Observatory for the security of payment means, annual report 2021

Published on 22 July 2022
Banque de France - Philippe Jolivel

Following a year marked by the measures related to the health crisis in 2020, 2021 saw an economic recovery and an associated rebound in payment flows, with consumers confirming their new, more digital and dematerialised practices, which have now become firmly established.

In this 2021 Annual Report, the Observatoire de la sécurité des moyens de paiement (OSMP – the Observatory for the Security of Payment Means) notes that this digitisation was accompanied by new threats to payment means, with a marked rise in scams and manipulative schemes. Against this backdrop, thanks to the actions undertaken by the Observatory and professionals in the payment industry, combined with the vigilance of users, it was possible to maintain a high level of security and confidence in cashless payment means in 2021.

Chapter 1 of the report presents changes in payment flows and fraud in 2021. The easing of health measures and the resulting economic recovery led to very strong growth in cashless transactions (up 12.4% in volume and 17.5% in value), which exceeded economic growth, thus confirming the rapid and sustained digitisation of payment practices.

Bank card payments continued to account for the largest share of cashless transactions, at nearly 61%. With the pandemic, contactless payments have become the preferred method of point-of-sale payments, accounting for more than half of all face-to-face card payments (57%). Even though mobile contactless payments still account for only 3% of point-of-sale transactions, they also tripled in 2021, suggesting a strong increase in their use in coming years. Lastly, online payments continued to grow strongly (up 21% in 2021), still driven by the growth of e-commerce and new consumption habits (collection from stores of purchases made remotely, such as drive or click & collect, home deliveries of quick commerce purchases, online subscriptions, etc.).

  • Alongside bank cards, instant transfers are also becoming an integral part of the cashless payment landscape. Their use more than doubled in 2021, and now accounts for more than 2% of total transfers. Although still lagging behind other European countries, their use in France is expected to rise in the coming years, reflecting national and European payment means strategies.
  • At the same time, despite the economic recovery, traditional payment methods are still declining. Cheque use is continuing to fall, albeit at a slower pace than before the pandemic, with a 6% drop in volume and a 4% drop in value. With the easing of health measures, card cash withdrawals held up better (up 2.1% in volume), although their growth was lower than that of total transactions.

Against this background of a very strong increase in cashless transactions, partly linked to a catch-up effect after an atypical year in 2020, the Observatory’s statistical monitoring shows that fraud observed for payments made in France increased in value twice as slowly as that of flows, to reach EUR 1.2 billion (up 8.5%), and decreased in volume to 7.5 million fraudulent transactions (down 3.8%). This encouraging result reflects differing trends across payment means.

  • For the fourth year in a row, cheques continue to suffer from the highest fraud rate of 0.079%. They accounted for 37% of total fraud in 2021, or EUR 465 million. These figures reflect a new approach to cheque fraud, more in line with losses actually sustained, insofar as the Observatory now excludes fraud attempts that were prevented by banks after the cheque was deposited (EUR 161 million of frauds prevented in 2021 to be deducted from EUR 626 million of fraudulent cheque transactions).
  • Bank cards are very similar to cheques in terms of fraud amounts: 37% of total fraud in 2021, or EUR 464 million. Despite an increase in the use of this payment instrument, 2021 nevertheless saw a significant 1.9% drop in fraud in value and in the fraud rate (0.059%, against 0.068% in 2020). The Observatory estimates that 1.3 million cards were subject to fraud and reported lost or stolen in 2021, down 10% on 2020. These results confirm the effectiveness of the use of strong customer authentication for remote payments, provided for in the Second European Payment Services Directive (PSD2), which was gradually implemented in France in 2021 as part of the migration plan managed by the Observatory. Accordingly, the fraud rate on remote payments fell from 0.249% in 2020 to 0.196% in 2021 (down 21%), its lowest level ever. With the risk of phishing still high, misappropriated card numbers remain the main source of card fraud (78% of fraud, compared to 18% for lost or stolen cards), such that online payments still account for almost three-quarters of fraud in terms of value, even though they represent less than a quarter of card payments. At the same time, contactless payments continue to offer a very high level of security, with the fraud rate reaching an all-time low of 0.013%, almost equivalent to the 0.010% rate recorded for traditional point-of-sale payments with PIN code.
  • Credit transfers continue to have the third highest incidence of fraud of all payment means (23% of total fraud, or EUR 287 million). However, in a context of increasing flows and the predominant use of transfers for retail payments (wages, social security benefits, etc.), the fraud rate by transfer remains particularly low and contained at 0.0007% (0.0015% excluding large-value transfers), down slightly from 2020. Fraud rates were limited for both online banking transfers, mainly used by individuals (0.0012%), as well as for transfers via telematic channels, used by businesses and government (0.0006%). Furthermore, with the sharp increase in flows, the security of instant transfers was ensured with only a slight rise in the fraud rate to 0.045%, which is very similar to card payments in France. The Observatory notes that misappropriation of transfers, i.e. situations where the initiator of the transaction is legitimate but is manipulated or deceived by the fraudster, is the most common type of fraud (59% of total fraud in value terms). These cases of fraud affect businesses, government and individuals alike, as fraudsters manage to bypass authentication mechanisms. The steady rise in remote interactions and identity or bank detail theft are conducive to the direct manipulation of users, who must continue to be made aware of these risks. Given these risks, the Observatory will actively participate in discussions aimed at identifying new ways of combating credit transfer fraud that would benefit banking institutions and their users.
  • After these three payment instruments, fraud amounts for direct debits, trade bills, e-money and remittances are relatively insignificant. The Observatory nevertheless notes an increase in direct debit fraud, which amounted to EUR 25 million in 2021, compared to less than EUR 2 million in 2020, and whose fraud rate (0.0013%) has been particularly volatile year-on-year over the past four years. The reason for this increase, attributable to a very small number of creditors, was identified. Corrective measures are being implemented to remedy this.

