Related articles

Why avoid nested STIs | ActiveRecord, Rails 6

Inheriting nested single tables does not work well. Here's what you need to know to make it work or bypass it.
5 minutes
Read the article

Archinvest, the new player in private equity and club deals

Capsens had the pleasure of developing a new major player in the democratization of private equity in Europe: Archinvest
2 minutes
Read the article
The French newsletter for Ruby on Rails developers. Find similar content for free every month in your inbox!
Register
Share:
Blog
>
How to reduce the risks of bank card fraud on a fintech platform 💳

How to reduce the risks of bank card fraud on a fintech platform 💳

Reducing the risks of bank card fraud on a fintech platform 💳

Bank card fraud has become an essential subject for fintech platforms. Phishing, identity theft, fraudulent arrangements... scammers are redoubling their ingenuity, especially when it comes to platforms that allow funds to be stored and withdrawn. PSD2 has clearly improved the situation in Europe, but it alone is not enough. And that's where things get interesting 👀

Why is PSD2 not enough to eliminate fraud?

The strong authentication imposed by PSD2 (such as 3D Secure) is a major advance against bank card fraud. However, it has several limitations.

PSD2 is relatively recent and still applied unevenly across banks and states.

It only applies in the European Union, which leaves a large gray area internationally 🌍

Even with strong authentication, the risk of fraud is never completely zero.

In other words, complying with PSD2 is essential, but insufficient when operating a fintech platform exposed to financial flows.

Concrete example of fraud despite 3D Secure ⚠️

Let's take a real case. An Internet user makes a payment of 500€ on a commercial site that seems reliable: HTTPS active, no alert on Google, and validation via 3DS. Everything is reassuring... and yet.

The site is actually a phishing site. Bank card details are retrieved in real time and used immediately to make a payment of the same amount on an account opened with an impersonated identity on an online bank.Result: the user loses his money, despite all the apparent “best practices”.

👉 This scenario, far from being theoretical, was encountered by a fintech client.

Does zero risk exist when it comes to fraud?

The answer is simple: no. In IT, zero risk does not exist. New flaws are constantly emerging, sometimes dramatically. The objective is therefore not to completely eliminate bank card fraud, but to drastically reduce its probability and impact.

Solution 1: fight against identity theft with video KYC 🎥

The core of the problem often lies in identity theft. Stolen documents easily circulate online and make it possible to bypass traditional KYC checks.

Video KYC provides an effective answer to this problem. It makes it possible to verify that the person creating the account corresponds to the documents provided, thanks to a facial video comparison.

The checks relate in particular to:

The authenticity of the identity document

the absence of modification via retouching tools

the consistency between the face and the documents provided

However, this solution has some limitations:

An additional step in the registration process

a potential impact on the conversion rate

A cost per verified user

Despite this, video KYC is now one of the most reliable ways to reduce identity fraud.

Solution n° 2: manually control certain debit requests 🧐

Regardless of the type of fraud, some weak signals come up frequently:

Several credits per bank card, sometimes with different cards

A recently created account with little or no traditional activity

A request for a quick withdrawal of the credited funds

In these cases, manually verifying debit requests can significantly reduce the risk. An administrator analyzes the request based on available information: credit history, amounts, geography, signals transmitted by the payment provider.

If the procedure seems suspicious, the account can be reported to the payment provider, who will take over in the fight against fraud and money laundering.

However, this approach has its limits:

It is time consuming

it introduces a risk of human error

It extends the withdrawal times for the user

In conclusion 🧠

There is no magic bullet against bank card fraud. The most effective approaches combine technical tools, human controls and fine analysis of behaviors.A fintech platform perceived as more permissive than average quickly becomes a preferred target. Anticipating these risks means protecting its users... and its credibility.

Chez Capsens, these issues are addressed very early in the design of fintech platforms, because reducing fraud is not only a question of compliance, but also of lasting trust between a platform and its users.