Online payment: how do you manage the risk of fraud?


Post Image

The market for online payment solutions has grown considerably in response to the increasing digitisation of business, particularly in the B2C e-commerce sector. 

Fevad published a study on Internet sales in the 2nd quarter of 2023 as part of Paris Retail Week from 19 to 21 September 2023. 

The result today is spectacular: France is one of the leading countries for e-commerce and one of the most dynamic markets in Europe. 

Similarly, according to this study, the e-commerce sector (products and services) grew by 8.3% in one year, reaching €39.3 billion in the 2nd quarter of 2023. 

The number of merchant sites has also risen by more than 7% in one year.

While the vast majority of online transactions go off without a hitch, it cannot be overlooked that payment scams do still occur. 

Fraudsters take advantage of this large online offer to hack consumers’ bank accounts and carry out fraudulent transactions.

In this article, we explain the various solutions for managing the risk of fraud in online payments, whether made by bank card or direct debit

Understanding the types of online payment fraud 

In 2022, according to the public cybercrime website, the main reasons for customers seeking a solution to cyberattacks were as follows:

  • Phishing (27%) is a remote scamming technique used by malicious individuals.

    → It tries to  trick online users into disclosing sensitive personal data on a web page, such as login details, credit card numbers, passwords, social security numbers or other confidential data;
  • Account hacking (22%) means illegally obtaining access to a computer account belonging to a person or organisation.

    → This type of activity is generally carried out by hackers with the aim of stealing personal data, obtaining a financial advantage, distributing malware, disrupting remote operations or other illegal activities;
  • Ransomware (19%) is a portmanteau word combining “ransom” and “software”.

    → It refers to a specific type of malware designed to encrypt files or access to a computer system, then demand a ransom from the victim to decrypt the data or restore access to the system. Ransomware is used by cybercriminals to hold the victim’s data hostage.

Each year, the Observatoire de la sécurité des moyens de paiement brings out an annual activity report 

As part of its 2022 annual report, it posted an overview of online and offline payment methods and, more specifically, fraud.

Although the volumes are not the same for the two payment solutions, this overview highlights a fraud rate of 0.056% for card payments and a fraud rate of 0.001% for direct debits.

It should be noted that the figures for direct debit fraud could be considered overestimates, as they remain self-reported to date.


Source: Observatoire de la Sécurité des Moyens de Paiement, 2022.

  • Credit card fraud

The fraudsters adopt a strategy of acquiring both a physical bank card and its PIN code, then using them in person to make transactions at the point of sale or a cash machine. 

Alternatively, they can search for bank card data to use to make online transactions, i.e. without physically having the card.

In addition, there is a growing trend towards social engineering fraud. 

Social engineering attacks, phishing and vishing (voice phishing) attempts are also on the increase, and are often used in conjunction with malware.

  • SEPA Direct Debit: the main types of fraud

SEPA Direct Debit fraud occurs when malicious individuals or entities attempt to initiate unauthorised or fraudulent direct debits from the victim’s bank account.

Here are a few examples of common frauds involving the SEPA Direct Debit:

  • Unauthorised direct debits: Fraudsters try to initiate direct debits without the victim’s consent. This can be done by using false information on the mandate or bypassing the authorisation validation process;
  • Use of falsified mandates: Fraudsters falsify direct debit mandates by changing the beneficiary’s details, the amount, or the authorised payment frequency. This can lead to unauthorised debits from the victim’s account;
  • Fake mandate fraud: Fraudsters create fake direct debit mandates by impersonating a legitimate company. They can then use these mandates to take money from the victim’s account.

How can credit card fraud be prevented?

Here are a few tips to help you, as a merchant, protect your customers from credit card fraud through your payment solution:

  • All stages of your payment flow must be secured.

    → To secure your checkout page, you must have an SSL certificate issued in your name and installed on your web page. 

→ This certificate offers additional protection against piracy, as well as a higher level of security for bank card holders;

  • Check for unusual rejected payments and payments made in unusual locations;
  • The most effective way of preventing fraud remains 3D Secure.

    → Two-factor authentication for each transaction helps to keep fraudsters at bay.
    → If the consumer disputes the transaction claiming that they were not behind it, and a chargeback results, the merchant cannot be held liable for the fraud if two-factor authentication has been used.

How can SEPA Direct Debit fraud be prevented?

SEPA Core (B2C) direct debits offer the consumer significant protection on several levels:

  • Regarding notification, merchants are obliged to inform their customers in advance of the amount to be debited ;
  • For refunds, customers can claim them for up to 8 weeks for authorised direct debits and 13 months for unauthorised direct debits (proof that the direct debit was unauthorised is required);
  • Concerning control over transactions, customers have the option of:
  • Managing their direct debits on a case-by-case basis or creating blacklists (blocking SEPA Direct Debits from certain merchants) and whitelists (authorising SEPA Direct Debits from certain merchants only);
  • Defining maximum payment amounts and specifying their frequency;
  • Blocking all direct debits from their bank account.

In the case of SEPA B2B direct debits (between professionals), the protection offered is more limited, but it offers merchants better payment guarantees:

  • In terms of notification, customers are informed in advance of each payment;
  • Concerning refunds, customers are not entitled to get their money back (the payment is irrevocable);
  • Before debiting the payer’s account, the bank must ensure that each condition has been correctly met and approved by the payer, and that the mandate information collected for each direct debit matches the information on the original mandate. The bank must also comply with any additional authentication instructions given by the payer. This is essential, given that there is no right to a refund.

The SEPA Direct Debit remains a very secure means of payment for customers compared with other payment methods such as bank cards. 

Customers simply have to enter their IBAN to make a payment directly from their bank account. 

With the risk of fraud considerably reduced, direct debit offers customers excellent protection!

Our SlimCollect Verify module also enables you to collect a verified IBAN directly from your customer’s bank, in a seamless, error-free and ultra-secure path, and these are not the least of the advantages. 

Here is an example of this recurring payment path using the SlimCollect Verify solution on smartphone:

Read also :

Using SEPA Direct Debit for your subscriptions and recurring payments – 2024 Guide

SEPA area: Europe, single economic area, history and regulations

Eurozone countries: How can transaction costs be optimised in Europe?

Cancellation of a SEPA Direct Debit: how it works and the impact for merchants.

Banking mobility: Good or bad for your recurring payments?