• Payment cards account for 92% of attacks
• Cyprus recorded one of the highest average theft values per transfer in the eurozone
• Revealing data in the report “Statistics on Payment Fraud Incidents”

Cyprus’ digital transition is turning into a “gold mine” for organized cybercrime, with official figures from the Central Bank of Cyprus raising heightened concerns. €4 million was lost digitally within just 180 days, a reminder that in the digital era, citizens’ vigilance is just as important as technological protection.

Although citizens are placing increasing trust in electronic money, and banks are taking all necessary protective measures, fraudsters manage to breach the system’s “defenses” at alarming speed, leading to a 66% surge in financial losses during the first half of last year. The data show that these are not isolated incidents, but a methodical assault on citizens’ finances.

The fraud breakdown reveals unprecedented intensity, as 16,000 confirmed incidents were recorded by the CBC in its report, a figure 30% higher compared to the corresponding previous period. Perpetrators focus their “hunt” on payment cards, which account for 92% of attacks. Although Cypriots use their cards 2.5 times more frequently in physical stores, 97% of fraud occurs online.

Data Theft

Data theft remains the main “back door,” accounting almost entirely for card-related losses, with credit cards presenting a higher risk rate (0.017%) compared to debit cards (0.012%).

However, the real “wound” is inflicted through credit transfers. Although the number of incidents is lower (400), the financial damage is disproportionately high, accounting for 54% of the total value of fraud. Cyprus recorded one of the highest average theft values per transfer in the eurozone, reaching €5,472, while the European average stands at €2,102.

The method of “social engineering” is accelerating, with 59% of victims being deceived into approving the transfer of money themselves, falling prey to fraudulent phone calls or messages impersonating bank employees.

Beyond transfers, the report highlights a worrying stagnation in the effectiveness of traditional controls. Fraud involving direct debits is almost entirely due to unauthorized transactions, indicating that perpetrators gain access to sensitive banking data and set up automatic payments without the account holder’s slightest suspicion. In addition, the value of domestic card fraud incidents nearly doubled, showing that each attack is now more “targeted” and more “profitable” for criminals.

Risk escalates dramatically in cross-border transactions, where the likelihood of falling victim is 24 times higher compared to domestic payments. The lack of uniform security systems internationally creates “black holes” exploited by perpetrators to channel stolen funds to destinations outside the EU. The only effective “barrier” remains Strong Customer Authentication (SCA), as protected transactions carry three times lower risk.

With the full implementation of the “Verification of Payee” system, authorities expect a decisive containment of the phenomenon. This measure obliges banks to confirm the matching of name and IBAN before every payment, closing the “window” for social engineering fraud.

Source