Electronic payments
A simple beep or a click: paying by card is convenient and swift, both in shops and online. The same applies to bank transfers and direct debits. These electronic payments can truly make your day a little easier. However, to use them securely, it is essential to understand how they work, the risks involved, and how you can protect yourself if problems arise.
What are electronic payments?
Electronic payments are cashless transactions, for which you use:
- a credit transfer, either traditional or instant;
- a direct debit, meaning an 'automatic' withdrawal from your current account by the creditor, for example to pay bills or loan instalments;
- payment cards, including credit cards, debit cards (also known as 'Bancomat') and prepaid cards.
You make electronic payments, for instance, when you use a card at the supermarket, purchase an airline ticket online using your tablet, make a bank transfer to buy furniture, or pay a gas bill by direct debit.
If you pay by card and the amount is not known in advance (as can happen for car rentals or hotel expenses), the merchant can block an agreed sum on your card only with your consent.
For online purchases, banks and other financial operators provide various instruments, each with its own features. There is no single 'best' payment method. Payment cards are among the most widely used tools; however, e-commerce websites may also offer other options, such as direct debits, bank transfers, and electronic wallets (e-wallets). Examples of e-wallet providers include Google Pay, Apple Pay, and Samsung Pay.
Electronic wallets (e-wallets)
What is an electronic wallet? It is simply a container where you register your payment instruments, such as cards. Typically, it is an application downloaded onto your mobile phone. When you make a payment, you open the wallet and choose which instrument to use from those stored. In this way, via your account, you can complete payments in seconds at shops, online stores, or your favourite websites.
The service managing the e-wallet - Google Pay, Apple Pay, Samsung Pay - never replaces the card issuer (i.e., the company or bank that issued your card, such as American Express) and never takes possession of your funds.
If you have doubts about the reliability of the wallet provider, you should first contact the issuer of the card you wish to link to that wallet.
Closed circuits
Among electronic payment methods are those involving money transfers via credit transfer; PayPal and Satispay are examples. The distinguishing feature of these systems is that they operate on a closed circuit: typically, both the customer and the online merchant hold an account with the service provider.
Security of electronic payments
An important safeguard introduced by the European Union to enhance the security of electronic payments is Strong Customer Authentication (SCA). This procedure requires you to confirm your identity ('authenticate') by providing at least two independent 'factors', chosen from:
- something only you know (a password or PIN);
- something you possess (a token or mobile phone);
- something that uniquely identifies you (for example, a fingerprint).
An example of SCA is the request for a password (something you know) and a random numeric code generated by your phone (something you possess). As a rule, banks and financial operators must apply this authentication procedure, though there are exceptions, for example for low-value payments.
For online payments, an additional protection is in place: not only are you authenticated, but also the payment amount and the payee are verified, through a security process that the bank uses to 'lock' all payment information.
Risks
To avoid falling victim to fraud when paying online, or to limit losses from theft or scams, it is important to be aware of the risks associated with online payment tools (such as cards) and to take appropriate precautions. First and foremost, remember that you are obliged to carefully and diligently safeguard the payment instruments and login credentials you use (such as usernames and passwords). For example, only you should know your card's PIN; therefore, always be cautious when entering it at a shop's POS terminal or at an ATM. For the same reason, never keep a note of your PIN together with your card.
If your card is contactless (where you pay by holding it near the POS terminal), we recommend maintaining a reasonable distance from others in crowded places. Contactless cards allow payment in some cases without entering the PIN or inserting the card into the terminal, thanks to radio waves. It is unlikely that a payment would be triggered automatically; however, there are very small portable devices that a fraudster could use to attempt unauthorised payments with this technology.
It is also advisable to activate SMS alerts or app notifications for payments and withdrawals: you will receive immediate and automatic notifications of every transaction.
SIf an online purchase freezes after entering your card details, it is prudent not to retry immediately to avoid being charged twice. If possible, wait a short while and check if the payment went through: you can contact your bank or check your card statement online.
Furthermore, avoid the temptation to use the same login credentials (username and password) for all websites requiring registration, or to allow automatic password saving in your browser. Such behaviours increase your vulnerability to cyber-attacks.
You may face further risks if you connect to the internet via insecure networks. Two tips: ensure you browse on a secure network - some browsers show a padlock icon to the left of the address bar ('URL'), before 'https', but be cautious, as fraudsters sometimes replicate it on fake sites. Also, avoid making payments when connected to public or open Wi-Fi networks (i.e., those without password protection), or when using shared computers or stations in potentially unsafe locations such as hotels and internet cafés.
What to do in case of theft or loss of your card, or unauthorised transactions? Notify your bank immediately, report the incident promptly to the police or Carabinieri, and block your card by contacting the issuing company (usually there is a dedicated phone number). This will increase your chances of obtaining a refund.
For further information, you can consult the European Commission leaflet and Banca d'Italia's guide 'E-Commerce Payments Made Easy'.