Chapter 2 gives a positive assessment of the work carried out by the Observatory in 2021 to improve the security of payment means.

  • The first is the implementation of strong authentication measures for online card payments, which has been managed by the Observatory since the publication of its migration plan for the French financial sector in autumn 2019 (see 2018 Annual Report). The Observatory is pleased to note that the French financial sector has achieved a very high level of compliance with the requirements of PSD2, both in terms of cardholders’ equipment and transaction processing by merchants and the payment chain. The Observatory welcomes the fact that these strong authentication measures have already led to a significant reduction in online payment fraud, while at the same time supporting the growth of e-commerce and related new consumption patterns. In 2022, the Observatory will focus on consolidating the performance of these new authentication infrastructures, while continuing to combat fraud aimed at circumventing strong authentication by manipulating the payer.
  • One year after the publication of ten new recommendations on cheque security (see 2020 Annual Report), the Observatory has issued an encouraging progress report on several concrete actions taken by both public authorities and industry professionals, such as the revision of the Banque de France’s cheque security framework, which was completed in April 2022. However, given the persistently high levels of fraud, the Observatory calls on the industry to continue and intensify its efforts to strengthen the security of this declining payment instrument, in particular by focusing on monitoring cheque transactions, simplifying the procedures for reporting lost or stolen cheques and securing the delivery of chequebooks. Taking into account the controls already carried out and the risk policy of each institution, the Banque de France will ensure that the Observatory’s recommendations are duly implemented by the banking institutions as part of its oversight activities.
  • Lastly, the Observatory would like to remind both payment industry professionals and users of the relevance of its recommendations regarding certain rapidly growing practices, which the Observatory had covered in its monitoring work in previous years. This includes pursuing efforts and investments to strengthen the security of instant credit transfers in order to ensure the rapid and secure development of this payment instrument, which is expected to grow strongly, raising users’ awareness of the need to protect their own payment data given the ongoing high risk of phishing, and strengthening the security of enrolments for mobile payment solutions.

Chapter 3 presents the Observatory’s monitoring of the digital identity of natural persons. The Observatory notes that the strong growth in digital practices has not been accompanied by an attendant strengthening of remote identification processes. This has led to an increase in identity theft, often associated with document fraud techniques, which also undermine the security of payment means by deceiving one of the parties to the transaction. While the French government is developing and testing an administrative digital identity, associated with the new electronic national identity card, the Observatory is already calling on the players in the payment chain, as well as users, to make greater use of digital identity solutions and trust services, such as the electronic signature or seal, which offer more robust levels of security for remote exchanges.

In a context of rapidly evolving payment means and constant new threats, the Observatory remains committed to ensuring the security of all payment means, whether they are in decline, such as cheques, or expected to develop in coming years, such as instant transfers or mobile payments. The security of all payment means is a prerequisite for offering all users, from individuals to businesses, genuine freedom of choice in their daily use.

Download the PDF version of this document

Updated on 21 November 2023