Project XBY

Europe · GDP rank #7

France

FR · EUR @ 1.1595/USD

The French retail payments stack is dominated by the Cartes Bancaires domestic scheme, which co-brands with Visa and Mastercard and handles roughly three of every four card transactions at French POS. SEPA Instant Payments have moved from an opt-in experience to a regulatory baseline under the EU Instant Payments Regulation, and domestic wallet integration is consolidating around Wero, the pan-European wallet launched by the European Payments Initiative. France retains relatively resilient cash use but digital growth is strong on both rails and card fronts.

Tab 06

Fraud & security

Headline fraud totals and typology splits, the rollout of EMV chip, tokenisation, 3DS and biometrics, and the controlling data-protection and payments statutes.

Annual fraud losses

€464M −9% vs 2023

EUR · 2024

OSMP is the official fraud observatory operated by Banque de France.

Loss rate

5.6bp

basis points on transaction value · 2024

CNP share of fraud

78%

% · 2024

Fraud typology

Where losses come from

Card-not-present dominates every developed-market fraud profile — counterfeit and lost/stolen have both been mechanically suppressed by EMV and tokenisation over the last decade.

Share of card fraud

  • Card-not-present (ecommerce)78%
  • Lost/stolen13%
  • Counterfeit/skimming3%

Authentication

What's deployed on cards today

EMV is the floor; tokenisation removes PAN from merchant systems; 3DS covers the CNP flow; biometric auth drives device-level wallet transactions. Adoption gaps between markets are the clearest signal of fraud-regime maturity.

EMV chip penetration

100%

% · 2024

Tokenised transactions

38%

% · 2024

3DS coverage · CNP

92%

% · 2024

Among the highest SCA coverage rates in the EU; France was among the first Member States to enforce the SCA deadline firmly.

Biometric mobile wallet txns

96%

% · 2024

Consumer protection

Framework
PSD2 as transposed; Code monétaire et financier
Max consumer liability
€50 for unauthorised card transactions; €0 for unauthorised transactions reported after block
Liability rules
Issuer bears the loss for unauthorised card transactions where the consumer has not been grossly negligent. SCA exemption abuse risk shifts to the merchant. For APP scam (virement autorisé) there is no harmonised EU reimbursement right equivalent to the UK's 2024 regime; French consumer protections rely on negligence-based liability and voluntary charters between banks.

Source · Banque de France

Security standards

  • PSD2 Strong Customer Authentication (in force 2021)
  • PCI DSS 4.0 (mandatory March 2025)
  • MiCA — CASP cybersecurity requirements
  • DORA (Digital Operational Resilience Act) in force January 2025
  • NIS2 Directive (transposed 2024)