Understanding DORA regulation

How to prevent and detect threats?

Download here the PDF version
a man working on his tablet

What is it?

The Digital Operational Resilience Act (DORA) is an EU regulation that aims to strengthen the IT security of financial entities (banks, insurance companies, and investment firms)and their ICT Service Providers, and making sure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption. DORA complements existing regulations such as the GDPR and NIS2 Directive.

Effective from January 17, 2025, DORA establishes stringent requirements for managing Information and Communication Technology (ICT) risks, with a particular focus on fraud prevention through enhanced cybersecurity standards.

ICT = Information and Communication Technology. DORA = Digital Operational Resilience Act. GDPR = General Data Protection Regulation. NIS2 = Network and Information Systems Directive.

1,400%

Experts predict that deepfake attacks will continue to rise at an alarming rate, with some reports indicating a staggering increase of up to 1,400% in deepfake attacks recorded by certain cybersecurity firms in early 2024.

Source: https://www.biometricupdate. com/202501/2025-deepfake-threat-predictions-from-biometrics-cybersecurity-insiders

53%

Cyber extortion incidents targeting small and medium businesses (SMBs) have surged by 53% year-overyear, indicating a growing vulnerability within this sector that can also affect larger organizations due to supply chain interdependencies.

Source: https://newsroom.orange.com/ securitynavigator/

$633 million

Fraudulent Transactions: In the first half of 2023, there were about 7.31 million fraudulent card transactions using cards issued in the EU/EEA, with card fraud alone amounting to €633 million.

Sources: https://www.theglobaltreasurer. com/2024/08/07/eu-payment-fraud-topse4-3-billion-but-new-security-measuresshow-promise/ and https://newsroom. orange.com/securitynavigator/

Phishing frauds

In 2024, global phishing attacks surged by 34% compared to 2023, with millions of new phishing sites reported monthly. Email-based threats remain prevalent, with 91% of cyberattacks starting from phishing emails.

Source: https://hoxhunt.com/guide/phishing-trends-report

Specific Targets

The finance and insurance sectors were particularly affected, facing 27.8% of overall phishing attacks. In the third quarter of 2024, social media was the most targeted sector, accounting for 30.5% of phishing attempts worldwide.

Sources: https://www.statista.com/statistics/266161/websites-most-affected-by-phishing/ https://www.zscaler.com/blogs/security-research/phishing-attacks-rise-58-year-ai-threatlabz-2024-phishing-report

a lock on a computer

While DORA does not specifically name threats, the framework it establishes is designed to enhance the resilience of financial entities against a wide range of cyber risks, including those posed by phishing, impersonation, and malware.

Tackle new challenges with AI-driven security solution Digital Security Suite

a woman who uses AI

In response to these challenges, Worldline has developed Digital Security Suite, offering a device intelligence solution based on AI and machine learning, specifically designed to combat fraud and identity theft for our customers. Our solution has the capability to protect all devices against various types of fraud during sensitive operations such as authentication, payment, and digitalization of sensitive use cases. Furthermore, our solution is built exclusively on device-based intelligence and does not depend on payment habits.

All fraud risks are covered!

Malware

Any type of software designed to harm a computer system, disrupt its operations, steal information, gain control or cause other damage to data, devices or users.

Bad faith

A payer who refuses to acknowledge that they have actually validated the transaction. The bank has 10 days to prove negligence or bad faith.

Phishing

A payer who refuse to admit that they have actually validated the transaction. The bank has 10 days to prove negligence or bad faith.

Account takeover

An unauthorised access and control of a user’s account by an unauthorised individual or entry. This occurs when a malicious actor gains access to a person's login credentials.

Mobile SIM Swap

Fraud technique that involves transferring a victim’s phone number from their original SIM card to a new SIM card controlled by an attacker.

Authorised push payment

A payer is misled into authorising a transfer of funds to a scammer or fraudster.

Social engineering (app scams, impersonation, etc)

Tactic of manipulating, influencing, or deceiving a victim in order to steal personal and financial information.

More information on our solution:

Learn more Opens in a new tab

Utilising AI to protect your users’ devices

#

How will our solution respond to concrete fraud use cases?

Phishing

What is it?

The process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email, SMS text messaging, or by phone. The message will prod the victim into revealing sensitive information, clicking on links to malicious websites.

What is the role of AI?

Phishing attempts have become more sophisticated. AI can create highly personalised messages that closely mimic legitimate sources, increasing the chances of victim engagement. 

Additionally, AI automates content generation, enabling fraudsters to scale operations and target numerous individuals.

phishing user case infographic

Impersonation

What is it?

Impersonation fraud is a type of deception where an individual pretends to be someone else to gain access to sensitive information or financial resources.

For example, when a fraudster misrepresents himself himself as a legitimate bank employee to urge the payer to issue a bank transfer.

What is the role of AI?

Facilitated by AI and social engineering techniques, impersonation fraud can involve fake emails, phone calls, or even AI-generated voice mimicry. 

Attackers create a sense of urgency, playing on victims’ emotions to lower their guard. The result is often financial loss and compromised personal data, making it a prevalent and dangerous form of fraud in today’s digital landscape.

Impersonation user case infographic

Combine fraud prevention and fraud detection for a complete cybersecurity policy to protect internal cases (CEO fraud, vendor fraud, …), but also payment processing frauds (impersonation, e-commerce, …). 

prevention and detection infographic

Would you like to learn more?

Simply fill in a few details and our experts will get in touch.

modern businesswoman looking at the camera while holding a digital tablet
* Mandatory fields
Country
MarketingOptin

By submitting this form, I confirm that I have read and understand the terms of use from Worldline, and that Worldline will process my personal data as stated in the privacy policy.