Card fraud and cyberattacks are an ever-evolving threat, with cybercriminals using increasingly sophisticated methods to intercept banking data, despite advances in security measures.
The study entitled "State of card payment fraud in Cyprus: causes, effects and mitigation strategies", published yesterday on the Central Bank's blog by Irena Prodromou, highlights how the situation is today, i.e. on which payment services frauds are recorded and where cyberattacks have taken place.
"Today, card payment fraud has evolved into a complex and borderless threat, which is changing with the evolution of the digital payments ecosystem. Although these causes are largely common among EU countries, certain characteristics of the Cypriot economic environment also play a role. In particular, the increased use of payment cards and the higher share of online payments in Cyprus, compared to the euro area, increase the country's exposure to fraud."
The increase in data breaches, according to the study, "has become one of the strongest causes of card payment fraud, as it multiplies the opportunities to commit it. Data breaches lead to the theft of personal information and card details, which can be sold to would-be fraudsters, who may exploit them or use them to automate future fraud attacks."
The study also states that "indicatively, in Cyprus, a high rate of fraud in card payments was recorded for online subscription services, transfers to payment institutions related to cryptocurrency purchases and transactions on digital banking platforms (e.g. foreign exchange services), as well as for online dating applications and advertising services (payments through platforms such as Facebook and Google) for the first half of 2025".
According to the data of the study, "in recent years Cyprus has recorded a sharp increase in cyberattack incidents, with data breaches affecting government systems (e.g. in the Department of Land Registry and Surveying), postal services, the health sector, as well as many other businesses and individuals. The most significant breaches were recorded at the Cyprus Post in October 2025 and at the Bank of Cyprus Oncology Centre in December 2025, demonstrating serious vulnerabilities of the systems to fraud attacks."
What can be done to reduce scams and cyberattacks? The study points out that "the changing face of fraud requires rapid adaptation and adoption of sophisticated tactics by businesses. At the same time, banks must continue to invest in appropriate and advanced security technologies and monitoring systems. The technology used must combine preventive and detection controls to strike the right balance in mitigating the risk of fraud."
AI, it is pointed out, "is a double-edged sword: it can be used by fraudsters to exploit weaknesses in both human behaviour and payment infrastructure, but it can also act as a powerful tool for banks and businesses to protect against threats arising from sophisticated fraud techniques. In this context, the adoption of advanced behavioural analytics by banks to detect suspicious or unusual behaviour and patterns in real time based on each consumer's risk levels, combined with the exchange of information between key stakeholders, allows for more accurate detection of fraud patterns in real time, enhancing immediate response, cross-border defence and consumer protection."
Directives and legislation
Regulators and governments have a role to play in reducing fraud. The directives and legislation that has been published in recent months are:
– EU Artificial Intelligence Act: Its main objectives and mechanisms are to prohibit dangerous AI applications, regulate high-risk artificial intelligence, and ensure transparency.
– Financial Sector Digital Operational Resilience Regulation (DORA): It is designed to enhance the digital operational resilience of the financial sector.
– European Digital Identity (EUDI) Regulation: It aims to secure digital identification and reduce fraud in electronic transactions.
– Upcoming Payment Services Directive (PSD3) and the Payment Services Regulation (PSR): They aim – among other things – to curb fraud and modernise and transform the payment landscape.
