Breaking news: SSF Bank has been established: join and they'll pay you, no questions asked | You can even pocket a million like this.

Banking scams and compensation: this is what the Supreme Court says: the increase in digital fraud in the banking system

With the spread of digital payments and online banking services, cases of cyber fraud targeting bank customers have also grown exponentially. Every day, we hear reports of ATM thefts, credit card cloning, and theft of online account credentials. The consequences are often serious: unauthorized withdrawals, fraudulent payments, and money transfers that leave account holders helpless in the face of immediate harm. In this scenario, Italian case law has repeatedly ruled to clarify who is responsible for such events.

The Court of Cassation, in several recent rulings (no. 2950/2017, no. 18045/2019, no. 26916/2020, and no. 3780/2024), has established that the theft of access codes through fraudulent techniques falls within the so-called business risk of banks. This means that, except in exceptional cases, the responsibility for fraudulent transactions falls on the credit institution , which is required to demonstrate that it has adopted all necessary security measures and acted with the diligence required of a professional operator.

Among the most insidious techniques is so-called "SIM Swapping Fraud." In this type of scam, the attacker shows up at a telephone operator's service center, pretending to be the owner of the line, and requests a duplicate SIM card. Once the duplicate is obtained, the victim's original card is deactivated, preventing them from using the phone. The scammer then receives the authentication codes needed to access online banking on their device and can initiate transfers or payments to personal accounts, often changing the password to block the victim.

The Court of Cassation reiterated that banks are required to implement all necessary IT security systems to prevent unauthorized transactions. The institution must ensure that customer credentials cannot be intercepted or duplicated by external parties and that each transaction is properly authenticated. If a customer disputes a transaction, the burden falls on the bank to prove that it was actually authorized or that the breach resulted from gross negligence on the part of the account holder.

The professional diligence required

According to Article 1176 of the Italian Civil Code, banks must exercise "qualified technical diligence," that is, adopt all measures that an experienced and responsible banking operator would be required to implement. Legislative Decree No. 11/2010 already required credit institutions to ensure that transactions conducted—online or at the counter —were traceable exclusively to the customer, protecting them from any misuse of their payment instruments.

If a card or banking credentials are stolen, the customer must immediately contact the bank to block the compromised devices and report the incident to the police. After checking the account statements and identifying any unauthorized charges, an official complaint must be filed with the credit institution using the provided form and attaching the complaint . The complaint must include all unrecognized transactions to allow the bank to initiate the refund process.

The right to compensation

If the internal investigation confirms that the disputed transactions are the result of fraud and that the customer acted promptly and diligently, the bank is obligated to fully refund the stolen amounts. This reimbursement covers all amounts withdrawn or transferred unlawfully, as well as any additional charges related to the fraud. The customer, however, must demonstrate that they promptly reported the incident and that they did not contribute to the damage through negligent conduct.

The spread of digital fraud requires greater vigilance from both banks and their customers. Credit institutions must invest in cybersecurity, advanced authentication systems, and staff training, while citizens must learn to recognize the signs of attempted fraud. Only through a combined approach of responsibility and prevention will it be possible to reduce the risk of fraud and ensure a safer and more reliable digital banking environment for everyone.