Money embezzled from home banking?Fraud is aggravated by digital identity theft

The computer fraud is combined with the aggravating circumstance of theft of digital identity, for the illegitimate use of home banking access credentials, from the pin to the key, to withdraw money. The consequence is a sentence increase with a range from two to six years. The Supreme Court, in endorsing the crackdown, excludes that the scope of the aggravating circumstance is limited to validation procedures that enjoy the public administration's blue stamp, such as the Spid, the Cie or the digital signature. Stricter protection should, in fact, also be extended to credentials used to 'enter' computer systems managed by private individuals such as home banking services or online sales platforms. Restricting the possibility of triggering the aggravating circumstance, as the defendant's defence claimed, means denying the existence of the different types of digital identity, characterised by differentiated security thresholds calibrated on the nature of the activities to be performed in the virtual space.

What is more, it means entering on a collision course with the will of the legislator, who intended to 'strengthen citizens' confidence in using online services by curbing the phenomenon of fraud, especially in the field of consumer credit through identity theft'. Greater protection - which also involves the toughening of penalties through the application of an aggravating circumstance - must therefore be guaranteed in the case of the illegitimate use of credentials to access home banking, but also for that of the pin, not by chance the English acronym for 'personal identification number', as for electronic keys. Devices "that produce from time to time a code to carry out the banking operation, since, in all cases, indeed by now more and more numerous - we read in the judgment - what matters is that the access data to the computer system from time to time compulsory by the agent directly or through the use of electronic devices, identify in an exclusive and unequivocal manner a specific person by means of numbers or letters according to a unique sequence intended to be used - repeatedly or from time to time by means of special devices - only by the holder or by a person authorised by him and which, in substance, replaces the personal details'.

In the case at hand, therefore, the heavy hand of conviction against the appellant who had appropriated, without authorisation, the account holder's electronic key and used it to wrongfully withdraw sums of money is confirmed.