You are here

Useful information

Share links

Logo OSMP

This space was designed to centralise all the information that Observatory for the Security of Payment Means makes available to the general public regarding its work and decisions.

 

Security recommendations

The Observatory has drawn up a series of security recommendations aimed at users of payment means. These recommendations were written in collaboration with representatives of consumers, merchants and issuers, and are intended to be used by these players, each in their context, with their public.

The list was deliberately simplified and is confined to the main security measures. The Observatory requests that the media and the public authorities disseminate these recommendations as widely as possible.

Your habits make a direct contribution to the security of your means of payment. Please follow these basic security recommendations to protect your transactions:

Be responsible
  • Your payment instruments, such as bank card or cheque book, are strictly personal: never lend them to anyone, even your family or friends. Check regularly that you have them in your possession and keep them in a safe place, if possible separately from your ID documents.
  • If the payment instrument requires the use of a personal identifier (PIN number for a card, password for mobile phone payments, etc.), keep it secret and do not tell it to anybody. Learn it off by heart, do not write it down and, if this is not possible, never keep it with the corresponding payment instrument or anywhere where a connection could be made with it.
  • Above all, never give your passwords, secret codes and personal identifiers to the judicial or administrative authorities, or to your bank, especially by telephone or email. They should never request this information.
  • Make sure that nobody can see you enter your PIN or use your password. Shield the keypad of the terminal, ATM or telephone with your other hand.
  • Read your bank statements carefully and regularly.
  • Remember to consult regularly the security recommendations published on your bank’s website and ensure that it has your details so that it can contact you rapidly if it detects a suspicious transaction on your account. If your bank contacts you, by telephone or by email regarding such transactions, remember that you must not give it your passwords or personal identifiers.
  • Never agree to pay a seller or lessor that you do not know by money transfer before the goods are given or delivered to you; they may be fraudsters who, after receiving the transfer of funds, disappear without a trace (email address, social network account, etc.).
Be vigilant

When paying a professional or an individual

  • Watch how your card is used. Do not let it out of your sight.
  • Make sure to check the amount displayed on the terminal before validating the transaction.
  • When a cheque is automatically filled out by a merchant, check the information before signing it, in particular the amount.
  • A few precautions when filling in a cheque in order to reduce the risks of fraud: avoid erasures or alterations, write the name of the beneficiary of the cheque and the amounts in figures and letters without leaving any space, or draw a line through any unused space. The place and date of payments must be written at the same time as the other information. The signature on the cheque must not go over the line of figures on the bottom of the cheque. Never sign a blank cheque before filling in the amount and the beneficiary.

 

When withdrawing cash from ATMs

  • Check the appearance of the ATM.Try not to use machines that you think have been tampered with.
  • Follow only the instructions displayed on the ATM screen: do not let strangers distract you, even if they are offering their help.
  • If the ATM swallows your card and you cannot retrieve it immediately from the bank branch, report it right away.

 

When making internet payments

  • Do not keep your account details on your computer (PIN number, account number, etc.), do not send them in an ordinary email and check the security features of the merchant’s website if filling them in online (padlock in the lower corner of window, URL starting with “https”, etc.).
  • Make sure it is a reputable merchant and that you are on the official site and read the general terms of sale carefully.
  • Do not reply to an email, text message, telephone call or any other invitation that you find suspicious. Above all, never click on a link in a message to a bank's website.
  • Protect your computer by running the security updates offered by software editors (usually free) and by installing antivirus software and a firewall.
  • Change you passwords frequently, and avoid recording them on sites for future use (theft of your identifiers and bank details exposes you to fraud on all your payment means).
  • Do not choose the same password for the use of your payment means, access to your online account and access to other internet sites on which you have a customer account.

 

When you receive a payment order or a payment means

  • When receiving a direct debit mandate, check that the information regarding the creditor (name/company name, address) are consistent with your contractual obligations. If your bank has a list of creditors authorised to carry out direct debits on your account (also known as "white list"), ensure that it is kept up to date.
  • If you are the recipient of a remote payment and you do not know the payer personally (for example, an internet sale), check that the consistency of the information provided (name, address, identifier of the payer, etc.) before approving the transaction. If you have any doubt, check the regularity of the payment instrument and the quality of the payer with the payer's bank.
  • If you are the recipient of a bank cheque  (for example, the purchase of a vehicle), find and contact the issuing bank (do not trust the information on the cheque) to confirm that it is valid before finalising the transaction.
  • Check that all the compulsory information is on the cheque, in particular the signature of the issuer of the cheque, the name of the bank that must pay, the date and place where the cheque is issued, as well as the consistency of the information (beneficiary, amount, cheque number field of the magnetic strip) and ensure that there are no erasures or alterations that would indicate that it is a false cheque.

 

When travelling to other countries

  • Find out what precautions you need to take and contact the card issuer before leaving to find out about card protection systems available.
  • Remember to take the international telephone numbers for reporting lost or stolen payment means.
Learn the appropriate responses

If you have lost or someone steals a payment instrument or your account identifiers

  • Report it immediately by calling the number provided by your bank or by the card issuer. Remember to do this for all of your cards, cheque books and mobile devices with a payment application that have been lost or stolen. Similarly, contact your bank if you have given your bank details (account number, etc.) to a third party you find suspicious.
  • If your card is stolen, you must also file a complaint with the police as soon as possible.

If you report a lost or stolen card promptly, you will be covered by provisions limiting your liability to the first EUR 150 of fraudulent payments. If you fail to act promptly, you could be liable for all fraudulent payments made before you report the card missing. Once you have reported a lost or stolen card, you can no longer be held liable.

 

If you notice any suspicious transactions related to your payment means

  • Do not hesitate to contact your bank in order to verify the regularity of unidentified suspicious transactions. It is especially important to contact your bank if you receive information by telephone, email or text message confirming or requesting the validation of payment transactions that you have not initiated.

 

If you see any unusual transactions on your statement, and your payment instrument is still in your possession

  • Report this promptly so that you are protected against any further fraud attempts using misappropriated payment instrument data.
  • If, within legal time frame of 13 months of the contested transaction date, you submit a claim to the institution holding your account, the contested amounts must be immediately refunded with no charge. In these conditions, you will not be liable. However, this does not apply in the case of gross negligence on your part (e.g. you let someone see your card number and/or PIN and this person has used your card without telling you) or if you ‑ deliberately fail to comply with your contractual security obligations (e.g. you have been careless enough to tell someone the card number and/or the PIN and this person has used your card without telling you). Note that if the card was misappropriated in a non-European country, the time limit for submitting a claim is 70 days from the debit date of the contested transaction. Your card issuer may extend this limit, but it nevertheless cannot be more than 120 days.

Naturally, in the event of fraudulent activity on your part, the protective mechanisms provided for under the law will not apply and you will be liable for all amounts debited before and after reporting the card lost or stolen, as well as any other costs resulting from these transactions (e.g. if there are insufficient funds in the account).

Updated on: 06/12/2018 10:50