Dutch police have arrested a 17-year-old boy who detectives suspect was responsible for 16 bank card frauds across the Netherlands.
The police department of the Dutch municipality of Woerden (Politie Woerden) confirmed the teenager was arrested on March 4 after an alleged bank card theft in September 2025, later linked to a string of similar offenses after detectives recognized techniques from recent cases.
After "collecting" bank cards, the accused, who resides in Utrecht, used them to withdraw large sums of cash from ATMs.
Politie Woerden said that across the 16 cases he is accused of orchestrating, the boy allegedly stole tens of thousands of euros from victims' bank accounts.
He allegedly impersonated bank employees and tricked victims into surrendering their bank cards after convincing them they were the victims of fraud.
They were not victims at the time, but soon would be.
Politie Woerden did not detail the specific means by which the unidentified teenager acquired the physical payment cards, nor how he was caught.
The wording of the police's announcement was vague, but suggested that when withdrawing the cash using the illicitly acquired payment cards, he was caught on camera and identified by police who gained access to the footage.
Politie Woerden said: "Police colleagues from other units also recognized the boy from similar cases they had dealt with and shared their information with their Woerden colleagues.
"The Woerden detectives collected all the reports and took over investigations from the rest of the Netherlands. They ultimately identified 16 bank employee fraud cases from across the country in which this suspect was likely involved."
Politie Woerden did not comment on how the boy will be treated by the legal system, or how prosecutors will proceed given his age.
In 2019, the Netherlands supported the Hack_Right program. Established by the Public Prosecution Service initially as a pilot scheme, it was aimed at young cyber offenders aged 12 to 23 and sought to provide an alternative to legal punishments.
Favoring re-education rather than prison time, the project ended in 2021 and received mixed reviews.
While later evaluations of the scheme noted that young offenders were generally encouraged to pursue legitimate cybersecurity careers, some young people were disillusioned by the lack of technical knowledge held by program supervisors.
The age of criminal responsibility in the Netherlands begins at 12, although offenders are tried as juveniles between then and the age of 17. It is an important distinction to make should prosecutors seek a harsher punishment than a re-education program.
The case follows a similar one in Poland in recent days, where seven 12 to 16-year-olds were arrested for allegedly selling DDoS tools for profit.
Poland's legal system also favors re-education over punishment for young cyber offenders, at least in the first instance. ®
Source: The register