© Un site développé par la Société d’Avocats Damy

Online fraud and strong authentication

Online fraud has grown massively in recent years.

Article Neo-Banks

Are you a victim ? Contact us !

Online fraud has increased massively in recent years.

To counter this new problem, the legislator has intervened to reinforce the obligations of banking establishments towards their customers by integrating the strong authentication mechanism.

How do you know if you’ve been a victim of online fraud?

You have certainly been a victim of online fraud if you are still in possession of your bank card, but a third party has made an online purchase using your bank details without your consent.

What is strong authentication?

Under the terms of article L133-4 of the French Monetary and Financial Code :

“(…) f) Strong customer authentication means authentication based on the use of two or more elements belonging to the categories “knowledge” (something that only the user knows), “possession” (something that only the user possesses) and “inherence” (something that the user is) and independent in the sense that the compromise of one does not call into question the reliability of the others, and which is designed in such a way as to protect the confidentiality of authentication data;”

In other words, in practice, strong authentication means that when you validate an online payment, you have to use your smartphone and your secret code to confirm the payment you are making.

Strong authentication will be compulsory for all banks from 15 May 2021 when the amount of the payment exceeds €30.

It is therefore compulsory every time you carry out :

“(…) a transaction by remote means of communication likely to involve a risk of payment fraud or any other fraudulent use (…)”.

What means are available to you if you are a victim of online fraud?

If you have been the victim of online fraud, you have 13 months from the date on which the unauthorised payment was debited to report the fraudulent transaction to your bank, failing which you will be barred from doing so.

Your bank will then be obliged to refund the amount debited immediately, unless it has reason to suspect fraud on your part.

In any event, the burden of proof relating to the authentication of the transaction will lie with the bank.

[1] https://www.service-public.fr/particuliers/vosdroits/F47157/1_0_0_0?idFicheParent=N31138#1_0_0_0

[1] https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000035430451/



[1] https://www.legifrance.gouv.fr/codes/id/LEGIARTI000035407334/2023-02-17/?isSuggest=true

[1] https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000035430562