Bankers and consumers agree on payment fraud

Limiting fraud and future disputes over means of payment: this is the mission of French banks and several consumer associations, which have agreed on a series of recommendations that are immediately applicable.

The fraud rate on all online card payments (including payments made to foreign sites by French cardholders), less than 0.2% in 2021, is low.

But the boom in internet payments is whetting the appetite of fraudsters who often resort to the “spoofing” technique: they usurp the bank’s customer service call number and, thanks to their insurance and good information, achieve their ends.

Gathered under the aegis of the Banque de France, the Observatory for the security of means of payment delivered its conclusions on Tuesday, in the form of 13 recommendations, to prevent and manage this scenario.

Starting from an observation: the strong authentication required by banks to ensure that the user is who he claims to be, despite its high level of security, is not infallible.

It is not because this type of authentication exists, via the connection on a mobile application or the sending of a code by SMS for example, that the bank must refuse a refund to the customer victim of fraud.

However, “it is too often the case”, underlined Tuesday during a press conference Julien Lasalle, of the direction of the studies and supervision of the payments of the Bank of France.

When a victim comes forward, it is now up to the bank to investigate the case in less than 24 hours. If it is unable to conclude that the fraud comes from the customer himself or that the latter has shown gross negligence, the bank must proceed with the immediate reimbursement.

“We are strengthening the fight against fraud and we are facilitating reimbursement procedures, even when strong authentication has been carried out”, summarized the Minister of the Economy Bruno Le Maire, quoted in a press release.

– Gray area –

When the payment has not been the subject of strong authentication, such as for example for payments on the Internet of low value or outside the European Union, banking establishments are invited to reimburse without delay the transactions disputed by customers.

“The security of customer data and funds is a top priority for banks,” said Maya Atig, director general of the French Banking Federation (FBF), in a statement sent to AFP.

The objective of the 13 recommendations is also to “reduce the + gray zone + on the assessment of the + unauthorized + character of a contested operation”, explains the Observatory in its press release.

This gray area is a source of disputes and weighs down the piles of complaint files within establishments, with the mediator or even before the courts.

In March, the Versailles Court of Appeal ordered BNP Paribas to reimburse more than 54,000 euros to a client victim of “spoofing”, whom the bank accused of gross negligence.

The Observatory recalls, however, that the fight against fraud requires the vigilance of all stakeholders: consumers and businesses, but also payment service providers and even mobile telephony players.

The FBF also launched on April 22 a communication campaign in the press and on the radio with the message “Codes, passwords and bank identifiers: never give out your data”.

Adopted at the end of April, these recommendations already apply and will be supervised by the banking watchdog, the Prudential Control and Resolution Authority (ACPR).