Authorized Fraud: A Growing Challenge for Italy’s Fraud Prevention

Despite Italy’s robust cybersecurity infrastructure, the country hasn’t been immune to the rising tide of digital fraud.

In recent years, online scams have surged, exposing vulnerabilities even in well-developed systems. Let’s delve into Italy’s current fraud landscape and explore the challenges it faces. 

 Italy’s growing digitalization has made it an increasingly attractive target for cyber attackers. As more aspects of daily life move online, cyber risks for users have risen sharply as the rapid adoption of digital platforms created more opportunities for scammers to exploit. 

Authorized fraud on the rise 

Italy’s fraud landscape continues to evolve, with recent data underscoring the scale of the challenge. In 2022, online scams resulted in losses totaling €114 million. By 2023, that figure had surged to €137 million—a substantial 20% increase in just a year. 

The disparity between authorized and unauthorized fraud losses is especially alarming. In 2023, authorized fraud losses were 13 times higher than those from unauthorized fraud. Victims of authorized fraud reported average losses of €995, compared to just €75 for unauthorized fraud, which typically involved compromised cards.   

The first half of 2024 brought yet another surge in online fraud, which skyrocketed to €114 million—a staggering 71% increase compared to the same period in 2023. Interestingly, the number of cases only grew by 10%, revealing a sharp rise in the average financial impact per incident. 

What types of fraud do Italians fall for?  

When it comes to the types of scams prevalent in Italy, online shopping scams rank among the most common. According to the organization Consumerism Nonprofit, 12.7 million Italians—one in five citizens—have fallen victim to at least one online shopping scam. This figure is even higher among young people aged 25 to 34, with one in three (33.1%) admitting that they have fallen for such scams. The average loss is relatively low, at €382 per case. 

From a financial impact perspective, impersonation scams are the most damaging tactic. These schemes, where fraudsters often pose as bank employees or police officers, result in the highest average loss per victim—€3,010, according to Revolut. 

The pretext is a well-known one: fraudsters claim there has been malicious access to the victim’s account. They then convince the victim to transfer their money to a “safe” account, which is, in reality, a money mule account. Another common tactic targeting Italian consumers involves impersonating family members, typically children or grandchildren. In this scenario, fraudsters pose as a relative in distress—having allegedly lost their wallet, mobile phone, or credit card—and request money to resolve the situation. 

Job and employment scams also result in significant financial losses, averaging €2,121 per victim in Italy. Close behind are investment scams, with victims losing an average of €2,112 each. Romance scams are another costly type of fraud, with Italian victims reporting average losses of €1,846 per case. 

Sophistication leads to more data stolen 

Phishing, smishing, and vishing are now among the most common techniques used to deceive consumers—and Italy is no exception. These schemes often involve emails or messages impersonating authorities or well-known entities to steal sensitive information, such as login credentials and passwords. Additionally, phishing emails and fake websites are often used to distribute malware. 

The common thread across these techniques is their growing sophistication, driven by the use of generative AI to craft convincing phishing messages and deepfake videos, further amplifying the perceived credibility of these schemes. This level of realism often persuades victims into transferring significant sums of money. 

The trend is alarming: Italy ranks third globally for stolen or compromised login credentials, according to IBM’s X-Force Threat Intelligence Index. For Italian companies, the average cost of an attack involving credential theft or compromise stands at approximately €3.4 million.  

Italy’s countermeasures against cybercrime 

Italy is actively combating cybercrime through initiatives like the OF2CEN platform, a project developed in collaboration with the Italian Banking Association (ABI). This platform enhances the fight against cybercrime by enabling real-time data sharing. It allows for the immediate freezing of funds obtained through fraudulent activities, facilitates detailed analysis of financial flows and digital evidence, and acts as a vital link in international law enforcement collaboration. 

In 2024, in response to the surge in fraud and the increasing need for stronger measures to deter offenders and protect victims in an increasingly vulnerable online marketplace, Italy introduced a new amendment to the Cybersecurity Bill. This amendment defines “online scam” as a specific crime, enforces stricter penalties, mandates the confiscation of devices used in scams, and permits asset seizures to compensate victims. 

Italy is also planning a significant crackdown on cybercrime, according to a draft decree, following recent incidents of alleged hacking into major state and financial databases. The proposed legislation aims to strengthen the powers of the chief anti-mafia prosecutor, who will oversee all investigations into extortion cases stemming from unauthorized access to computer systems or fraudulent telematic wiretaps. 

The role of fraud detection systems 

The OF2CEN platform is a cornerstone of Italy’s efforts to combat cybersecurity and financial fraud, highlighting how technology can address complex, large-scale threats. Beyond this, technology holds significant promise for advancing fraud prevention in other areas as well.  

The first line of defense against fraud is the bank’s own fraud detection system. These systems are designed to monitor, analyze, and flag potentially fraudulent transactions, leveraging internal algorithms and customer data tailored to the specific needs, transaction volumes, and risk profiles of each bank. 

While banks benefit from insights provided by OF2CEN, their internal systems remain autonomous in decision-making and response execution. It is crucial that these systems, along with other protective measures, adapt to the evolving online fraud landscape, including the rise of scams, social engineering tactics, and the growing sophistication of these attacks. 

How behavioral intelligence can help banks 

Behavioral intelligence-based systems offer a reliable solution for Italian banks to tackle modern digital fraud, including sophisticated tactics such as authorized payment fraud, remote access intrusions, and mobile malware. 

For example, ThreatMark’s behavioral intelligence can effectively prevent account takeover (ATO), a common consequence of stolen data—an issue that is particularly prevalent in Italy. By analyzing customer behavior patterns, application usage, device data, and other indicators, ThreatMark identifies deviations from normal activity that might signal unauthorized access. 

This integrated approach, which combines various data points, enables a more nuanced understanding of each customer’s digital habits. As a result, behavioral intelligence proves effective where other fraud detection systems may fall short—for instance, in cases of social engineering and authorized payment fraud. This includes prevalent schemes such as bazaar fraud, investment fraud, romance scams, and cases of impersonation. 

The Behavioral Intelligence Platform also includes active phishing site detection, provided through the dedicated Cyber Fraud Fusion Center. This service safeguards not only individual users but also the bank’s entire customer base, helping to maintain trust and protect the institution from reputational damage. 

Learn More About Behavioral Intelligence