK · 2024

Loss rate

7.4bp

basis points on transaction value · 2024

Above the EEA average; CNP intensity reflects digital-economy concentration.

CNP share of fraud

82%

% · 2024

Fraud typology

Where losses come from

Card-not-present dominates every developed-market fraud profile — counterfeit and lost/stolen have both been mechanically suppressed by EMV and tokenisation over the last decade.

Share of card fraud

  • Card-not-present (e-commerce)82%
  • Authorised push payment / smishingkr.380M

Authentication

What's deployed on cards today

EMV is the floor; tokenisation removes PAN from merchant systems; 3DS covers the CNP flow; biometric auth drives device-level wallet transactions. Adoption gaps between markets are the clearest signal of fraud-regime maturity.

EMV chip penetration

100%

% · 2024

Tokenised transactions

~50%

% · 2024

3DS coverage · CNP

97%

% · 2024

Mandatory under PSD2 RTS.

Biometric mobile wallet txns

98%

% · 2024

Consumer protection

Framework
Betalingsloven (Payments Act) implementing PSD2; Finanstilsynet supervision
Max consumer liability
kr.375 for unauthorised transactions
Liability rules
Consumer liability for unauthorised card or SEPA transactions capped at kr.375 under Payments Act §100 (lower than the PSD2 €50 minimum). Authorised push-payment fraud reimbursement is case-by-case under banking industry code; no automatic reimbursement comparable to UK PSR.

Source · Finanstilsynet

Security standards

  • PCI DSS 4.0 (mandatory March 2025)
  • PSD2 Strong Customer Authentication (in force)
  • DORA (in force from January 2025)
  • Card-payment contingency framework (Betalingsrådet, 2024–26 phased)