This page collates the FIN-FSA’s key releases and texts on cyber security and scam prevention in 2024.

Improving the security of using banking services emerged as a significant theme in 2024. Crypto investment scams and payment-related frauds have become increasingly common, and supervisory authorities have highlighted the need to develop tighter and more up-to-date methods for scam prevention.

Crypto investment scams increased

In 2024, crypto investment scams increased again. Victims have limited access to help in problem situations. Scams may be difficult to track down due to the nature of crypto currencies, and the victims have limited ways to recover the funds. This has emphasised the need to raise awareness and provide further education on the safe use of crypto currencies. Scams are often international.

• Crypto scams have increased – victims have only limited recourse (in Finnish)

Payment-related scams

Scams and frauds related to payments are a growing phenomenon, which has aroused concern both among customers and authorities. According to a review by the FIN-FSA, the security of using banking services could be improved in many ways. Banks must pay particular attention to the security mechanisms of systems and to providing guidance to their customers on fraud detection and avoidance. Raising awareness and effective security measures play a key role in fraud prevention.

• Payment-related frauds and scams are a growing phenomenon – Financial Supervisory Authority investigation reveals scope for improving security of banking transactions

Security of online banking, mobile banking and online payments

In 2024, the FIN-FSA conducted a survey and provided recommendations on the security of online banking, mobile banking and online payments.

The FIN-FSA recommends that banks develop controls for online banking and mobile payments so that users would have the option to set more versatile security restrictions than at present on their credit transfer-based payments. Such restrictions include, for example, the option to set a daily or one-time usage limit for payments as well as to limit the geographical areas to which payments can be made.

Moreover, the FIN-FSA also recommends that banks develop their payment monitoring to be able to more precisely block payments that differ significantly from the customer’s previous payment history, for example based on the amount of the payment or parties to which the customer has previously sent payments.

Banks must continue to communicate actively through various channels about the security threats to their services and continue to remind and guide customers on how to use their electronic services securely.

• Security of online banking, mobile banking and online payments

ECB’s cyber resilience stress tests

During 2024, the European Central Bank (ECB) tested banks’ resilience to cyber security incidents. These tests showed that banks must improve their preparedness to ward off cyber attacks and maintain cyber security. The tests also revealed weaknesses and areas of development in banks’ cyber preparedness, giving rise to recommendations to fortify cyber security management and resources.

For example, banks should ensure that they have appropriate continuity, communication and recovery plans that consider a wide enough range of cyber risk scenarios. Banks should also be able to meet their own recovery objectives and assess their dependencies on critical third-party ICT service providers. Moreover, they should be able to estimate direct and indirect losses from a cyber attack.

• ECB concludes cyber resilience stress test

Preparedness situation

In 2024, the FIN-FSA carried out a thematic review of supervised entities’ level of preparedness. According to the thematic review, preparedness has improved in recent years. Supervised entities must ensure that their contingency plans are comprehensive and up to date. This includes regular tests and assessments helping to identify potential shortcomings and enhance capabilities.

Contingency plans must provide clear instructions on how to act in various crisis events, such as natural disasters, financial crises or cyber attacks. These plans must be flexible and modifiable to changing circumstances, and they must be updated on a regular basis in order to correspond to current threats.

The FIN-FSA also recommends that supervised entities participate regularly in crisis management exercises together with other financial branch operators and authorities. These exercises enable testing of the performance of continuity plans and enhancing cooperation among various operators.

The preparedness situation is also monitored by inspections and thematic reviews. Furthermore, the Digital Operational Resilience Act (DORA), which entered into force in January 2025, harmonises requirements for the digital resilience of the financial sector across the EU.

• Thematic review: Preparedness situation (in Finnish)

Artificial intelligence was used in writing the article. However, the article was finalised and reviewed by FIN-FSA’s specialists.