Swedish payments are generally safe. Payments reach the recipient and the protection of individuals' sensitive authentication and payment data is high. In 2024, the payments system has experienced few disruptions, but individual agents have been subject to attacks and have experienced disruptions. This is also confirmed by Finance Sweden, which states that recent cyber attacks have increased in strength and scope. The risk of new cyber attacks is significant, and is amplified by the heightened geopolitical risks.

Various measures have been taken to strengthen the resilience of the financial sector to digital risks, such as cyber threats. A key measure to increase resilience is the DORA regulation, which started to apply in January 2025. The regulation imposes new requirements on financial sector organisations with regard to cyber risks. However, the clearing organisation Bankgirot and the Riksbank's settlement system RIX are examples of important actors that are not covered by the DORA regulation, but which are important for the financial system. The Riksbank has previously expressed that it is important that the participants not covered by the regulation also comply with its requirements and strive for the same level of resilience.

Households and companies can also help to ensure that the payments system is well prepared. To improve the ability to make and receive payments, even if some part of the payments system is not working, it is important to have access to different payment methods. This is also emphasised by the Swedish Civil Contingencies Agency (MSB). MSB, in co-operation with the Riksbank, has produced recommendations aimed at households:

• Have accounts with different banks, cards from different card networks (such as Visa and Mastercard) and access to payment services via mobile phone (such as Swish)
• Have several alternatives to internet connection (e.g. mobile data and broadband).
• Have several options to identify yourself electronically (e.g. BankID and security token for your bank).
• Have cash in smaller denominations that will last your household for a week's purchases.
• Keep track of payment cards and PINs in case contactless payments by card and mobile phone (by "tapping" a card terminal) stop working.

Furthermore, the Riksbank encourages households to occasionally use cash for payments. In this way, households help to keep cash management going under normal conditions so that it can also function in a crisis situation or, ultimately, in war. It will also make it easier for households and companies to recognise genuine banknotes and coins.

Good that companies accept different payment methods

By offering customers multiple ways to pay, businesses can both increase customer satisfaction and ensure contingency preparedness for their company – especially when disruptions occur in a payment method. In this way, companies can also contribute to the resilience of the payments system. It is particularly important that companies selling essential goods are able to receive payments, also when regular data communications and electricity supply are not functioning. According to the Riksbank's survey on payments, 85 per cent of companies selling essential goods accept cash, which is significantly higher than the average for all companies in the survey. About the same proportion of these businesses accept card payments via Mastercard and Visa, and two thirds also offer Swish and invoice. According to the survey responses, cash and Swish are the main methods used to process payments in the event of disruptions in data communications.

Offline payments are necessary to strengthen resilience

A further way to strengthen the resilience of the payments system is by enabling various types of payment to be made offline. Being able to pay by card offline is particularly important, as card payments are the most common means of payment in physical retail sales. The actors typically involved in a card payment are the cardholder, the payee, the card acquirer and the card issuer. An offline payment occurs when one of these actors is not available via data communication. In Sweden, it is currently possible to pay by card offline to some extent, but it depends on the card you have, the agreement you have with the card issuer (i.e. the bank), the payment terminal the shop has and what is allowed in the Visa and Mastercard card networks' rules. Cardholders often lack information on whether their cards work offline and if so, what maximum amounts might apply. When an offline payment is made, a credit risk arises, as a coverage check against the customer's account at the bank cannot be performed. In Sweden, the card issuer normally bears the risk if the card is from Mastercard, while the retailer usually bears the risk if the payment is made with Visa. Offline payments can pose certain risks of both overdrafts and fraud, which makes it important that a framework for increasing the opportunity for offline payments also includes limits regarding amounts and areas of use.

The Riksbank's survey shows that only 10 per cent of companies state that they can accept offline payments by card. The percentage is higher among companies selling essential goods, where the corresponding figure is 29 per cent. The low number of companies reporting that they can accept offline payments may be due to the limited availability of terminals that can accept offline payments, but it is also likely that companies are unsure whether it works. At present, offline payments in Sweden only work with physical cards. It is therefore important to keep track of your card and PIN in case contactless payments with your mobile phone (by "tapping" your mobile phone against a card terminal) stop working. Several countries, in dialogue with the card networks, have extended the possibility of offline payments through deferred authorisation. This means that contactless payments can also be made offline. Deferred authorisation means that the transaction is authorised retrospectively, normally within 24 hours of the time of purchase.

Proposed measures to maintain the cash chain

In last year's Payments Report, the Riksbank noted that the underlying infrastructure for cash – what we call the cash chain – is vulnerable. The cash chain includes deposits and withdrawals, distribution in the form of transport, sorting, counting and storage of cash. The start and end of the chain is the Riksbank, which issues and redeems cash. Otherwise, the cash chain is mainly managed by private actors in the form of banks, the bank-owned company Bankomat and the cash-in-transit company Loomis, see Illustration 1.

Illustration 1. The cash chain

The ability to pay with cash is important, both from a contingency planning perspective and for those who, for various reasons, cannot or do not want to use digital payment services. In September 2024, the Riksbank submitted a letter to the Ministry of Finance's Cash Inquiry with a number of proposals to reduce the vulnerability of the chain and thereby strengthen the possibility to pay with cash in the future.

In the letter, the Riksbank describes how the market for cash services has changed as a result of reduced cash usage. The number of cash services has decreased and they are increasingly offered through automated services such as ATMs. On the one hand, offering cash services via ATMs is cost-effective. On the other hand, the machines do not meet the needs of many traders. For example, you cannot withdraw petty cash from ATMs. ATMs also often have limits that are too low even for small traders, around SEK 500-1,000 per day.

There is already a legal requirement for some banks to ensure that companies can deposit daily takings to an adequate extent. In line with the Riksbank's letter, the Cash Inquiry has proposed that this requirement be expanded and clarified, by giving the major banks an increased responsibility to provide appropriate and needs-based services for depositing daily takings and petty cash at reasonable prices. You can read more about the Inquiry in the section The Cash Inquiry proposes that essential goods can be paid for in cash in the chapter Many small retail businesses have stopped accepting cash.