Personal data protection in the crosshairs of the mediation service
Marie-Christine Caffet, Mediator with the French Banking Federation (FBF) since October 1, 2018, expresses concern, in the Mediation Department's 2019 report, about the protection of personal data. She states in the introduction to the report, "The salient point is that of the ever-increasing proportion of cases of fraud and scams carried out from online banking instruments and affecting payment means and transactions."
According to her, the fraud operates without distinction of socio-professional category, age or geographical area: "All clienteles are affected, city dwellers as well as rural dwellers, senior citizens as well as young working people, property owners as well as modest savers." The same applies to banking establishments, which are affected in the same way "whether they are network banks or online banks, private banks, branches of foreign banks or more specialized establishments".
Scams linked to "carelessness" in encoding the personal data of devices used by customers are numerous. For example, smartphones and connected watches sometimes have security flaws, but the ombudswoman also recognizes that attacks are becoming increasingly sophisticated, exploiting the slightest security flaw.
Back in 2018, the Observatoire de la sécurité des moyens de paiement recommended several security measures, such as strong authentication systems, in-depth risk analyses, and the implementation of a contractual framework to protect customers.
An example of a connected watch scam
The annual report from the FBF's mediation service illustrates its point with a few examples of payment-related scams: from a scam involving the recovery of data by a site posing as Le Bon Coin to the usurpation of the identity of the customer's bank through a fraudulent e-mail, the cases are varied and almost always linked to the use of online banking services.
In one of the cases handled by the mediation service, a connected watch was at the root of the scam. Two debits totalling over 2,000 euros were made from this watch, which had a security flaw. In fact, this model did not feature a strong authentication system requiring the entry of a code or the analysis of biometric data for each transaction.
Recommendations to customers
However, new payment methods are not always directly to blame. Sometimes, the security flaw is linked to the very use made of them by the consumer.
For example, in its 2018 report, the Observatoire de la sécurité des moyens de paiement already recommended that customers regularly update their mobile's operating system, choose complex security codes, only use trusted apps, or not make payments when using an unsecured connection, on a public Wifi network for example.