ABI and the State Police promote a Vademecum with useful advice to always maintain a high level of attention to the protection of personal data.
These are a few simple tips and good practices, provided with simple and direct language to reduce vulnerability factors and potentially risky behaviors.
The project was carried out by the Banking Association in collaboration with prestigious and qualified interlocutors such as OSSIF (ABI's research center on anti-crime security), CERTFin (the public-private cooperative initiative directed by ABI and the Bank of Italy aimed at increasing the cyber risk management capacity of banking and financial operators), the Postal Police and Consumer Associations (ACU, Adiconsum, Adoc, Asso-Consum, Assoutenti, Casa del Consumatore, Consumer Protection Center (CTCU), Cittadinanzattiva, Codacons, Confconsumatori, Federconsumatori, Consumer League, Citizen Defense Movement, Consumer Movement, Union for the Defense of Consumers (UDICON), National Consumers Union).
The Vademecum, now easily available on the website of the Banking Association in the dedicated section https://www.abi.it/Pagine/Mercati/Crediti/Crediti-alle-persone/Le-guideabi.aspx and on the Postal Police portal www .commissariatodips.it joins the tools and initiatives already implemented in the field of security by ABI, institutions and individual banks. An example is the communication campaign launched in recent months "I Navigati" on good practices to be adopted for an "informed and safe" use of digital tools and channels.
Finally, in addition to providing information on how to best behave in order to act safely, the Vademecum also offers information on what to do when you are a victim of scams.
Here are the 12 simple steps to follow to protect your identity:
1. In case of loss or theft of personal documents, go immediately to the police authorities in charge to file a complaint. In case of theft or loss of credit and / or debit cards, after having ordered the blocking by calling the number made available, the report must also be communicated to your bank.
2. Be very careful in disposing of paper documents that contain personal information (e.g. bank statements, households): it is advisable to make sensitive data contained in documents illegible before trashing them.
3. Carefully protect the credentials for accessing online accounts and the codes of credit and / or debit cards and all other access codes (eg SPID); if you choose to save this data on your devices (eg computer and / or mobile phone) make sure that they are adequately protected (eg encrypted). In the same way, the credentials and codes that are useful for having one's digital signature must always be carefully guarded.
4. Safeguard their payment cards equipped with cd technology. "Contactless" (ie those for which the insertion in the POS is not required to carry out the transaction), with shielded cases (aluminum coated) to minimize the possibility of being victims of scams that involve reading the chip [eg. with RFID communication (identification with radio frequency) and NFC (identification through proximity communication)]. However, it should be remembered that there are rules that limit risks: the PIN is always required for POS operations above 50 euros; after 5 consecutive payments to the POS without entering the PIN, the next one, even if of a small amount, requires strong customer authentication (so-called SCA), that is, the insertion of the secret code / PIN; similarly, if the amount of payments arranged at the “contactless” POS starting from the date of the last application of the SCA exceeds a total of 150 euros, the secret code / PIN must be entered.
5. Frequently change login credentials (passwords) to enter online accounts and avoid using passwords that could be easily identified by fraudsters (e.g. date of birth). In general, a password, to have a level of security considered to be adequately protective, must be characterized by uppercase and lowercase letters, numbers and special characters.
6. It is important to learn to recognize authentic messages from fraudulent messages. Banks: they never ask, either by e-mail, by telephone, or by text message, for the credentials to access the account and the codes of the customer's cards. If you receive requests of this type, notify your bank to confirm that it is not involved in sending and avoid giving any feedback to the request received; they never send e-mails containing links except as part of a process initiated by the user (eg modification of personal e-mail, updating of identification document). If the customer receives a message with a link from the bank without prior request from him, it is necessary to notify his bank to confirm that he is not involved in the sending and to avoid giving any feedback to the communication received.
7. Whenever you use a public computer to access your online account, you must then remember to log out. Furthermore, it is always preferable to type in the online address of your bank yourself and not to click on already stored addresses. If the connection is public, there is a greater risk that possible attackers will exploit the previously opened connection to steal information.
8. Fraudulent messages often contain malicious links (through which the computer and / or mobile phone are hacked) or links to redirect the user to clone sites (used to steal personal information). For this reason, it is imperative that you never click on these links.
9. Be wary of alleged operators who contact potential victims claiming they need personal, banking or credit information to verify identity or to know where to send packages, money, fake winnings or documents related to justice.
10. If your mobile phone is no longer able to make / receive calls, check the reasons by contacting your telephone operator: you could be the victim of a fraud carried out by exchanging your phone card (or a scam called Sim Swap).
11. Use social media channels with care and prudence and above all never communicate and never share personal or financial data through these channels.
12. Choose an antivirus program and always keep it up to date, regularly install updates of the operating system used in order to protect all equipment and devices in use from malware infections.