Transfer fraud is exploding despite banking controls. Faced with manipulation fraud, banks must analyze intent and behavior, beyond authentication.
On May 7, 2026, the Banque de France activated the FNC-RF system (National Account File – Fraud Return). This new tool strengthens the sharing of information between establishments on reported beneficiary accounts, without alone addressing the heart of the problem. According to the Payment Means Security Observatory (OSMP), transfers have become the epicenter of fraud: they account for 37% of amounts misappropriated in the first half of 2025, ahead of bank cards (34%).[1]. In one year, the associated losses increased from 160 to 230 million euros[2].
This progression cannot be explained by a weakening of technical systems. It is due to the fact that fraudsters no longer force the systems. They lead clients to initiate operations themselves in a manipulated context.
The illusion of conformity
Fraud by manipulation, or APP fraud (Authorized Push Payment), has become the predominant threat. Its progression is constant (+37% in one year)[3]particularly for transfers initiated via online banking (+54%)[4]. Here, the protocol is respected to the letter: strong authentication (SCA) is passed and the payment order is given by the holder himself.
Technically, the operation is impeccable. But contextually, it is flawed. Whether it is a false change of RIB after hacking of an email or bank identity theft (spoofing), fraud is based on manipulation of the customer in their decision-making. Historical devices, designed to detect formal anomalies, remain ineffective in the face of these apparently regular transactions. The challenge for banks is changing in nature: it is no longer just a question of verifying the identity of the originator, but of ensuring the legitimacy of his intention.
The limits of traditional controls
The arsenal deployed in recent years shows structural limits. Beneficiary Verification (VoP), which compares name and IBAN, is a useful but incomplete measure. A skillful fraudster knows how to use “mules” – these transit accounts recruited to launder funds – or create legal structures with names close to legitimate suppliers. Even more serious: when faced with an alert, a client under psychological influence will often ignore the warning, convinced of the urgency of the operation.
The Number Authentication Mechanism (MAN), designed to stem spoofing, is also undergoing the adaptation of criminal networks which are moving towards less regulated mobile channels. As for the FNC-RF, while it improves responsiveness by flagging accounts that are already compromised, it remains a remediation tool. It intervenes on a fraud already identified but does not prevent the initial act. In the instant transfer ecosystem, where funds are irrevocably transferred in seconds, the ex post response remains insufficient.
An increased requirement for vigilance
This context modifies the legal balance between the bank and its client. For a long time, the use of strong authentication was a determining element in assessing customer negligence. This principle is today qualified by the courts. Recent case law emphasizes that technical validation does not constitute legal consent if the customer’s vigilance has been impaired by sophisticated staging.
For establishments, the responsibility is shifting: it is now necessary to demonstrate an active surveillance posture. Failure to react to a weak signal, such as an unusual amount or a hastily created beneficiary, becomes a major legal risk. With the future European framework (DSP3 and PSR), this duty of vigilance will intensify, reinforcing the requirements in terms of prevention and detection.
From data analysis to behavioral intelligence
To adapt, risk assessment must become dynamic. Since the formal signals are green, the challenge is to exploit behavioral biometrics. The speed of entry or the sequence of pages consulted before the payment order are valuable indicators. A client under influence does not behave like a user performing a routine operation.
Another response consists of pooling detection models via federated learning. By pooling the detection of fraud patterns without exchanging confidential data, banks will be able to anticipate operating methods in real time. It is by learning from the attempts made by the entire Place that each establishment will be able to free itself from a purely reactive logic.
Strategic arbitration: fluidity and security
Instant transfer is the backbone of the European retail payments strategy. Its promise is that of total fluidity, but its speed is also an opportunity for fraud. Banks face a complex trade-off: meeting the requirement for fluidity while integrating increasingly fine-grained controls.
The viability of the model relies on this ability to decide in a few milliseconds. A bank that fails to analyze the context of its transactions is exposed either to high fraud costs or to a loss of competitiveness through excessive caution. The financial system must be able to evaluate the context of an operation at the same pace as it executes it. Otherwise, immediacy will remain a structural risk factor.
[1]-2-3-4 Payment Means Security Observatory (OSMP), Banque de Francereport on payment fraudfirst half of 2025