Circle disrupts payments, security takes center stage

Circle, a major player in the stablecoin market with its $60 billion USDC, is stepping beyond the crypto realm to launch a new global payments and remittance network. This initiative is designed to challenge traditional payment giants like Visa and Mastercard by offering faster, cheaper, and more transparent cross-border payment solutions.

While this move promises to reshape the future of payments, it also introduces critical cybersecurity considerations for financial institutions and fintechs. Circle’s new network, unveiled at its New York City headquarters, aims to serve banks, fintechs, and remittance firms. Circle’s CEO, Jeremy Allaire, emphasized the network’s potential to modernize global money movement.

Key features of Circle’s new payments network

The newly launched payments network, known as CPN, facilitates 24/7 real-time settlement for financial institutions and service providers. Instead of directly moving funds, CPN acts as a coordination layer, connecting various institutions to enable programmable and compliant transactions. Circle highlights that CPN supports use cases like invoice payments, remittances, payroll, and treasury operations, emphasizing its programmable, secure, and always-available nature.

Circle has partnered with over 20 organizations, including dLocal, WorldRemit, BVNK, and Yellow Card, for the network’s launch. Nikhil Chandhok, Circle’s Chief Product and Technology Officer, described CPN as a tool for payment providers to expand into new markets.

Market context and competition

Circle’s move occurs amid growing global traction for stablecoins and evolving regulatory frameworks, creating an opportunity to modernize global money movement. While USDC is a significant player, it currently lags behind Tether’s (USDT) market share. As of Q2 2025, USDC’s market capitalization was $60.17 billion, compared to USDT’s $144.05 billion. Circle aims to leverage transparency, compliance, and functionality to bridge this gap.

IPO plans

The network launch coincides with Circle’s filing to go public on the New York Stock Exchange under the ticker “CRCL”. In 2024, Circle reported $1.68 billion in revenue and $155.7 million in net income.

Addressing stablecoin usability

To enhance stablecoin usability, Circle introduced the Refund Protocol on April 17. This protocol provides a non-custodial smart contract system for lockups, refunds, and third-party mediation in ERC-20 token payments, addressing the lack of traditional dispute mechanisms in stablecoin transactions.

Increased attack surface and threat vectors

Circle’s network, designed to facilitate faster, cheaper, and more transparent cross-border payments, inherently expands the attack surface for financial institutions. The interconnection of banks, fintechs, and remittance firms through this network creates new potential entry points for cyberattacks.

• API security: The network’s reliance on APIs for data exchange and transaction processing highlights the critical importance of robust API security. Vulnerable APIs can be exploited to access sensitive financial data, manipulate transactions, or disrupt payment flows.

• Real-time payment risks: The emphasis on 24/7 real-time settlement introduces unique fraud and cyberattack risks. The speed of transactions leaves less time for traditional fraud detection mechanisms to identify and prevent malicious activity.

• Cross-border complexity: Facilitating cross-border payments adds complexity to security efforts due to varying regulatory requirements, data privacy laws, and threat landscapes in different jurisdictions.

Data security and privacy considerations

The Circle payments network will handle vast amounts of sensitive financial data, making data security and privacy paramount.

• Data breaches: The potential for large-scale data breaches is a significant concern. A successful breach could result in substantial financial losses, reputational damage, and regulatory penalties for participating institutions.

• Regulatory compliance: Financial institutions operating within the network must comply with a growing number of cybersecurity regulations, including DORA, GDPR, NIS2, and PCI DSS. Failure to meet these requirements can have severe consequences.

• Privacy risks: The collection and processing of transaction data raise privacy concerns. It is crucial to implement strong data protection measures and ensure compliance with data privacy regulations.

Emerging threats and mitigation strategies

Financial institutions must be prepared to address emerging threats that could target the Circle payments network.

• AI-driven attacks: The increasing sophistication of AI-driven attacks, such as deepfakes and social engineering, poses a significant threat. These attacks can be used to manipulate transactions or deceive individuals into authorizing fraudulent payments.

• Insider threats: Insider threats remain a concern, as individuals with privileged access could exploit the network for malicious purposes. Robust access controls and monitoring mechanisms are essential.

• Cyber resilience: Financial institutions must prioritize cyber resilience to ensure they can withstand and recover from cyberattacks. This includes developing comprehensive incident response plans, conducting regular security assessments, and implementing robust security controls.

Circle’s role in security

Circle, as the provider of the payments network, also has a critical role to play in ensuring its security.

• Security standards: Circle must establish and enforce stringent security standards for all participants in the network.

• Threat intelligence: Sharing threat intelligence among participants is crucial for proactively identifying and mitigating potential threats.

• Incident response: Circle should have a robust incident response plan in place to address any security incidents that may occur within the network.

Circle’s entry into the payments arena can revolutionize the financial landscape. However, proactively addressing cybersecurity challenges is essential for financial institutions and fintechs to leverage the network’s benefits while mitigating risks.