Rising Cyber Frauds in Costa Rica Prompt Regulatory Response
Victims report significant financial losses amid emerging security regulations aimed at preventing online banking fraud.
On December 26, Anayanci Sanabria became one of the latest victims of a cyber fraud scheme that has increasingly plagued online banking in Costa Rica.
In a matter of two minutes, Sanabria lost $4,000, equivalent to over ₡2 million, as she attempted to make payments through the official website of the Banco de Costa Rica (BCR).
Sanabria's experience is emblematic of a broader trend, as investigations related to the fraudulent activities known as 'Operation Nexus' revealed that a group had successfully impersonated the BCR's website, resulting in losses totalling ₡35 million for various users.
Reports indicate that in 2025 alone, an average of 37 individuals per day have fallen victim to similar online banking scams.
From 2020 to 2024, electronic fraud cases have surged by 668.05%, with 4,545 instances recorded in just the first four months of the year.
This worrying trend has prompted regulatory scrutiny, leading to a recently enacted guideline titled 'Minimum Control Aspects to Prevent and Mitigate the Occurrence of Computer Frauds'.
Effective June 1, the regulation mandates banks to implement minimum security controls to protect users from cyber fraud, while also requiring the Superintendence of Financial Institutions (SUGEF) to review grievances from clients that are not addressed satisfactorily by their banks.
Sanabria's case reflects the discontent among consumers, as many navigate complex and often unresponsive banking systems.
After reporting her case to the Organismo de Investigación Judicial (OIJ) and trying to freeze her accounts, she faced a frustrating process with the BCR, which she claims took an unreasonable amount of time to address her complaints.
According to Sanabria, bank representatives hinted at her responsibility in the theft, indicating a failure on her part in securing her account, despite her insistence that she followed proper protocols.
In parallel to Sanabria’s experience, the Defensoría de los Habitantes, an independent human rights institution, has voiced concerns regarding the effectiveness of the new regulations.
Questions remain regarding the adherence of these measures to international standards, whether banks will be held to an objective liability standard, and the timeframe for bank responses to customer claims.
The regulatory challenges extend beyond individual losses to broader implications for the Costa Rican economy, where increasing cases of fraud undermine consumer confidence.
Amid rising concerns for cybersecurity, the BCR responded to inquiries about accountability and user safety, asserting that no breaches occurred on their end and that safeguarding personal data is ultimately a user responsibility.
Simultaneously, Costa Rica faces another layer of complexity regarding financial security, as issues of money laundering connected to drug trafficking have come into sharper focus.
The estimated annual amount of laundered money attributed to drug-related activities stands at approximately $4.2 billion.
Criminal enterprises employ diverse methods—spanning from real estate transactions to automotive sales—to integrate illicit proceeds into legitimate markets.
Legislators and regulators are grappling with the challenge of addressing these interconnected issues while also enhancing protections against cyber fraud.
This multifaceted landscape calls for advanced regulatory frameworks and cohesive partnerships to protect consumers and bolster the integrity of the financial system in Costa Rica.
In a matter of two minutes, Sanabria lost $4,000, equivalent to over ₡2 million, as she attempted to make payments through the official website of the Banco de Costa Rica (BCR).
Sanabria's experience is emblematic of a broader trend, as investigations related to the fraudulent activities known as 'Operation Nexus' revealed that a group had successfully impersonated the BCR's website, resulting in losses totalling ₡35 million for various users.
Reports indicate that in 2025 alone, an average of 37 individuals per day have fallen victim to similar online banking scams.
From 2020 to 2024, electronic fraud cases have surged by 668.05%, with 4,545 instances recorded in just the first four months of the year.
This worrying trend has prompted regulatory scrutiny, leading to a recently enacted guideline titled 'Minimum Control Aspects to Prevent and Mitigate the Occurrence of Computer Frauds'.
Effective June 1, the regulation mandates banks to implement minimum security controls to protect users from cyber fraud, while also requiring the Superintendence of Financial Institutions (SUGEF) to review grievances from clients that are not addressed satisfactorily by their banks.
Sanabria's case reflects the discontent among consumers, as many navigate complex and often unresponsive banking systems.
After reporting her case to the Organismo de Investigación Judicial (OIJ) and trying to freeze her accounts, she faced a frustrating process with the BCR, which she claims took an unreasonable amount of time to address her complaints.
According to Sanabria, bank representatives hinted at her responsibility in the theft, indicating a failure on her part in securing her account, despite her insistence that she followed proper protocols.
In parallel to Sanabria’s experience, the Defensoría de los Habitantes, an independent human rights institution, has voiced concerns regarding the effectiveness of the new regulations.
Questions remain regarding the adherence of these measures to international standards, whether banks will be held to an objective liability standard, and the timeframe for bank responses to customer claims.
The regulatory challenges extend beyond individual losses to broader implications for the Costa Rican economy, where increasing cases of fraud undermine consumer confidence.
Amid rising concerns for cybersecurity, the BCR responded to inquiries about accountability and user safety, asserting that no breaches occurred on their end and that safeguarding personal data is ultimately a user responsibility.
Simultaneously, Costa Rica faces another layer of complexity regarding financial security, as issues of money laundering connected to drug trafficking have come into sharper focus.
The estimated annual amount of laundered money attributed to drug-related activities stands at approximately $4.2 billion.
Criminal enterprises employ diverse methods—spanning from real estate transactions to automotive sales—to integrate illicit proceeds into legitimate markets.
Legislators and regulators are grappling with the challenge of addressing these interconnected issues while also enhancing protections against cyber fraud.
This multifaceted landscape calls for advanced regulatory frameworks and cohesive partnerships to protect consumers and bolster the integrity of the financial system in Costa Rica.