Digital Security
CERTFin
Italian banks are facing the numerous cyber threats with increasing commitment, adopting increasingly sophisticated measures to protect their systems and sensitive customer data. The Italian Banking Association actively contributes to the fight against cybercrime, collaborating with public and private actors involved in ensuring IT security.
In 2017, ABI, Banca d'Italia and ABI Lab set up CERTFin, one of the first CERTs (Computer Emergency Response Teams) dedicated to the financial sector worldwide. Subsequently, IVASS, ANIA and CONSOB joined the project, creating a network representing all major players in the Italian financial sector.
CERTFin aims to strengthen the cyber risk management capacity of financial operators and improve the cyber resilience of the Italian financial system. It provides operational and strategic support in preventing, preparing for and responding to cyber attacks and security incidents.
Over the years, CERTFin has developed an extensive network, both at the national level, between industry members (banks, insurance companies, payment institutions, payment service providers,) and regulators, and at the international level, by cooperating with financial CERTs in other countries and fostering the exchange of experiences and best practices with bodies and structures at the European level.
Contrasto delle frodi
Computer fraud uses ever-evolving techniques that are able to bypass banks' anti-fraud systems and convince victims to cooperate unwittingly. These techniques, which combine the collection of confidential information with advanced social engineering methods, are designed to confuse and manipulate victims.
Despite the evolution of attack techniques, Italian banks are able to intercept and block fraud attempts thanks to advanced anti-fraud systems that promptly stop most suspicious transactions, with internal monitoring of transactions representing the first line of defence.
Furthermore, within the CERTFin:
- financial operators and public authorities collaborate in real time, sharing crucial information on cyber threats and cyber fraud phenomena, to rapidly identify and neutralise emerging risks;
- CERTFin members exchange fraud indicators ('alarm bells' or red flags, which signal potentially problematic situations) via an advanced technology platform (MISP), improving the timeliness of blocking fraudulent transactions and automating part of the process of sharing the information needed to combat fraud.
Computer security campaigns
The heart of online scams is often the human factor: ghackers in most cases manipulateno customers bankers for carry out frauds. That is why it is essential informationmake people increasingly aware of the risks and able to recognise them and thus defend themselves. Phen the fraudster gains the victim's trust, even the instruments prepared by banks protecting the customer are less effective.
The ABI is committed, alongside Italian banks, in awareness-raising initiatives aimed at customers: athrough the CERTFin, developa awareness campaigns aimed at both employees of the balso e financial, both ai clienti bankers (private and small and medium-sized enterprises) for Increase awareness of cyber threats and security practices to significantly reduce the risks associated with human error.
Rapporto CERTFin (mag. 2025)
Cybercrime changes skin, changes shape, but does not stop. Scenario, investments and awareness, cyber fraud on digital channels, attack modes and detection mechanisms, new attacks.
Security and computer fraud in banking
Rapporto CERTFin (mag. 2024)
Gli attacchi cyber sono in continua evoluzione, con tecniche sempre più sofisticate. Attraverso investimenti per migliorare i propri sistemi, formare i propri dipendenti, sensibilizzare la clientela, il settore bancario italiano riesce a fronteggiare le minacce ai propri sistemi e a proteggere le operazioni online dei propri clienti.
Security and Computer Fraud in Banking
Insights
Related articles
ABI: useful tips to operate online even more protected and safe
Banks: Strengthened commitment against cybercrime and for user security
