2023-05-17 14:11:44
Payments by credit card on the Internet are increasingly secure. Simple authentication, by single-use SMS code, had halved the fraud rate in ten years, but it was showing its limits. The arrival of strong authentication in 2020 (a reinforced security device with different modes of identification) has further improved transaction security. The fraud rate on online payments has thus fallen from 0.249% of the amount in 2020 to just over 0.10% in the first half of 2022.
The imagination of fraudsters is nevertheless limitless in circumventing the system and the share of authenticated payments in Internet card payment fraud represents 30% in value. Their weapon: manipulate bank card holders by pretending to be through their bank in order to steal their data, gain access to their accounts or have a payment validated. For this, they use spoofing, which consists of usurping your bank’s telephone number, or phishing or smishing, variants by email or SMS.
Thirteen recommendations issued
So in the face of complaints from consumers who are victims of this in the face of banks that are dragging their feet in reimbursing them, the Observatory for the security of means of payment, bringing together the Banque de France, players in the payment market, representatives of the administrations and consumers, issues thirteen recommendations to better regulate the procedures for reimbursing victims of fraud.
At their base, a reminder issued by Julien Lasalle, secretary of the Observatory for the security of means of payment: “If there was strong authentication during payment, this does not in itself justify a non-reimbursement of the bank’s share. Because it is not certain that this strong authentication is fully granted. »
Thus, according to the recommendations issued, when a customer who is the presumed victim of fraud with strong authentication makes himself known, the bank has one day to carry out an initial analysis of the file. If the establishment is unable within this period to demonstrate that the fraud comes from the customer himself or that he has committed gross negligence, he must reimburse the alleged victim. The bank then has 30 days to carry out more in-depth investigations and whether or not to take back these funds.
Banks urged to step up security
In the event of disagreement, the dispute may then be brought before the institution’s mediator or the courts. The Versailles Court of Appeal also ruled in March on a dispute between BNP Paribas and one of its clients, victim of spoofing, whom it accused of gross negligence: the establishment was ordered to reimburse him 54,000 euros.
To reduce disputes as much as possible, banks are also called upon to strengthen security: require strong authentication for any consultation of the bank account in front of a new terminal, provide complete information on the payment during a strong authentication process, etc.
The task of fraudsters should also become more complicated since, with the entry into force of the Naegelen law aimed at better regulating cold calling, it will no longer be possible to usurp a bank’s 10-digit long numbers. Until they imagine a new manipulation technique.
#Means #payment #fraud #victims #remedies #account