This 2020 Annual Report describes the trends observed as a result of the crisis, together with the steps taken by the Observatory to maintain a high level of security and confidence in cashless payments.
Chapter 2 of the Report presents the trends in payment flows and payment fraud in 2020. In particular, it highlights the acceleration of the trend towards the digitisation of payments resulting from the crisis, as illustrated by the following:
- on the one hand, by a very sharp decline, from the time of the March 2020 lockdown, in transactions involving physical contact: cheques (–25% in value), cash withdrawals (–15% in value) and card payments requiring the entry of a PIN code thus recorded an unprecedented drop in flows compared with historical trends;
- on the other hand, unprecedented growth in two types of usage: contactless payment (+86% in value), which became the preferred method of payment at the point of sale and was greatly boosted by the increase in the payment limit from EUR 30 to EUR 50, effective 11 May 2020; and online payment (+8% in value), which was stimulated, in particular, by the movement of traditional neighbourhood shops towards new modes of consumption (home delivery, click and collect, etc.). This chapter also shows that, despite the impact of the health crisis on payment practices, the level of fraud observed on payments issued in France remains under control, with the notable exception of cheques, where the fraud rate is rising markedly.
- For the third consecutive year, cheques remained the means of payment most subject to fraud in terms of both value and proportion. Indeed, despite the decline in use of cheques in 2020, the associated share in fraud amounts for all means of payment remained the highest at 42%, for a value of EUR 538 million, and the rate of cheque fraud rose to 0.088%, representing the equivalent of one euro of fraud for every EUR 1,100 of payment. Theft of cheques and chequebooks is still the main modus operandi, accounting for the largest share of fraud amounts at 68%, a clear increase year‑on‑year (55% in 2019).
- The rate of fraud associated with French payment cards remained at an essentially manageable level of 0.068%, i.e. the equivalent of one euro of fraud for every EUR 1,500 of transactions, despite the massive shift in flows towards types of transactions that are more vulnerable to the risk of fraud. These include contactless payments (where the fraud rate has fallen to 0.013% despite the increase in the payment ceiling and is close to the fraud rate for payments involving the entry of a PIN code) and remote payments (where the fraud rate is virtually stable at 0.174%).
- Although the rate of fraud on credit transfers remained particularly low at 0.0008% (equivalent to one euro of fraud for every EUR 120,000 of payment), the Observatory nevertheless highlights the resurgence of fraud by means of social engineering primarily targeting companies. Indeed, the strengthening of digital exchanges and the widespread practice of working from home, leading to a loss of the usual reference points for accounting and financial services, have been conducive to the perpetration of this type of fraud. Moreover, government agencies have also been confronted with the development of a type of fraud targeting companies’ short‑time working arrangements, based on the theft of the identities of beneficiary companies in order to misappropriate the financial aid made available in the context of the Covid‑19 crisis.
- Direct debit fraud fell sharply in 2020, to EUR 1.9 million (–83% year‑on‑year). This rate of fraud is thus the lowest among all means of payment, at 0.0001%, i.e. the equivalent of one euro of fraud for one million euros of payment.
Chapter 1 presents the first assessment of the migration of the French financial sector towards strong customer authentication for online card payments. This development seems all the more necessary as it is taking place against a background of increasing use of this method of payment, which accounts for more than two‑thirds of fraud even though it represents only 22% of transactions.
Although the implementation of the migration plan drawn up by the Observatory had to be adjusted to take account of public health constraints, in particular with the granting of a three‑month period of flexibility in mid‑2020, the situation at the end of June 2021 reflected a high level of compliance by the French financial sector:
- More than 80% of cardholders making online purchases have been enrolled in a strong authentication system that they use to validate their transactions. The initiatives undertaken by the Banque de France and the Autorité de contrôle prudentiel et de résolution (French prudential supervision and resolution authority) with the institutions that have made the least progress should make it possible to achieve full compliance by autumn 2021.
- Some 95% of the flows of French e‑merchants comply with the regulations, i.e. they use an authentication request from their customer or are covered by an exemption recognised as valid by the card issuer.
These results are the fruit of the coordination work carried out within the framework of the Observatory, which has endeavoured to ensure an ambitious migration while maintaining e‑commerce activity in an environment that has been severely constrained by the public health crisis.
They constitute a validation of the end of the migration plan, it being understood that the Observatory will continue to closely oversee its further implementation with a view to ensuring full compliance of the French financial sector in the short term, while at the same time bolstering the smooth operation of online payments.
Chapter 4 reports on the work carried out by the Observatory to improve the security of cheque payments. This work has made it possible to better identify the main vulnerabilities of this means of payment that are exploited by fraudsters, and to develop a set of security objectives designed to counter them. These objectives are mainly based on the enhancement by banking institutions of their analysis capabilities and fraud prevention measures, the promotion of cooperation between sector players and, lastly, raising user awareness.
The Observatory will monitor the implementation of these objectives by market players and evaluate their effectiveness over time in the light of changes in annual fraud involving this means of payment.
Finally, Chapter 3 reports on the technology watch on real-time payment security, in a context where the use of instant transfers, although still limited (1% of transfers issued in 2020 in volume terms), was on the rise, with flows tripling in one year. While these payments offer greater convenience to users through the immediate availability of funds, they require security measures that are geared to the challenges of real‑time transactions.
The Observatory thus recommends that a set of fraud prevention measures be put in place at the time of payment initiation, combining the requirement for strong authentication of the payer provided for by the Regulations with the introduction of payment limits tailored to the customer’s usage, as well as real‑time identification tools for transactions that pose a high level of risk. The Observatory also draws attention to the important role played by users’ behaviour in ensuring the security of their payment means, and urges market players to conduct appropriate awareness‑raising activities when instant payment solutions are being made available.
