Featured articles

Payment fraud : increased efficiency, reimbursement of victims to be improved

14 min

Published on :

Written by
The Monetico team

The rapid rise of e-commerce has placed online payment fraud at the heart of merchants' concerns. Although protective measures have proven their effectiveness, fraud is constantly evolving, and is now affecting mobile and other means of payment via social engineering, according to the Observatory for the Security of Means of Payment (OSMP) and its annual activity report. What are the payment methods that are most frequently subject to fraud ? What strategies can be put in place to effectively combat fraud ? We decrypt fraud with complete transparency !

Payment fraud: what is the state of play in France?

OSMP : the shield against payment fraud

The Observatory for the Security of Means of Payment (in French, the Observatoire de la sécurité des moyens de paiements : OSMP) is a key player in the monitoring of payment fraud in France. Chaired by the Governor of the Banque de France, the OSMP promotes the security of payments through dialogue and information sharing. This forum, which was established in 2016, includes parliamentarians, administrative representatives, traders, businesses and consumers.

What is the payment method most frequently subject to fraud ?

The key figure : In 2021, cheque was the payment method most widely affected by fraud in terms of amount, with 37 % of cases.

Source : 2021 OSMP Annual Activity Report

After cheque, credit card is the most fraudulent means of payment in terms of amount (34 %), followed by transfer (23 %).

But in terms of volume, credit cards are in the lead ! Cards see an overwhelming concentration of the largest number of fraudulent transactions, given their frequent use in France.

By comparing the number of fraudulent transactions with the use of each means of payment, cheques see the highest rate of fraud (0.079 %), followed by credit cards (0.059 %). Transfers have a significantly lower fraud rate (0.0008 %).

Read also : split payment, a delicate balance between fluidity, instantaneity and security

Les principales sources des fraudes au paiement
The main sources of payment fraud
Source :

2021 OSMP Annual Activity Report

Reducing online payment fraud through strong authentication

Strong authentication : an effective solution against fraud

Internet payments have undergone a real revolution, with a 30 % drop in fraud rates between 2019 and 2022 for online card payments. The trend continues, according to the statistics for the 1st half of 2022.

The key figure : The rate of credit card fraud has decreased by more than 20 % between 2020 and 2021.

Source : 2021 OSMP Annual Activity Report

How can we explain this development ? Thanks to strong authentication, implemented between 2019 and 2021. This system is the result of the application of the second Directive on Payment Services. It requires merchants to authenticate their customers by using at least 2 of the following 3 factors :

  • Knowledge (such as a secret code)
  • Possession (such as a mobile phone)
  • Inherence (such as a piece of biometric data)

Enhanced authentication : scammers put to the test

Simple authentication, by non-replayable SMS, has indeed demonstrated its limits. The rate of fraud has decreased significantly since the implementation of two-factor authentication. However, fraud remains a major issue for merchants, as scammers are constantly adapting to the measures put in place to combat it.

The rise of social engineering fraud

Security at stake with the increase in contactless mobile payment

The OSMP observes an increase in certain types of fraud, in particular those involving the use of mobile phones, the use of which has increased considerably.

The number of contactless payment transactions by mobile increased by more than 130 % in 2022 (+ 135 % in amount), which may explain the increase in fraud on this medium.

The modest increase in fraud related to proximity payments is attributable to contactless mobile payment transactions : this channel accounts for more than 50 % of the amounts of fraudulent proximity transactions. In most cases, these frauds are attributable to the enrolment of stolen cards in a wallet.

Social engineering : the new face of fraud

This is the OSMP's second finding : the proliferation of social engineering fraud. Faced with increasingly secure transactions, scammers are now targeting users to get them to carry out transactions through their account.

Their strategy is to collect as much information as possible about their victims (often under the guise of security checks) and then carry out transactions for them, which will be validated by the consumers themselves. That is why the OSMP has observed an increase in the number of fraudulent payments with strong authentication.

In fact, it is consumers who bear the cost of this manipulation fraud. This situation prompted the OSMP to take action and propose corrective actions to all market players.

Read also : In 2023, the French reveal their purchasing behaviours

The rise of social engineering fraud

Who provides the reimbursement in the event of fraud ?

To strengthen the fight against fraud, the OSMP has just published a list of 13 recommendations for end consumers and payment service providers. The implementation of these recommendations will be monitored by the French Prudential Control and Resolution Authority (in French, l’Autorité de contrôle prudentiel et de résolution : ACPR) and will be the subject of a review at the end of 2024.

In its recommendations, the OSMP distinguishes 2 cases :

  • In the absence of strong authentication : the OSMP recalls that the account-holding institution must reimburse the consumer without delay, at the latest at the end of the first working day after receipt of the dispute of the transaction.
  • If the disputed transaction underwent strong authentication, it lies with the account-holding institution to determine whether this transaction may be considered as authorised by the user. It is the aforementioned institution's responsibility to carry out an investigation on the basis of the data of the transaction. After analysis of the file, in the absence of sufficient evidence to justify the authorised nature of the transaction or demonstrate serious negligence by the user, the institution is required to reimburse the operation in question without delay.

The OSMP also recommends :

  • Setting a maximum investigation period of 30 days.
  • The immediate reimbursement of a mobile payment via wallet, if the enrolment of the payment method has not undergone strong authentication.

Fighting fraud through awareness-raising

In addition to heightening consumer protection, other actors are mobilising to raise awareness among users and thus improve the fight against fraud.

Example : the French Banking Federation recently launched an extensive advertising campaign that reminds users never to authenticate a transaction of which they are not the originator and never to communicate their sensitive data to third parties, even those that may impersonate their bank.

Take scammers down !

Mastercard has also launched an initiative, called 'Fraude Fight Club', launched in partnership with the site Cybermalveillance.gouv.fr. « Take scammers down », declares this awareness campaign, which has been rolled out on social networks, aimed at young people from 18 to 35 years old.

Fraude Fight Club, la Campagne de sensibilisation à destination des jeunes lancée par Mastercard
Fraude Fight Club, the awareness campaign for young people launched by Mastercard and the Cybermalveillance.gouv.fr website (@fraudefightclub)

Why target young people ? Several studies have shown that they are particularly vulnerable to social engineering scams, in a higher proportion than their elders. This has been enough to give the government, which has made cybersecurity a major focus of its France 2030 strategy, food for thought.