Chapter 1 of this report, which presents statistical trends on cashless means of payment usage and fraud, shows that in value terms, fraud has remained stable, at less than EUR 1.2 billion. However, trends differ depending on the means of payment.

• The fraud rate for payment cards, which further consolidated their status as the main means of payment for everyday use, stabilised at the lowest level ever recorded by the Observatory (0.053%) for a total amount of EUR 496 million. Fraud rates have trended downwards across all electronic initiation channels for payments and withdrawals, with historic lows recorded in the fastest‑growing segments, particularly contactless, mobile and internet payments (0.011%, 0.021% and 0.160%, respectively). The average fraud rate for cards remained stable, however, due to the increase in the proportion of payments made over the internet, which continue to be proportionally more exposed to fraud. Payment card security thus continues to benefit from the strong authentication rules set down in the second European Payments Services Directive (PSD 2). The implementation of these rules explains in large part the continuing decline in internet payment fraud, as well as fraud on mobile payments, for which the fraud rate has fallen by two‑thirds thanks to the systematic use of strong cardholder authentication upon card enrolment with a mobile solution. Against this overall backdrop of card fraud containment, the most common fraud technique remains the usurpation of card numbers using phishing techniques (72% of fraud by value), sometimes combined with manipulation (known as social engineering) by telephone to push victims to authenticate fraudulent transactions.

• Cheque fraud continued to decline in value, falling to EUR 364 million in 2023 (down 8% year‑on‑year). This is largely due to the prevention mechanisms deployed by banks, in accordance with the roadmap drafted by the Observatory, and in particular systems for blocking or delaying cheque settlements, which neutralised EUR 222 million in fraudulent transactions in 2023 (a 38% improvement on 2022). However, due to the ongoing decline in cheque use in terms of value (down 13.4%), the fraud rate was up in 2023 to 0.078% (compared with 0.073% in 2022). The main type of fraud by far remains the misappropriation of lost or stolen cheques, whether presented directly for payment by a fraudster or used as a means of payment with merchants or private individuals (accounting for 66% of fraud by value and 89% of fraudulent transactions by volume).

• Overall, credit transfer fraud has remained relatively stable (down 0.5% year‑on‑year) at EUR 312 million in 2023, despite an 18% increase in the number of fraudulent transactions. Due to the large amounts exchanged with each transfer, the fraud rate remained extremely low at 0.001%. Private individuals and professionals are both affected by fraud, primarily through their online banking activities. Fraudsters have two main approaches: first, fraud involving social engineering (in particular false bank adviser scams) to trick the victim into validating fake transfer orders (43% of total fraud by value); and second, fraud involving misappropriation in which the fraudster alters a legitimate invoice or payment order to steal funds (48% of total fraud). Lastly, the adoption of payments by instant credit transfer (up 46% in value terms) has been encouraged by the fact that fraud is held tightly in check, with a downward trending fraud rate (of 0.040%) which is lower than that for payment cards.

The work undertaken by the Observatory to prevent fraud is presented in Chapter 2, with a particular focus on three key areas:

• The Observatory has carried out an assessment of resources and best practices with regard to credit transfer and direct debit payment security, and has drawn up an initial set of recommendations to make these instruments more secure, particularly in terms of data sharing between institutions, and improving user awareness.

• The Observatory has adopted a remote card payment action plan aimed at enhancing the security of non‑authenticated payments issued without using the 3‑D Secure protocol, which are still two to three times more likely to fall victim to fraud than transactions that are 3D‑Secured. The first measures came into force on 10 June 2024, primarily with the introduction of a EUR 500 acceptance ceiling per card and per merchant. The ceiling will be lowered to EUR 250, and later EUR 100, before the end of 2024, with exemptions for certain sectors of activity.
• Given the proliferation of fraud schemes that involve social engineering and the usurpation of bank or public entity identities via telecommunications networks, the Observatory has stepped up its work with the telecommunications sector to monitor the implementation of preventive measures. This includes the French MAN (number authentication mechanism) programme, which is intended to ensure that caller ID numbers are authentic.  

Chapter 3 outlines the work carried out by the Observatory as part of its technology monitoring duties on quantum computing and the security of bankcard payment systems. The possibilities offered by quantum computing across a wide range of fields (finance, logistics, meteorology, chemistry, etc.) are promising, but at the same time raise new challenges, particularly in terms of digital security. The use of quantum computing techniques to break encryption schemes for secure electronic communications and protocols under current standards, including those used for payments, could become a reality in the next ten to twenty years. As such, it is a serious threat to national security, which has already been subject to careful consideration by the public authorities in France (French Military Programming Act of August 2023, for example), and must be addressed immediately by the payments sector given the life cycles of card payment hardware and software (chips, electronic payment terminals, servers, etc.). The Observatory has therefore adopted a set of recommendations designed to ensure that the French payments market is properly prepared in the long term for this “quantum menace”. 

Against a backdrop of rapidly evolving payment methods and fraud techniques, the Observatory remains committed to ensuring the security of all payment methods, thereby guaranteeing genuine freedom of choice for all users, from individuals to businesses, in their day‑to‑day transactions. As part of its work programme for 2024 and 2025, the Observatory will look in particular into the possibilities for sharing information to enhance the methods used to combat transfer fraud, and will pursue its initiatives undertaken with players in the telecommunications and distance sales sectors. Finally, the Observatory will direct its technological monitoring activities towards the use of transaction scoring models and artificial intelligence as part of the fight against fraud.