Report on Fraudulent Payment Transactions in Italy - Second Half of 2024

Banca d'Italia is publishing the update on the second half of 2024 in the Report on fraudulent payment transactions in Italy today. The Report provides an update on the evolution of fraud in digital retail payments in Italy.

The analysis is based on the semi-annual reports submitted by payment service providers (PSPs) and examines the main instruments (credit transfers, debit and credit payment cards, e-money - which accounts for most prepaid cards in Italy - and ATM withdrawals), the payment channels (physical POS vs e-commerce), the geographical dimension (domestic vs cross-border), the security safeguards (strong customer authentication (SCA) vs others) and the distribution of losses between customers and payment service providers. The Report shows that fraud cases only account for a limited share of total retail transactions and that users' losses are largely mitigated by the protection mechanisms established by sector regulations. However, even if the amounts involved are relatively small, fraud remains a serious concern: preventing and reducing fraud risks in digital payments is crucial to safeguarding the integrity of the retail payment system.

The main findings of the Report are as follows:

• The fraud rate - i.e. the ratio of the value of fraudulent transactions to the total value of transactions - remains low, at 0.002 per cent for credit transfers overall, 0.017 per cent for card transactions and 0.021 per cent for e-money. Among credit transfers, instant credit transfers continue to display higher fraud rates (0.057 per cent) compared with ordinary credit transfers (0.0015 per cent).
• Remote (e-commerce) transactions with payment cards and e-money are more exposed to fraud risks than those at physical POS, but the gap narrowed in 2024 due to a decline in online purchase fraud. Fraud rates are significantly higher for cross-border transactions than for domestic transactions, particularly for payment cards and e-money.
• The 'manipulation of the payer' fraud is particularly widespread in credit transfers, but it is also on the rise in card transactions. This type of fraud is especially insidious, as fraudsters use increasingly sophisticated social engineering techniques to induce users to voluntarily arrange a payment to a fraudulent beneficiary. Unlike 'unauthorized' frauds (e.g. card cloning), which declined by 7 per cent year on year, payer manipulation frauds, often perpetrated even when transactions are SCA-supported, do not automatically trigger the reimbursement mechanisms provided for by the regulation. This makes it more difficult for users to recover the funds and shifts the burden of the loss onto them.

This highlights the importance for users of exercising great caution when using digital payment instruments. It is essential not to share confidential data and to follow the advice provided by their bank to avoid falling victim to fraud.

To strengthen fraud prevention, as of 9 October 2025, payment service providers will be required to carry out real-time verification of the IBAN and beneficiary data for credit transfers (both instant and traditional) and to alert customers to any discrepancies before authorizing the payment transaction.