Matthew Platten est un expert de la lutte contre la fraude bancaire, la protection des victimes et la détection du blanchiment d’argent au service des institutions financières. Il est basé à Paris.

Pour lire cet article en anglais, cliquez ici.

Imagine this: A small debit appears on your bank statement — just a few euros, easy to miss. The same thing happens to thousands of other customers on the same day. Each charge looks routine, but together they funnel large sums into criminal hands before anyone notices.

This is Single Euro Payments Area (SEPA) fraud, a new weak spot fraudsters are exploiting in France’s payments system.

France is now seeing a sharp rise in this highly organized scheme. Used across Europe, SEPA Direct Debit (known as prélèvement SEPA in France) was designed to let businesses securely collect payments from customers’ bank accounts with prior authorization. But criminals are twisting the process, taking advantage of national procedures rather than weaknesses at any single bank.

The hard truth is that flaws in France’s direct debit system give fraudsters ample room to act. Meanwhile, banks — despite acting responsibly and doing everything they can within the rules — are left to shoulder the financial and reputational fallout.

Closing the gap requires new defenses. Behavioral intelligence offers a potential solution.

How the SEPA scheme works

These SEPA fraud attacks often start the same way: A criminal opens a professional account using falsified identity documents and a forged or misused KBIS extract (a company’s official identity card). Then, through standard, bank-mediated channels, the criminal requests an Identifiant Créancier SEPA or an insured cash sweep account (ICS), the unique ID that lets a business collect payments. Because fake documents can look convincing, and verification checks follow routine processes, banks frequently approve the request.

Armed with an ICS, the fraudster then initiates many small direct debit requests against lists of international bank account numbers (IBANs) and account-holder names purchased on illicit marketplaces. They send these debits through creditor portals or bank interfaces, carefully adjusting the timing and amounts so the activity looks normal and avoids detection. The stolen money first lands in a freshly opened account, then is quickly moved through other accounts, often abroad, so that by the time anyone notices, the original account is empty.

Most victims don’t spot a small, suspicious debit on their account, and only a few file complaints right away. By the time the bank investigates, the fraudster’s account has been drained and shut down. The bank must then reimburse the victim, even though the payment system technically worked as designed, leaving the bank with the loss while the criminal disappears.

Why banks can’t simply stop these debits

This is not a question of bank negligence. It’s about how the system is built. SEPA puts consent management in the hands of the business, leaving the bank without direct evidence of the customer’s approval. So, when a debit request arrives, the bank has little visibility into whether the customer actually authorized it.

When a debit is disputed, French consumer protection rules require banks to quickly investigate and reimburse, since pull payments (where the business initiates the charge and money is “pulled” from the customer’s account) don’t use strong authentication. This rightly protects consumers, but it also leaves banks with few ways to prevent fraud before the money is gone.

Compounding this, the process of getting an ICS is designed to be fast and service-oriented to support legitimate businesses. Tightening those entry gates without better intelligence risks creating false positives, blocking real companies, frustrating small businesses, and harming commerce. But fraudsters are gaming the system, running thousands of tiny debits across countless victims and accumulating large sums while staying under the radar.

A potential path forward

To solve this challenge, the industry must more closely examine user behavior in real time, not static documents or after-the-fact disputes. This is where behavioral intelligence offers a potential solution, detecting risk at every stage of the SEPA direct debit journey.

• During online account opening and ICS requests: Behavioral solutions are highly effective at spotting signs of expert users interacting with individual consumer accounts (rapid tabbing, scripted field entries, repeated copy-and-paste of company details, devices tied to past risky activity, etc.), even when documents look flawless. In the future, the same strategies might be applied to business accounts.
• On creditor portals: If the industry could set a benchmark for how legitimate users interact with/in these portals, behavioral intelligence might detect automation tools like macros or emulators, abnormal typing rhythms when entering IBANs, and list-based activity (paste → submit → repeat) that points to batch fraud. It might also flag sessions that show sudden bursts of activity from a new ICS, especially outside normal business hours.
• On the beneficiary (mule) side: Behavioral solutions can catch mule behaviour, such as new accounts with unusual navigation, the same device linked to multiple unrelated profiles, or cash-out patterns (login → inbound debit → quick outbound transfers). This allows banks to hold funds or trigger extra checks before any money leaves the system.

These are precisely the patterns BioCatch’s behavioral risk engine is built to uncover. Unlike device reputation or document checks, behavioral intelligence stays effective even when criminals change identities, tools, or IPs. And because it runs passively in the background, it provides precision without creating friction for legitimate users.

What leading banks in France can do now

1. Be smarter with ICS approvals. Use behavioral and device signals to flag only suspicious applications, instead of slowing down every new business customer.
2. Monitor new ICS accounts closely. For the first 30 to 90 days, set stricter limits and alerts. Send risky sessions for extra checks or delay settlement until reviewed.
3. Add checks in creditor portals and back-office systems. Track behavior where debit files are uploaded or instructions are created to catch automation or mass copy-paste patterns early.
4. Stop mule accounts faster. Link behavior and devices across accounts to spot money-mule activity and block cashouts before funds disappear.
5. Speed up investigations while staying compliant. Follow French rules on reimbursements but give investigation teams behavioral evidence to resolve cases faster and recover more.

SEPA fraud has exposed a structural gap in France’s payments system, one that criminals are quick to exploit. By strengthening ICS approvals, monitoring new accounts, implementing creditor portals, blocking mule cash-outs, and accelerating investigations, leading banks can close that gap. With behavioral intelligence at the core, they can protect customers, reduce losses, and restore confidence in a system that fraudsters are working hard to undermine.