The fraud rate on all card payments on the internet (including payments made to foreign sites by French cardholders), less than 0.2% in 2021, is low.
But the rise of payments on the Internet whets the appetite of fraudsters who often resort to the technique of "spoofing": they usurp the call number of the bank's customer service and, thanks to their insurance and good information, achieve their goals.
Gathered under the aegis of the Bank of France, the Observatory of the security of means of payment delivered Tuesday its conclusions, in the form of 13 recommendations, to prevent and manage this case.
Starting from an observation: the strong authentication requested by banks to ensure that the user is who he claims to be, despite its high level of security, is not infallible.
It is not because this type of authentication exists, via the connection on a mobile application or the sending of a code by SMS for example, that the bank must refuse a refund to the customer victim of fraud.
However, "this is too often the case," said Tuesday at a press conference Julien Lasalle, of the direction of studies and monitoring of payments of the Bank of France.
When a victim comes forward, it is now up to the bank to investigate the case in less than 24 hours. If it is unable to conclude that the fraud comes from the customer himself or that the latter has been grossly negligent, the bank will have to make the immediate refund.
"We are strengthening the fight against fraud and we are facilitating reimbursement procedures, even when strong authentication has been carried out," Economy Minister Bruno Le Maire said in a statement.
Grey area
When the payment has not been strongly authenticated, such as for low-value internet payments or outside the European Union, banks are invited to reimburse without delay the transactions disputed by customers.
"The security of customers' data and funds is a top priority for banks," Maya Atig, chief executive of the French Banking Federation (FBF), said in a statement sent to AFP.
The objective of the 13 recommendations is also to "reduce the +grey area+ on the assessment of the +unauthorized+ nature of a contested operation," explains the Observatory in its press release.
This grey area is a source of litigation and adds to the piles of claims files within institutions, at the mediator or even before the courts.
In March, the Versailles Court of Appeal ordered BNP Paribas to reimburse more than 54,000 euros to a customer victim of "spoofing", whom the bank accused of gross negligence.
The Observatory points out, however, that the fight against fraud requires the vigilance of all stakeholders: consumers and businesses but also payment service providers and even mobile telephony players.
The FBF also launched on April 22 a communication campaign in the press and radio with the message "Codes, passwords and banking identifiers: never give your data".
Adopted at the end of April, these recommendations already apply and will be supervised by the banking policeman, the Autorité de contrôle prudentiel et de résolution (ACPR).
© 2023 AFP