August 3, 2021

will fraud really decrease with two-factor authentication?

Nearly 150 billion euros were paid online in 2020 by means of a French bank card, according to the annual report of the Observatory for the security of payment methods published on July 7. Transactions particularly targeted by fraud: they represent a quarter of the total amounts paid by card but 83% of the amounts defrauded.

The fraud rate on these Internet payments is thus 0.25%, which means that there is one euro defrauded for every 403 euros spent.

Article reserved for our subscribers Read also Contactless payment: fraud “at an all-time low”

“This rate has fallen in recent years, in particular thanks to the deployment of the 3D Secure payment security protocol and the efforts of banking establishments to detect fraudulent transactions, but we have reached a plateau”, notes Pierre Bienvenu, deputy head of the security service for non-cash means of payment at the Banque de France.

After seven years of decline, the rate of fraud on online payments has indeed increased slightly in 2020, for example, from 0.170 to 0.0174% for purely national regulations. Difficult to be satisfied, given the growth of e-commerce.

Double authentication required

But the situation should improve with the application of a new online payment security protocol: “strong authentication”. It is also called “double authentication” because it takes two elements of identification of the cardholder to validate an Internet transaction, where you were asked before only one, often a one-time code received by SMS.

Article reserved for our subscribers Read also Online payment: the generalization of double authentication is a headache for some customers

In practice ? You indicate during payment as usual your card data (number, deadline, cryptogram). Then you should now be asked for two proofs that it is yours, among these three options: an element that only you know (like a password), an element that only you have (like your smartphone), a biometric element (fingerprint, facial recognition, etc.).

Banks essentially offer authentication by smartphone: the customer downloads the bank’s application, and then validates transactions via it (there is therefore indeed an “element of possession”, the smartphone, and a “Knowledge element”, the code to open the app, or a biometric element for those who access it by their fingerprint). Crédit mutuel Arkéa and its Fortuneo subsidiary are for their part based on a virtual card service (creation of a temporary virtual bank card number).

You have 65.51% of this article to read. The rest is for subscribers only.