Using Bizum to pay a friend, share a dinner or buy in a store is tremendously convenient and fast, but it is advisable to know its limits well and the most common traps exploited by scammersThe bulk of fraud isn't due to technical failures within the platform, but rather to scams that seek to trick the user into authorizing transactions or providing data.
In the following lines we gather everything you need to know: How Bizum works, what limits apply depending on your bank, the most common scams (including the so-called “reverse Bizum”), warning signs, best practices, and concrete steps to take if you've already fallen for it. You'll also see recommendations from official agencies and When it is useful to ask for expert help to support a complaint.
Bizum is safe, but the weak link is people.
Bizum operates within your bank's app and complies with the European PSD2 regulation, which requires the Strong Customer Authentication (SCA)Two-factor authentication when necessary. This validation is managed by your organization using its own procedures; therefore, even if the technology is robust, criminals attack where it's easiest: the human factor.
A key idea: if you are going to receive money, you do not need to enter credentialsWhen someone sends you a Bizum payment, the notification arrives, and that's it. If what you see on the screen is a request to authorize a transaction (with your signature, PIN, fingerprint, or SMS code), that's not a payment: They are asking you to send money.
Limits, rules and particularities that are worth knowing
The specific limits depend on each bank, but there are common ranges and figures that will help you get your bearings. Generally, the minimum per transaction is usually €0,50 and the maximum per shipment is around €1.000In many cases you can receive up to €2.000 per day, and there are monthly limits for both submissions and requests.
Some entities handle references such as up to 60 transactions received per month and a maximum of 30 submissions or requests in that period, while others advertise limits such as up to 150 monthly shipments. There is also a cap of 30 recipients per operation If you make a multiple shipment, always check your bank's information, because conditions may vary.
Regarding businesses, more and more stores accept Bizum, but not all. Before pay with your mobile, confirm if that business supports it and check the name of the business that appears in your app when you go to authorize the payment.
When to be suspicious and warning signs
Scams rely on haste, nerves, and confusion. If you're rushed, if you weren't expecting the transaction, or if the message has errors, stop and checkThese red flags are common:
- Unusual pressure or urgency: “accept now”, “it expires in 10 minutes”, “if you don’t do it, they’ll block you”.
- Unexpected data requests: Neither your bank nor Bizum will ask you for your passwords by SMS, email or call, card numbers or verification codes.
- Authorization notifications when you expect to collectIf you need to receive money, your bank will not ask you to authorize anything.
- Dubious external links to websites that are not your bank's official website; The actual transactions are done in the banking app.
The “reverse Bizum” fraud and other top scams
Reverse Bizum: They ask you for money, making you believe you're going to receive it.
It's the trendy trick on second-hand platforms like Wallapop: the fake buyer, instead of paying you, sends you a request for moneyBetween rush and distractions, you accept thinking that you are confirming the payment and in reality you authorize a shipmentWith Bizum, there's no undoing: the money comes out instantly.
There are also variants with random requests to random phones: if you don't expect anything, don't even think about accepting. Remember: if the bank asks you for verification for a transaction and you think you were going to get paid, It is a shipping request.
False buyer and false seller
El false buyer They write to you, expressing interest in your ad, saying they'll pay via Bizum, and then sending you a payment request disguised as a deposit. With one wrong click, the money leaves your account. fake seller It works the other way around: it offers you a bargain, demands an advance via Bizum, and then disappears without sending anything.
To protect you, look at the user's profile (history, reviews, time on the platform) and suspect impossible prices. If something seems too good to be true, it usually is.
Impersonation of agencies: Social Security, Treasury, Post Office…
Another trick is to use the name of an administration to "return" money to you via Bizum. The phone may show senders as TGSS to give credibility, but what you get is a collection requestIf you accept, you pay the scammer. Remember that public agencies have reiterated that They do not make refunds through Bizum.
The scam can start with SMS or calls (vishing). A fake switchboard asks DNI and card details to "cancel a charge." Never give them out. Hang up and contact the official website of the agency or your bank yourself.
Unsolicited prizes, scam links, and credential captures
"You've won" messages linking to cloned pages seek to get you to enter bank details or make a small "administration" payment via Bizum. If you didn't participate in any sweepstakes, it's a hook. Even if the website steals logos and appears legitimate, look at the URL, spelling mistakes and that unjustified rush.
Social media and messaging contacts: the friend who “added you by mistake”
Another practice is to write to yourself (often impersonating an acquaintance's account on WhatsApp) to say that they sent you money by mistake and ask you to resend it with a Bizum button. The normal thing is that that income would never exist. Check with that person elsewhere before moving a euro.
Relatives in distress, false entries and accommodations
With the "son or daughter in trouble"They're trying to scare you into sending money without thinking. Call your relative's real number and confirm. They proliferate during concert and holiday seasons. non-existent entrances and floorsThey ask for a reservation via Bizum and then disappear. Avoid ads that are too cheap, ask for solid proof, and don't pay without guarantees.
Differentiating an entry from a request: the golden rule
Burn it into your memory: if your bank asks you authorize with PIN, signature, fingerprint or code, you're not receiving; you're about to send. A legitimate deposit is notified for informational purposes and requires no action. If you have any questions, open your banking app, go to the transaction details, and read the concept calmly.
Preventive measures that work
The best defense is to spend a few seconds review each operationApplying these habits will take your security to the next level:
- Always check what you are agreeing to: Does it say "shipping" or "request"? Check the concept, amount, and phone number.
- Do not share bank details by SMS, email, or phone call. Your bank won't ask you for it through those channels.
- Activate notifications in your app to instantly find out about movements and requests.
- Be wary of unrealistic offers and from sellers or buyers who apply pressure. Without rushing, without fear.
