BioCatch blog channel

Browse topics

Zero trust, zero friction: The new survival standard for Italian banking

Written by:

Tom Vazdar (Guest Blog)

Zero trust, zero friction: The new survival standard for Italian banking featured image

A customer opens her mobile banking app to transfer €500 to her daughter studying in Milan. The transaction completes within seconds, a seamless exchange requiring no extra passwords or SMS codes.

It looks simple. Yet behind this smooth experience, the bank's security system analyzes the customer’s behavioral signals, cross-references the device fingerprint, and assesses interaction patterns against sophisticated fraud models. All of this happens in the background, invisible to the customer. The customer feels no friction. Yet the bank enforces a zero-trust model, treating every interaction as untrusted until verified, to quietly guard against fraud

This balance represents the holy grail of modern banking. And for Italian banks facing massive fraud losses, it’s no longer just a competitive edge but the standard for survival in a digital-first economy.

The Italian banking paradox

Italian consumers have embraced digital banking with remarkable enthusiasm. Yet this adoption has exposed the limits of traditional security models, as the country faces an explosion of sophisticated fraud attacks.

Authorized fraud losses now outpace unauthorized fraud by a factor of 13. In other words, criminals aren’t just stealing cards or credentials. Instead, they’re tricking customers into authorizing payments themselves, bypassing the very controls traditional security relies on. Victims lose an average of €995 per incident, compared with just €75 for traditional card fraud. Impersonation scam losses average €3,010 per victim.

Banks could respond by adding more authentication steps, but doing so erodes the customer experience. Italian banks find themselves caught between consumers demanding seamless digital journeys and regulators mandating stronger defenses.

Italy's implementation of PSD2's Strong Customer Authentication (SCA) is a prime example of this tension. By requiring multi-factor authentication, SCA has reduced some forms of unauthorized fraud, such as stolen card use. But the added friction has frustrated customers, and in some cases pushed fraudsters toward social engineering, tricking victims into authorizing fraudulent transactions themselves.

As customers grow accustomed to repeated authentication steps, they become more likely to comply with fraudulent prompts that mimic legitimate security checks. Sophisticated fraudsters now exploit this habit, turning compliance tools into attack vectors.

The zero trust revolution

To combat this challenge, banks must deploy a zero-trust security model, a fundamental shift from defending the perimeter to continuously verifying every interaction. Traditional security asks: “Did this user log in correctly?” Zero trust asks: “Is this user behaving in line with their normal, established patterns?”

This approach analyzes thousands of micro-signals, from how a customer holds their device, to the speed at which they enter their PIN, to transaction timing, and navigation patterns.

The genius of this approach lies in its invisibility to legitimate users. A customer’s natural interaction patterns become their authentication signature. For fraudsters, mimicking these patterns is nearly impossible. They must replicate not just what a customer knows, but how they naturally behave.

Dynamic security in practice

Consider two scenarios:

1.) When a customer makes a routine rent payment, behavioral security recognizes the familiar patterns and allows the transaction to finish with zero friction. For a high-value transfer, it monitors interaction patterns in real time, silently in the background. If the behavioral patterns match the customer’s profile, the payment proceeds unnoticed. If anomalies exist to suggest compromise, extra-verification triggers automatically.

2.) By contrast, traditional security stacks on SMS codes, app confirmations, and device registrations, all adding friction. Yet, these legacy defenses still miss many modern fraud and scam attempts.

With behavior, security adapts to context. It’s seamless for trusted behavior, prompting extra steps only when risk demands it.

Behavior’s regulatory advantage

Italy’s robust regulatory environment, including NIS2, DORA, and strengthened anti-money laundering (AML) obligations, supports rather than hinders the evolution towards behavioral security. Behavioral analytics is emerging as a key enabler, helping banks meet and exceed regulatory expectations without sacrificing usability. And forward-thinking financial institutions view compliance not as an administrative burden, but as an opportunity to raise security standards while keeping the customer experience frictionless.

NIS2’s broad focus on strengthening network and information security aligns with the continuous verification model at the core of behavioral monitoring, ensuring critical systems remain resilient to evolving cyber threats. DORA’s emphasis on digital operational resilience directly complements the capabilities of behavioral analytics, which provides ongoing, context-aware threat detection that adapts in real time.

The European Anti-Money Laundering Agency (AMLA) is also driving a shift toward more data-driven, intelligence-led supervision across the EU. While AMLA does not mandate specific technologies, its focus on risk-based approaches and identifying complex typologies, such as coordinated money mule networks, underscores the value of behavioral analytics in uncovering patterns that traditional rule-based systems often miss.

The trust imperative

Zero-friction security works because it rebuilds trust through competence rather than compliance. Customers trust banks that protect them invisibly, not institutions that burden them with security theater.

That trust matters more as AI-powered attacks grow more sophisticated. Italian banks face now face deepfake voice scams, AI-generated phishing campaigns, and automated mule recruitment. Traditional defenses built for simpler threats can’t keep up with advanced techniques. A behavioral approach gives banks an adaptive edge: machine learning models that keep improving, spotting new attack patterns without manual updates.

The competitive imperative

Digital-native fintechs are raising the bar in the Italian market with seamless user experiences and modern security by design. Traditional banks that cling to outdated, step-heavy authentication risk losing customers to competitors who deliver both stronger protection and smoother interactions. The institutions that master this balance will not just defend their market share. They’ll expand it at the expense of those stuck in the authentication arms race.

Several Italian financial institutions are already proving what's possible. By implementing behavioral analytics alongside traditional security measures, they’re achieving the seemingly impossible: reducing fraud while improving customer experience.

The technology exists today to make zero trust and zero friction a reality. The question is not whether this transformation will happen, but who will lead it.

Recent Posts

All financial institutions great and small
September 08, 2025 All financial institutions great and small
Read article
From finfluencer to fraud: How social media is fueling a new wave of investment scams Fraud
August 26, 2025 From finfluencer to fraud: How social media is fueling a new wave of investment scams
Read article
Express kidnapping: The dark side of improved digital security Fraud Prevention
August 22, 2025 Express kidnapping: The dark side of improved digital security
Read article