Online payments and fraud: strategies for maximum security

With 2.6 billion transactions and €175 billion exchanged in 2024¹, the rise of e-commerce in France has made securing transactions and implementing effective strategies to fight fraud more crucial than ever.

In episode #204 of the Digital Doers podcast, Thomas Roth (Head of Fraud Prevention at BPCE Payment Services), Mathieu Vermot (formerly Director Global Merchants at Payplug), and Sarah Lamartine (Head of Payments & Fraud at FNAC Darty) joined Cyril Artur Du Plessis to share their insights and best practices on how to effectively fight fraud in the digital age.

Here’s what we learned from their discussion.

The challenge of securing online payments

E-commerce growth fuels fraud sophistication

The surge in online commerce inevitably draws the attention of fraudsters, from solo hackers to organised networks. These fraudsters are developing increasingly sophisticated techniques, including phishing, identity theft, and advanced malware.

Retailers today face a complex environment where striking the right balance between seamless user experiences and bulletproof payment security is critical.

"Digital customer journeys have expanded significantly. It’s now necessary to implement a full suite of protections to secure your revenue." - Sarah Lamartine, Head of Payments & Fraud, FNAC Darty

The imperative of frictionless checkout

The concept of frictionless payment, minimising customer effort during checkout, has become a strategic goal for every e-merchant. The key lies in leveraging exemptions from the Payment Services Directive 2 (PSD2) to smooth the buying journey while maintaining strong payment security.

Importantly, frictionless doesn’t mean unauthenticated. Instead, authentication is handled “silently” through behavioural and contextual data analysis, passed from your payment solution to the issuer.

To optimise merchants’ frictionless checkout journeys, Payplug offers a range of solutions:

• Smart 3-D Secure: A machine learning-powered tool that dynamically recommends the best authentication method based on your risk profile.
• FastPass: A unique connection protocol that secures up to 98% of frictionless requests for cards issued by the Groupe BPCE².

Data: the cornerstone of effective fraud prevention

The power of behavioural data

In today’s landscape, merchants are at the heart of an ecosystem where data is king. Deep analysis of behavioural and contextual data provides a critical edge in the ongoing effort to fight fraud.

According to Sarah Lamartine, Head of Payments & Fraud at FNAC Darty, this data builds a genuine “digital identity” for each buyer, helping distinguish legitimate customers from malicious actors by analysing their habits, interactions, and online journeys.

This approach, fully compliant with GDPR and CNIL, allows for refined risk segmentation. The result? A smoother experience for legitimate users and stronger barriers against fraud.

That’s why at Payplug, we offer dedicated services for fraud teams, helping you master your fraud rate and maximise your results.

The critical role of AI and machine learning

AI and machine learning are essential tools in transforming raw data into actionable insights.

These advanced technologies can detect weak fraud signals, stop attacks before they escalate, and process vast amounts of data to identify complex patterns and predict risk-prone behaviour.

As Mathieu Vermot explains, AI helps speed things up, enabling us to process ever-larger volumes of data with greater efficiency.

Shared intelligence is a force multiplier 

Sharing anonymised fraud data between merchants, payment providers, and banks creates a collective intelligence that strengthens defences across the entire ecosystem.

This kind of synergy is a powerful weapon in the ongoing mission to fight fraud.

The technologies safeguarding payment security

Tokenisation: the future of card data protection

Tokenisation involves replacing sensitive card data (like the card number) with a unique token. Linked to a specific customer and merchant, this token creates a secure transactional identity while reducing the risk of data leaks.

But that’s not all. Tokenisation also improves acceptance rates. Since the PAN (Primary Account Number) is no longer required to identify the customer, merchants reduce failed transactions due to expired or lost cards, especially valuable for subscription-based businesses.

Click to Pay: frictionless meets future-proof

The future of online payment lies in radical simplification. Soon, manually entering credit card information will be a thing of the past.

Click to Pay is a new initiative supported by Visa, Mastercard, and CB. It allows shoppers to validate purchases with a single click, much like digital wallets such as Google Pay and Apple Pay.

This innovation promises a faster, more fluid experience across web and mobile platforms. As it becomes more widely adopted, Click to Pay could transform the way we approach online payments.

What lies ahead for e-merchants in 2025 and beyond

Experts agree: merchants must continue to invest in best-in-class payment security while staying agile in the face of rapid technological and regulatory changes.

This calls for continuous investment in research and development, along with proactive regulatory monitoring to stay compliant with new directives like PSD3.

The top priorities going forward include:

• Building shopper trust through transparency around security practices.
• Investing in next-generation technologies like AI and tokenisation to anticipate fraud and improve resilience.
• Adapting payment flows to local buying habits and cultural preferences.
• Enhancing collaboration between players in the payment ecosystem to share threat intelligence and best practices.

1. Fevad, e-commerce report 2024 ; 2. Payplug data, Q4 2023 — FastPass can only be activated when Payplug hosts the cardholder’s payment data in a tokenised format.