2023-06-30 04:30:00
If fraud techniques are always more sophisticated on the Web, the strengthening of security pays off, thanks in particular to strong authentication.
Section created by Laurence Allard
Warning. Attention, warns the Observatory of the security of the means of payment, the fraud can also extend to the bank account. Published on 06/30/2023 at 06:30
Strengthening security pays off. Since the application of the second European directive on payment services (known as DSP2), which imposes new authentication methods on the payer, the fraud rate has dropped by 30% between 2019 and 2022, notes the Observatory of the security of means of payment (OSMP). “Across all card payments on the Internet (including those made on foreign sites), the fraud rate fell from 0.249% in 2020 to 0.196% in 2021, its lowest historical level while over the same year, the amount of purchases paid for by card increased by 21% to reach 177.1 billion euros. »
Ever more sophisticated fraud techniques. Strong authentication takes the form of the sending by SMS to the cardholder of a code generated for the payment transaction, accompanied by information on its amount and its beneficiary. Any change of parameter requires the sending of a new code. According to the organization, while fraud with strong authentication represents only 9% of the total number of fraudulent card payments on the Internet, it amounts to 30% of the amount. In other words, if there are fewer victims, the damage resulting from fraud is greater. The OSMP also observes a sophistication of fraud techniques, which adapt to the new protection rules implemented. It always starts with phishing via SMS or email, the theft of data from third parties or the usurpation of the telephone number.
Consumers, you have rights. First of all, the bank cannot require the filing of a complaint with the police as a prerequisite to the instruction of its request for reimbursement.
BETTER PROTECTED CUSTOMERS
– If there was no strong authentication, the bank is required to reimburse the cardholder no later than the end of the first working day after receipt of the dispute.
– In case of strong authentication, the bank will have to prove, in order not to reimburse the cardholder, that the latter authorized the transaction, that there was gross negligence. Otherwise, the bank will reimburse its client without delay.
Gross negligence, what?“There is still no case law from the Court of Cassation since the entry into force of the directive”, notes the OSMP. Prior to its application, the courts relied on the concept of a “normally attentive” user.
In its report, in order to improve commercial relations, the organization asks that the banking establishment only have a period of thirty days to carry out its investigation and that it informs the customer thereof by communicating the reason and the complaint procedure that he can initiate.
Beware of contagion! But beware, warns the Observatory, fraud can also extend to the bank account. The cybercriminal recovers by phishing the identifier, the password and the contact details of his victim (surname and first name, telephone number, etc.). Once provided with this information, he connects to the Internet customer space of the bank of the latter to gather information on the products held and hack them §
43 %
This is the percentage of card payments made in 2022 in France.
20 %
This is the share of payments made online compared to 12% in 2019.
3 %
This is the proportion of contactless settlements.
Source: European Central Bank.
SILAS STEIN/dpa Picture-Alliance via AFP
1688106077
#online #fraud