In 2020, 1.4 million French bank cards were targeted by fraud. With scammers getting more and more creative in their attempts to extract your bank details, it makes sense to take every precaution you can and familiarise yourself with your rights if the worst should happen.
Best practices for preventing fraud
- Responding to emails that appear to have been sent by the bank can be risky. If you want to get in touch, either bookmark their website, or access it via search engine.
- If you are suspicious about where someone is calling you from, end the conversation and call your bank instead.
- When shopping online, check that any site you are using offers secure payment by looking for the padlock symbol in the address bar and web addresses that start ‘https:’.
- Keep your antivirus software up-to-date on any device you are using. Paid-for software can provide added protection.
- Keeping an eye on your account activity will allow you to flag up any anomalies as soon as they appear and stop any fraudulent activity as quickly as possible.
What to do if you discover fraudulent activity on your account:
If your card has not been stolen and nobody else has used it, contact your bank. Ideally, send an email or registered letter. Que Choisir has created a template for this. Your bank must refund you straightaway without charge and may also decide to replace your card for free.
Contactless fraud - Alert your bank if you notice small payments made with your card, which your bank says were contactless. Disputed payments must be refunded.
If your bank asks you to file a complaint - While the law does not require victims of bank fraud to file a complaint, the police being overwhelmed by complaints from victims of bank fraud, it does require banks to refund customers as soon as they report an unauthorised transaction.
If your bank mentions 3D Secure, 3DS or OTP SMS - These terms refer to a temporary one-time password sent by text for customer authentication. It does not affect your right to a refund, as fraudsters have been known to bypass the system.
If your bank blames you for security breaches - Reporting an unauthorised transaction usually results in the customer having their stolen money refunded, unless the bank can prove that the customer has committed fraud or serious negligence.
If your bank asks for an indemnity payment - Banking regulations allow banks to ask customers for compensation (capped at €50) in the event that their means of payment - or elements allowing the bank to be given a payment order - have been lost or stolen. However, it can be applied erroneously.
Phishing - This refers to an email or phone scam where the scammer impersonates a recognised person or company to trick them into providing their bank details. It may involve asking them to update their details online via a fake webpage mimicking that of the bank. Responding to an email with numerous spelling errors may allow the bank to prove you committed gross negligence.
Strong Customer Authentication – This involves the customer validating transactions using at least two of the following: something that only they know (e.g.: password), something that only they have (e.g.: bank card) and/or a characteristic personal to them (a fingerprint).