For the Group's Italian banks and for some of its International Subsidiary Banks, Intesa Sanpaolo has activated an anti-fraud system that analyses all transactions carried out via Internet Banking in real time and identifies those considered to be questionable. Such transactions are then centrally verified by a specialised unit. Suspicious transactions are promptly verified to ascertain their truthfulness and accuracy, through direct contact with the customer and - when possible - those not recognised and not yet completed are revoked. If the customer cannot be contacted by telephone, the branch is notified immediately in order to find another contact method. In the event of ascertainable fraud or fraud attempt, the customer is also assisted in filing a report with the relevant authorities. All customers are informed on the rules of conduct for proper and safe use of online tools (e.g., updated antivirus software, detection of phishing emails, correct use of personal codes, etc.). An initiative was launched with Banca dei Territori aimed at defining a series of actions designed to inform customers about the risks present in e-banking, in particular with regard to phishing emails and specific e-mail communications to customers were activated. Constant monitoring of fraud resulted in the blocking of over 4.6 million euro in fraudulent transactions for retail customers and over 2.5 million euro for corporate customers.
As from 2015 onwards, the Intesa Sanpaolo Group's CERT (Computer Emergency Response Team) was launched with the goal of becoming the operational interface for critical cyber events in respect of external stakeholders, thus optimising methods, skills, investment, response times and ensuring the mandatory communication with stakeholders required by legal provisions or sector regulations.
The Group's CERT is now operating on several fronts such as collaboration with the Postal Police forces, Cyber Threat Intelligence services (FS-ISAC, Abi-Lab, BitSight, Recorded Future), internal (banks and Group companies) and external (national CERT, comprising sector CERTs, other CERTs) information sharing services and reports to the supervisory authorities in the event of serious IT security incidents.
During the year, new value-added security solutions were then issued for customers with regard to digital signature, alternative storage and certified electronic mail (PEC) services. Worthy of note is the start of the analysis activities on the initiative of citizens' digital identity management included in the government digital agenda (SPID) and those on cryptocurrencies.
Finally, as in the previous years the Bank continued to commit itself to achieving and maintaining third-party certifications of its own security and quality assurance activities as well as the adequate monitoring of the services provided (see @).