Daily reflex for some, reluctance for others, drawing your bank card to shop on the Web has many advantages but also implies a good deal of caution.
Train or plane tickets, groceries, books, flowers, multimedia products, press… almost everything can now be purchased on the Web. A mode of consumption reinforced a little more for two years with the crisis linked to the Covid-19 pandemic and the obligation for everyone to stay at home while continuing to live and therefore shop from home. According to the BPCE barometer (Banque Populaire caisse d’Épargne – Editor’s note), the year 2021 even represents a record for online commerce with a 20% increase in the overall amount of expenditure compared to 2020. And to validate your purchases, the credit card remains the preferred means of payment. According to a study conducted at the end of 2021 by Ipsos for Adyen (a Dutch company specializing in payment solutions), 82% of consumers use their card to pay for their online purchases. However, the same study specifies that for 89% of them, the security of payment represents the main criterion for the validation of the purchase, before the delivery options and the diversity of the means of payment. A sign that trust does not always necessarily reign.
Is online payment by credit card reliable?
Providing banking information when making an online purchase remains an innocuous practice for many online shoppers. Card number, holder’s name, expiry date and visual cryptogram (the three digits on the back of the card) are however extremely sensitive data. A malicious person who gets their hands on this information could quickly empty your account by shopping for you. Nevertheless, security is being strengthened more and more to avoid this kind of inconvenience, in particular thanks to the security processes put in place by the banks. In its quarterly barometer of the e-commerce audience in France published in September 2021 and focusing on the second quarter of that same year, the Fevad (the e-commerce and distance selling federation) and Médiamétrie indicate that ” banking apps are widely adopted by the French: 72% of online shoppers have downloaded their bank’s app and of these, 91% use it to authenticate their online purchases, the vast majority (73%) via a code: this is even the case for 83% of people aged 50 and over “. The bank’s application is thus presented as a real guarantee of security. It is mainly based on 3D Secure authentication. This online payment security system, created by the international issuers Visa and MasterCard, makes it possible to check that the cardholder is indeed the one who makes the payment behind his computer. The use of 3D Decure by e-commerce sites is symbolized by the presence of the “Verified by Visa” and “Visa Secure” logos. “CB Secure Payment”, “MasterCard SecureCode” or “MasterCard Identify Check” on the payment page.
In this case, the bank requests the entry of a single-use code received by SMS, the validation of a notification on the banking application, authentication by fingerprint or facial recognition on the smartphone… In short, a means of proving that it is indeed the owner of the bank card. Without this authentication, it is impossible to validate the payment. And, since May 15, 2021, this strong authentication is required for payments from 30 euros.
As for those who do not have a smartphone or who do not wish to install their bank’s application, they can continue to pay for their online purchases by card but they must enter a password associated with a code received by SMS or provided by box that their bank issued to them.
Should sites save credit card details?
It’s all about trust. If you go to the website of an unknown e-merchant or one located outside of France, it is not recommended to leave your credit card details there. We even advise you to use another means of payment such as Paypal for example which allows you not to expose such sensitive data (read our practical sheet). However, if the e-merchant is a well-known brand, nothing prevents you from registering your details there in order to simplify your next purchases. In their barometer, Fevad and Médiamétrie indicate that “trust is gradually gaining credit card users, since more than half of them (51%) accept that their card number is registered by the sites to facilitate subsequent purchases “.
Similarly, you may be tempted to save your credit card details directly in your browser so that you do not have to enter them each time necessary. Again, it’s all about trust. If you are the only user of your computer and it does not leave your home, you can register them there.
Are you reluctant to provide your credit card details to make an online payment? Note that some establishments such as Société Générale, Banque Postale, LCL, Banque Populaire, Caisse d’Epargne or even BNP or Crédit Mutuel offer an e-credit card service (whose trade name may vary from bank to the other). The principle is simple: when paying online, from a computer or mobile, the bank provides a single-use virtual payment card number. The e-commerce site to which you provide this number will not be able to reuse it. Main advantage: you never provide your real credit card information. Another possibility is to opt for a card with a dynamic cryptogram. Here, the three digits of the visual cryptogram (CVV) indicated on the back of the card change regularly and randomly. In this way, if your credit card data were to be stolen, they would be unusable without having your physical card in view. This service is mainly offered by Société Générale and BNP. It is chargeable (from 12 to 52 euros per year).
What to do in case of doubt about an online purchase made with a bank card?
If you notice a transaction carried out with your bank card that you did not initiate and that has not been verified by your bank using strong authentication, you must immediately inform your bank. You have a period of 13 months after the debit for this. If your bank is unable to prove the use of the 3D Secure system (and therefore you have had to validate the debit with strong authentication), the transaction is deemed unauthorized. The bank is therefore required to immediately reimburse you the full amount or amounts debited as specified article L133-18 monetary and financial code.
If you are still in possession of your card but its data has been used on the Internet (without 3D Secure procedure) you must notify your bank by registered letter within a maximum period of 13 months if the fraud comes from a country of the European Economic Area or within a maximum of 70 or 120 days (depending on the contract taken out with your bank) following the date of the debit if the fraud originates from a country located outside the European Economic Area.
Finally, you can also oppose the card by contacting the number provided by your bank or the interbank number on 0892 705 705. You must confirm this opposition with your bank by registered letter. Also remember to make a report on the platform Percival put online by the Ministry of the Interior. This declaration will allow you to be compensated more quickly by your bank.
