First 24 Hours After Being ScammedIceland

Researched by , Head Researcher

Primary sources cited; not legal advice.

Last verified:

Source: Lögreglan; CERT-IS; Lög um greiðsluþjónustu 2021; Fjármálaeftirlit; Úrskurðarnefnd um viðskipti við fjármálafyrirtæki.

Sourced from Icelandic Acts of the Althingi, statutory instruments, and official guidance. Written in plain language for general understanding — this is educational content, not legal advice. Our editorial standards

Icelandic National Law

What is this right?

Three jobs in parallel. Call your bank's fraud line — under Lög um greiðsluþjónustu (PSD2 via EEA), the bank must refund unauthorised electronic transactions by end of next business day. Customer liability cap at ISK 6,500 unless gross negligence. Report to Lögreglan at logreglan.is, by phone 444 1000, or in person at your local station. Preserve evidence.

Emergency: 112.

When does it apply?

  • Unauthorised debit / credit card or online-banking transaction on your Icelandic bank account.
  • You were tricked into authorising a transfer.
  • SIM-swap fraud.
  • Online sale fraud.
  • Sextortion or NCII — see Data Privacy & Digital Rights.

What to Do in the First Day After Being Scammed

  1. Call your bank's fraud line.
  2. Report at logreglan.is or 444 1000.
  3. For systemic / large-scale cyber-incidents, also notify CERT-IS.
  4. Preserve evidence. Cloud-save immediately.
  5. Change passwords; switch to authenticator-app 2FA.
  6. Lock Audkenni (Icelandic eID) if compromised.

What should you NOT do?

  • Don't share Audkenni / banking credentials with anyone.
  • Don't pay 'recovery agents' upfront.
  • Don't delete WhatsApp / SMS evidence.

About Scams, Fraud & Money Recovery in Iceland

Iceland's scam-recovery system runs across three institutions. Lögreglan (Icelandic Police) investigates cybercrime under Almenn hegningarlög nr. 19/1940 §§ 228–229 (privacy), 244–246 (theft, robbery), 250 (fraud), 251 (data fraud). CERT-IS provides national incident response. For the money side, Fjármálaeftirlit (Central Bank of Iceland Financial Supervisory Authority) supervises banks under Lög um greiðsluþjónustu (Payment Services Act, Lög nr. 114/2021) — Iceland's PSD2 transposition via EEA. Consumer disputes escalate to the Úrskurðarnefnd um viðskipti við fjármálafyrirtæki (Consumer Complaints Committee against Financial Undertakings).

Emergency: 112. Non-emergency police: 444 1000.

Common Questions

What is CERT-IS?

CERT-IS is Iceland's national cybersecurity incident response team, operated under the Post and Telecom Administration (PFS / Fjarskiptastofa). It handles systemic and critical-infrastructure cyber incidents. For individual consumer fraud, Lögreglan is the primary channel; CERT-IS coordinates national-level response.

What is Audkenni?

Audkenni is Iceland's national electronic identification (rafræn skilríki) system, used for banking, government services, and many private logins. If you suspect Audkenni compromise, contact Audkenni support immediately for suspension and contact your bank and Lögreglan.

What is the customer liability cap?

Under Lög um greiðsluþjónustu nr. 114/2021, customer liability for unauthorised use of a lost or stolen payment instrument is capped at ISK 6,500, unless the customer acted with gross negligence. Refund of unauthorised transactions by end of next business day where promptly disputed.

What is the first 24 hours after being scammed right in Iceland?

Three jobs in parallel. Call your bank's fraud line — under Lög um greiðsluþjónustu (PSD2 via EEA), the bank must refund unauthorised electronic transactions by end of next business day. Customer liability cap at ISK 6,500 unless gross negligence. Report to Lögreglan at logreglan.is, by phone 444 1000, or in person at your local station. Preserve evidence.Emergency: 112.

When does it applyfirst 24 hours after being scammed?

Unauthorised debit / credit card or online-banking transaction on your Icelandic bank account.You were tricked into authorising a transfer.SIM-swap fraud.Online sale fraud.Sextortion or NCII — see Data Privacy & Digital Rights.

What should I do immediately after being scammed in Iceland?

Call your bank's fraud line.Report at logreglan.is or 444 1000.For systemic / large-scale cyber-incidents, also notify CERT-IS.Preserve evidence. Cloud-save immediately.Change passwords; switch to authenticator-app 2FA.Lock Audkenni (Icelandic eID) if compromised.

What should you NOT dofirst 24 hours after being scammed?

Don't share Audkenni / banking credentials with anyone.Don't pay 'recovery agents' upfront.Don't delete WhatsApp / SMS evidence.

More in Scams, Fraud & Money Recovery

Reporting Cybercrime to Lögreglan and CERT-ISCybercrime in Iceland is investigated by Lögreglan (the Icelandic Police). Reports are made online at logreglan.is or by...Read more →Recovering Money from an Icelandic BankIceland's money-recovery framework is two-step. Step 1: bank complaint. Under Lög um greiðsluþjónustu nr. 114/2021 (PSD2...Read more →
← Browse all Scams, Fraud & Money Recovery

Last verified:

You came here to know your rights — help someone else know theirs.

Support This Mission