DORA (Digital Operational Resilience Act) is a new EU law that may shift responsibility and costs for digital fraud by imposing stricter security, reporting and liability requirements on banks and financial firms, potentially changing whether banks or customers bear the losses.