Euronet places a high priority on our Information Security system, which functions as our Business Continuity System. To ensure business continuity and mitigate risks, we have implemented an Information Security policy aligned with the ISO 27001 Information Security Standard and industry best practices. Understanding the significance of a strong Business Continuity Management (BCMS), Euronet has established this to proactively prepare for and respond to potential disruptive events that may affect our operations, including cyber-attacks.

Euronet employs a systematic approach to effectively implement its BCMS. By implementing a BCMS, the company is better equipped to respond to disruptive events and maintain critical operations. This not only helps protect employees’ assets but also ensures that they can continue to meet the needs of our customers and business partners, even during challenging times. Euronet’s commitment lies in establishing a resilient BCMS that adheres to international standards and industry best practices. Through a methodical approach and a focus on preparedness, we ensure we are thoroughly equipped to effectively respond to a potential disruptive event that may arise.

Euronet mitigates cybersecurity risks through access control, training, updated policies, and integration of protective technologies. Their proactive defense-in-depth strategy identifies and resolves threats promptly. The Euronet cybersecurity team plays a crucial role in monitoring and detecting fraudulent activities in real time. By utilizing sophisticated analytic tools and graph visualization of pattern behavior and networks, we can identify suspicious transactions and take immediate action.

We monitor billions of international transactions in real time, which allows for prompt detection of potentially fraudulent activities. This also enables the team to immediately identify and freeze fraudulent transactions. By bringing such activities to an abrupt halt, this prevents financial losses and protects our customers from becoming victims of fraud.

Euronet’s cybersecurity team conducts thorough and comprehensive investigations enabling us to gain access to relevant information and data surrounding the suspicious activity and helps the team understand the underlying patterns and networks involved in the fraudulent activity; thus, enabling them to identify fraud networks, and potentially assist law enforcement in prosecuting criminals. Not only does this method of protection stop ongoing fraud but it also proactively prevents future frauds by assisting in dismantling fraudsters’ infrastructure.

Euronet has implemented state-of-the-art anti-skimming devices or encryption technology across our ATMs, POS terminals, websites, and apps to enhance security and prevent unauthorized access to sensitive information. Beyond these measures, Euronet regularly reviews and enhances our security protocols, collaborates with industry partners and regulatory authorities, and invests in the latest technologies to stay ahead of evolving threats.

Euronet believes that protecting the rights and privacy of all personal data they handle is fundamental to trust in its business relationships. Euronet is committed to complying with international data protection laws, including the European General Data Protection Regulation (“GDPR”), the privacy laws of various states of the United States of America and applicable laws across several countries for in-country data protection as well as cross-border data transmission.

Euronet has implemented a Data Security Policy which governs how personal data is processed and stored across their systems. The company has appointed a Data Protection Officer and dedicated data protection compliance people around the world to monitor and control personal
data in accordance with applicable regulations.

The GDPR’s principles (Article 5) emphasize the importance of timely destruction or anonymization of personal data. Euronet entities have adopted a corporate Data Retention Policy, which outlines retention guidelines for different types of personal data. The Privacy Office collaborates with entities, based on risk, to establish processes and practices that ensure personal data is retained only for the duration necessary to fulfill the purposes for which it was collected or as required by law.

Over the past five years, a series of protocols have been developed and refined to ensure compliance with GDPR and other emerging global data protection regulations. The model is designed with a focus on risk identification and mitigation throughout its lifecycle to ensure continuous compliance.