FRANCE Law and Practice Contributed by: Sylvain Clavé and Germain Chaux, Clavé Avocat
12. Fraud 12.1 Elements of Fraud
three times higher than secure channels. Following a transitional cap of EUR1.01 in May 2025, the threshold for these non-authenticated internet payments was slashed to EUR0.01 on 1 January 2026, effectively mandating authentication for nearly all transactions. Instant transfer fraud has also surged to the top of the agenda following a EUR37 million increase in dam - ages in 2024. To mitigate this, regulators supervised the nationwide roll-out of the Verification of Payee ser - vice (matching IBANs to beneficiary names – resulting from the implementation of EU Regulation 2024/886), which became fully operational on 9 October 2025, to secure transfers for both retail and professional clients. Furthermore, the regulators are intensifying their monitoring of AI-driven fraud in the context of the emergence of deepfakes used to solicit fraudulent investments. 12.3 Responsibility for Losses The liability of fintechs, and especially of PSPs for customer losses, is governed by a strict immediate reimbursement obligation for unauthorised transac - tions under Articles L 133-18 and L 133-22 of the French Monetary and Financial Code. However, this obligation to return funds may be suspended if the financial institution provides evidence to the regula - tory authorities justifying suspicion of fraudulent activ - ity on the part of the customer. Since the entry into force of EU Regulation 2024/886, payment service providers have been required to pro - vide a tool for verifying the match between the name entered and the bank identifier at no cost to the indi - vidual. If the service fails to signal a detected incon - sistency before the order is validated, it assumes the resulting financial loss and must restore the client’s initial balance without delay. Conversely, if the alert was duly transmitted but the payer decides to override it with full knowledge of the facts, the provider is released from any obligation to reimburse. Finally, in the event of a dispute, the burden is on the provider to demonstrate that the transaction was correctly authenticated and did not suffer from any technical failure.
Fraud techniques have undergone profound mutation, evolving towards approaches based on psychological manipulation and identity theft. While the introduction of strong customer authentication (SCA) under PSD2 has strengthened the security of remote payments and reduced certain forms of technical fraud, trans - actions remain a major source of litigation for clients, notably due to the rise of social engineering (ie, the use of psychological manipulation to deceive users into bypassing technical security measures, such as “spoofing”, where attackers impersonate bank offi - cials to convince clients to authorise fraudulent trans - actions themselves). According to a survey conducted for the AMF, the proportion of French people falling victim to finan - cial investment scams has practically tripled in three years. The Paris Prosecutor’s Office estimates the total damage to be at least EUR500 million per year, generally involving transfers to accounts controlled by fraudsters. To safeguard the market, the AMF and ACPR maintain a strategic blacklist of unauthorised financial opera - tors, serving as a vital tool to prevent misappropriation of funds. Updated in January 2026 to reflect 2025’s activity, the registry flagged 58 Forex platforms and 29 crypto-derivative sites. The ACPR reported an even steeper rise, blacklisting 1,190 entities illegally marketing loans or savings accounts. This surge is fuelled by fraudulent misrepresentation: 65% of these fraudulent offers involve the identity theft of regulated French authorities align their focus with the shift - ing landscape of fraud. In 2024, the ACPR centred its oversight on manipulation-based scams – which include “fake bank advisers”, at 32% of total fraud val - ue in 2024, accounting for EUR382 million in losses. The Observatory for the Security of Payment Means (OSMP) has simultaneously accelerated its crack - down on unauthenticated remote card payments (those bypassing 3-D Secure), which carry a fraud risk professionals to exploit investor trust. 12.2 Areas of Regulatory Focus
302 CHAMBERS.COM
Powered by FlippingBook