The main specific legal rules provisions are:
- Title V-bis of Legislative Decree 13 August 2010, n. 141, as introduced by Legislative Decree 11 April 2011, n. 64 set up, under the Ministry of Economy and Finance, a public system of prevention, on an administrative level, of fraud in the area of consumer credit, with specific reference to identity theft. The ownership of the prevention system is assigned to the Ministry of Economy and Finance, while the construction and operation of the Central entrusted (Archive) to the Consap. The public system of prevention permits a checking of the data contained in the main document of identity, recognition and income, with those recorded in the databases of the reference entities, currently the Income Agency, Interior Ministry, Infrastructure and Transport Ministry, INPS and INAIL. This checking is then configured as an effective prevention tool for both total or partial "identity theft". The access to the system is currently provided by banks, financial intermediaries, providers of electronic communications services, interactive service providers or conditional access services as well as for managers of information systems and credit companies that offer similar services. It is also expected that from July 16, 2015 even insurance companies adhere to the system.
-article 494 of the Criminal Code: impersonation. It exactly says: "Whoever, in order to procure for himself or for others an advantage, or to cause damage to others, induces someone into an error, unlawfully substituting himself as another person, or by attributing to himself or others a false name, or a false state, or a quality that the law gives legal effect, shall be punished, if the offense does not constitute another crime against the public trust by imprisonment up to one year. "
-Art. 640-ter of the Criminal Code (as amended (modified) by Art. 9, par. I, letter. A) of the Law of October 15, 2013, n. 119): computer fraud. It says: "Whoever, by altering in any way the operation of a computer or electronic system or intervening without the right in any manner on data, information or programs contained in a computer system or computer or relevant thereto, procures for himself or for others unjust profit and causes damage, shall be punished with imprisonment from six months to three years and a fine ranging from EUR 51 to EUR 1,032. The penalty is imprisonment from one to five years and a fine of EUR 309 to EUR 1,549 if one of the circumstances provided by the number 1) of the second paragraph of Article 640, or if the act is committed with abuse of the system operator. The penalty is imprisonment from two to six years and a fine of EUR 600 to EUR 3,000 if the offense is committed with theft or improper use of digital identity to the detriment (damage) of one or more parties. The crime is punishable on complaint of the victim recourse action unless any of the circumstances listed in the second and third paragraph or another aggravating circumstance exist.
Additionally it applies, as appropriate, other regulatory provisions, including:
- Legislative Decree no. 11/2010 implementing Directive 2007/64 / EC on payment services in the internal market, which covers Articles. 9-12 obligations and rights of the user (customer). Specifically in accordance with the article 10 "if the user's payment service provider denies having authorized a completed payment transaction or claims that this has not been properly executed, it is the responsibility of the of payment services provider (bank) to prove that the operation-paying was authenticated, accurately recorded and accounted for and that it has not been affected by the malfunction of the necessary procedures for its implementation or other problems. " And finally, it is expressly provided for in Articles. 11 and 12 that the payment services provider is required to reimburse the payer the unauthorized amount and that the user does not bear any loss arising from the use of a payment instrument lost, stolen or misused.
- Article. 56 of the Consumer Code provides, in relation to distance contracts, concluded with a professional person, for which the payment was made by card, that "the issuing bank for payment card must accredit again the consumer payments of which he establishes the ' excess of the agreed price or the performance by the fraudulent use of their payment card by the trader or a third party. "
- The Law Code Decree of 30 June 2003, n. 196, concerning the protection of personal data, stipulates the right to privacy of personal and sensitive data as an inviolable right of the person.