Cyprus residents face greater exposure to card fraud than most Europeans, according to a study published on the Central Bank of Cyprus blog, which maps where fraud is concentrated, where cyberattacks have struck, and what banks and businesses need to do to reduce the risk.
The study, titled “The State of Card Payment Fraud in Cyprus: Causes, Impacts and Mitigation Strategies,” was published by Irena Prodromou. It finds that Cyprus’s higher use of payment cards and larger share of online payments compared to the eurozone increase the country’s exposure to fraud incidents.
Where fraud is concentrated
In the first half of 2025, the study found high rates of card payment fraud in online subscription services, transfers to payment institutions linked to cryptocurrency purchases, transactions on digital banking platforms such as foreign exchange services, online dating applications, and advertising services on platforms including Facebook and Google.
According to the study, card payment fraud has become “a complex and borderless threat that evolves alongside the digital payments ecosystem.” While the causes are broadly shared across EU countries, Cyprus-specific characteristics amplify the risk.
Data breaches, the study finds, have become one of the strongest drivers of card fraud, multiplying opportunities for it to be carried out. Breaches lead to the theft of personal data and card details, which can be sold to would-be fraudsters or used to automate future attacks.
Where cyberattacks have hit
Cyprus has recorded a sharp increase in cyberattack incidents in recent years, with data breaches affecting government systems — including the Department of Lands and Surveys — postal services, the health sector, and numerous businesses and individuals, according to the study.
The two most significant breaches were at Cyprus Post in October 2025 and at the Bank of Cyprus Oncology Centre in December 2025, which the study says demonstrated serious system vulnerabilities to fraud attacks.
What needs to change
The study says the changing face of fraud requires rapid adaptation and the adoption of more sophisticated tactics by businesses. Banks, it says, must continue investing in advanced security technologies and monitoring systems, combining preventive and detective controls to achieve the right balance in managing fraud risk.
On artificial intelligence, the study describes it as a double-edged sword: it can be used by fraudsters to exploit weaknesses in both human behaviour and payment infrastructure, but it can also serve as a powerful tool for banks and businesses defending against sophisticated fraud techniques.
The study says banks should adopt advanced behavioral analytics to detect suspicious or unusual behaviour and patterns in real time, based on each consumer’s individual risk profile, combined with information-sharing between key stakeholders.
The regulatory framework
Regulators and governments also have a role to play. The study points to several directives and regulations published in recent months:
- EU Artificial Intelligence Act: Bans dangerous AI applications, regulates high-risk AI, and ensures transparency.
- DORA (Digital Operational Resilience Act): Designed to strengthen the digital operational resilience of the financial sector.
- EUDI (European Digital Identity Regulation): Aims to provide secure digital identification and reduce fraud in electronic transactions.
- PSD3 and the Payment Services Regulation (PSR): The forthcoming directive and regulation aim, among other things, to curb fraud and modernise the payments landscape.
Read more: