Security in electronic payments

Cards and bank transfers: are they safe?

Let's face it, electronic payments are convenient. Paying with a debit or credit card allows us to settle our debts in an instant while bagging the items we've purchased, at the supermarket, for instance. We don't even need to count the change since we always pay the exact amount. Making a bank transfer, another form of electronic payment, helps when a card can't be used, for example, when we want to contribute to a friend's birthday gift or for significant expenses, like purchasing a car.

However, using electronic tools isn't without risks, and attempted scams are always just around the corner. Scammers are constantly at work, devising more sophisticated strategies over time to bypass checks and break through our defences. In some cases, they try to steal private information such as credit card numbers, PINs, or passwords, often contacting people via email, messages or phone calls. By using this stolen data, scammers can make unauthorized payments. In other cases, they try to convince someone to make a payment in good faith, making them believe they are sending it to a real person, such as a friend, child or grandchild in trouble, when in reality, the money goes to the fraudster or an accomplice.

What the data tell us

According to the Report on Fraudulent Payment Transactions published by Banca d'Italia, fraud involving electronic payment instruments is marginal overall compared with the total number of payment transactions carried out in Italy. However, when focusing on cards and bank transfers, some distinctions need to be made.

Bank transfer fraud is extremely rare: it affected one transaction out of every 100,000 made in 2024. For cards, however, fraud affected 10 transactions per 100,000. Similar considerations hold if we look at the relationship between the amount of funds defrauded and the total amount transferred: one euro for bank transfers and €19 for cards for every €100,000.

However, we must bear in mind that bank transfers typically involve higher amounts: €3,500 compared with €86 for cards. This means that, although bank transfer frauds are rarer, when they do occur, the losses are higher.

How to protect ourselves

The law protects us: if we notice payment transactions on our bank statement or phone notifications that we don't recognize, we can dispute them and ask our bank for a refund, which it is generally required to pay unless it can prove we acted incorrectly. We customers also have obligations under the law: we must safeguard our cards, codes, and credentials as carefully as we protect the cash in our wallet.

Never give out your codes and passwords to anyone

Never click on links received via email or SMS

Never share your data with someone who calls claiming to be from your bank

If we act negligently, for instance, if we leave our PIN with our card in a wallet that is stolen, we most likely won't get any compensation! Additionally, if we want to dispute payments, we need to act as soon as possible and, in any case, within 13 months of the date the payments were charged to us: the sooner we act, the greater our chances of being refunded!

Does disputing a payment work?

Here, too, we must make distinctions based on the type of fraud we fall victim to.

Generally, intermediaries must bear the losses: in the case of unauthorized payments, i.e. those made directly by the scammer as a result of illegal actions such as credential theft, cloning or counterfeiting, or in the case of modifications to payment orders, where the fraudster intercepts and alters a legitimate payment order during the electronic communication between the payer's device and the bank. It is less likely that they will bear the losses when the payer is a victim of manipulation: in this case, the victim themselves bypasses all the protections offered by technology and authorizes the payment after being persuaded by the fraudster, who often emphasizes an urgent or dangerous situation, or uses emotional manipulation regarding, for example, a child or grandchild supposedly in trouble.

This explains the different reimbursement rates for bank transfers and cards: for the former, where manipulation of the payer is the predominant type of fraud, users bear, on average, 90 per cent of the losses, whereas the percentage drops to 40 per cent for cards, where unauthorized payment fraud is more common.

Summary

Our payment system is secure, and the use of certain technological safeguards, like SCA (Strong Customer Authentication), has made life harder for fraudsters. For bank transfers, the fraud rate is extremely low, but the amounts lost are generally higher. In the case of cards, frauds are still rare but relatively more frequent and involve smaller amounts.

Additionally, even in the event of a fraud, we can always dispute the payment and get a reimbursement if we've behaved correctly. However, we must choose the person to whom we want to send money carefully, especially via bank transfers, because generally speaking, the bank will not take responsibility for our mistakes.