- Buy on official sites and, if it is between individuals, it uses methods with protection or verifiable agreements.
Configurations and good technical practices
In addition to common sense, configure the environment To make things difficult for the bad guys. Bizum complies with PSD2 and SCA, but you can strengthen it:
- Transfer limits: Know your bank's limits (the usual minimum is €0,50, the maximum per transaction is €1.000, daily and monthly limits such as €2.000 per day and up to €5.000 per month, the number of transactions received and the number of transactions sent/requests). Adjust these limits if your bank allows it.
- Screen lock and biometrics: Use PIN, pattern, fingerprint or facial recognition and activate automatic lock.
- Strong passwords: unique and complex, with a password manager. Don't share them with anyone.
- Devices up to date: Updated operating system and apps, active antivirus, and be careful with installations outside of official stores.
What you should do if you have been scammed
Act without wasting time. The sooner you react, more options to limit damage and gather useful evidence for the investigation.
- Contact your bank immediatelyExplain the case and provide details. Bizum isn't usually cancelable, but the bank can help protect your accounts and guide you through your claim.
- Report to the police (FCSE) and, if you have exposed personal data, notify the Spanish Data Protection Agency. recipient phone number, screenshots and everything you have.
- Inform Bizum and the platform where you were contacted (if applicable). Reporting the user prevents further victims.
- Block cards and change passwordsIf you suspect a data breach, stop it immediately. Some institutions, such as Banco Santander, advise block cards immediately and offer helpline numbers (e.g., 915 123 123 for general fraud and 900 81 13 81 for card blocking).
The Office of Internet Security (OSI) provides ways to report fraudBizum and banks keep a record of transactions (phone number, time, amount), which helps with the investigation, although recovering the money isn't always possible.
Gather and preserve evidence
Save everything: screenshots chats, SMS, emails, notifications or transaction details in your banking app, and any contextual information (times, accents, alleged origin, displayed names). Don't delete conversations; a full verification may be required in court.
Experts who can help you in the process
In criminal or civil proceedings, a Computer Expert can track digital clues and techniques used by the scammer, and a Economic Expert assess the damage and financial patterns. Their work is reflected in a expert report with legal validity that provides technical solidity to the complaint.
Vishing with Social Security: How it Works and 3 Key Signs
A pattern of calls impersonating Social Security has been detected. They claim they'll refund you and ask to process the payment through Bizum. The scammer sends a collection request, sometimes with the sender as "TGSS" to appear legitimate. If you accept, they charge you money.
Three clues to doubt: Neither your bank nor Bizum will ask you for your account number. by phone; be suspicious if a public institution requests personal data; if you are pushed to an external link to “activate” or “correct” something, stop and check it in the your bank's official app.
Extra tips for safer online shopping
In stores and advertisements, avoid headaches with simple measures: look for reliable reviews, check that the website starts with HTTPSRead reviews and be wary of unbelievable discounts. Enter the store by typing in the address or using your search engine, not through dubious social media links.
"It's not a Bizum error": why victims are falling
Most scams explode human distractions and biases: urgency, blind trust, inexperience. A 20-second pause to read the screen, check the recipient's name, and the type of transaction prevents a large proportion of frauds.
Disadvantages and practical limitations of Bizum
Although useful and widespread, Bizum has its limits. Because it is integrated into banking apps, there are entities with improvable user experiences on certain mobile devices. Additionally, trading limits can temporarily leave you without margin if you reach your limit.
Another factor is the requirement that both users have Bizum and carry your phone with you. For older people or those less accustomed to digital media, this can be a barrier to consider.
Cybersecurity training and culture
Staying up to date on how frauds work is your best shield. Public organizations such as CSIRT CV They offer short, free courses to learn how to identify scams, protect your data, and navigate wisely. Taking the time to learn pays off: you avoid unpleasantness that are expensive.
What to do if I don't recognize a Bizum or receive a request
If you see a charge that you do not identify, go into the transaction details and Contact your bank immediately. If what you receive is a shipping request and you weren't expecting it, you can reject it from your bank's app. When in doubt, it's better to decline and ask than to blindly accept.
Quick FAQs for common cases
Can I cancel a Bizum payment that has already been sent?
No. Payments are executed instantly and are irrevocableThat's why it's vital to review carefully before confirming.
I sent money by mistake, how do I get it back?
The most direct thing is to ask the receiver to return it to you voluntarily. Check with your bank to see if they can mediate or record the incident, but the platform doesn't offer a cancellation button.
I have been charged fraudulently, who can help me?
Notify your bank or card issuer if there are any associated charges and request security measures. File a police report and gather evidence; sometimes it's possible to reverse card charges, but Bizum charges they do not go back.
I received a Bizum from a stranger, what do I do?
It could be a mistake or part of a strange scheme. Avoid forwarding to third parties without verification; check with your bank. Keep in mind that keeping other people's money knowing it's not yours can have legal implications.
What happens if I'm asked for credentials to receive a Bizum?
Receive money does not require entering passwordsIf they ask for them, it's a sign of fraud (phishing or vishing). Don't follow the process and notify your bank.
Quick good practices to remember
- Read each screen before accepting. If it says "request," you're not getting paid.
- Verify identity by an alternative means if they contact you by messaging.
- Do not make advance payments without guarantees and be wary of bargains.
- Report to OSI and report it to help stop the scam.
Keep your eyes wide open and understand how Bizum operates, its limits and the difference between entry y application This is what makes the difference. With attention to detail, active notifications, basic cybersecurity training, and a quick response to any suspicions (contacting the bank, reporting, preserving evidence, and, if necessary, hiring experts), you'll be much more likely to prevent fraud or properly address those that have already occurred.
