$3.05 billion in reported losses to business email compromise in 2025 (FBI IC3).See the numbers by country →
€351M

in fraudulent credit transfers (virements) in France — up 12% in value in a year, on the instrument every French supplier invoice is paid with

Banque de France, OSMP annual report 2024 · Calendar 2024

+170%

growth in requests for help with "fraude au virement" — fake bank details and fraudulent transfer orders — to the French government's cybercrime victim service, to 13,000 requests

Cybermalveillance.gouv.fr, 2025 activity report · Calendar 2025

The numbers

What France loses to payment fraud.

42%

of French companies hit by external fraud cited fake-supplier fraud (fraude au faux fournisseur) — the most common technique, just ahead of fake-customer fraud at 41%

Allianz Trade / Odoxa fraud barometer, 2026 · 12 months to mid-2026

27%

of French micro-enterprises carry insurance against fraud, against 74% of large companies — the smallest firms have the least financial backstop

Allianz Trade / Odoxa fraud barometer, 2026 · Published June 2026

Behind the numbers

How these losses actually happen.

France is one of the few countries in Europe that counts this crime properly. The Banque de France's payment-security observatory (OSMP) reports fraud by payment instrument, and it puts credit-transfer fraud — the rail every supplier invoice rides on — at €351 million in 2024, up 12% in value in a single year. The EU's own supervisory data independently reports almost exactly the same figure for France, at €350,992,884.

The business-specific number is the one to watch. French police (DNPJ) log "faux ordres de virement" — FOVI — as a distinct category covering supplier bank-detail substitution and CEO fraud. In 2024 they recorded 649 such cases against businesses, public administrations and local authorities, worth €34 million. The Banque de France cautions that DNPJ figures are revised upward as late complaints arrive, and describes them as a representative but not exhaustive sample.

The government's own victim-support service shows the trend sharply. Cybermalveillance.gouv.fr logged around 13,000 requests for help with transfer fraud in 2025 — a 170% increase in a year — and for businesses and associations specifically, transfer fraud rose 93% to become one of the top three threats they seek help with. Its definition is precisely our subject: impersonating a creditor, CEO fraud, and hacking a mailbox to send a bank-detail change or an invoice carrying a substituted account.

Survey data fills in the rest. In Allianz Trade's 2026 barometer of 315 French business leaders and finance directors, 60% of SMEs had faced at least one fraud attempt in the past year, and fake-supplier fraud was the single most common external technique, cited by 42% of victim companies.

What the system covers

The Cour de cassation has ruled: being defrauded is not the bank's problem.

France's Code monétaire et financier (L133-18) gives payers a strong, fast refund right — the bank must reimburse by the end of the next business day — but only for transactions the payer never authorised. A transfer your own employee issued after being deceived is legally an authorised operation, and it falls outside that protection entirely. There is no French equivalent of the UK's mandatory reimbursement scheme for authorised push payment fraud.

Recent case law has made that unusually explicit. In two rulings on 12 June 2025, the Cour de cassation's commercial chamber held that the mere fact a company fell victim to CEO fraud does not establish the bank's liability: the victim must show an "anomalie apparente" — a visible irregularity in the transfer itself. A valid transfer, within limits, to an EU bank, authorised by an empowered employee, creates no liability for the bank even when it was fraudulently induced. A further ruling on 14 January 2026 reaffirmed banks' duty of non-interference in orders that appear regular.

Verification of Payee has been live in France since 9 October 2025, under the EU Instant Payments Regulation. French banks check the beneficiary's name against the IBAN and return match, close match, no match, or cannot-verify — free of charge. But the Fédération bancaire française is clear that the customer keeps full freedom to proceed after a mismatch warning: it advises, it does not block. A law of 6 November 2025 goes further, creating a national registry of IBANs flagged for fraud risk, expected to go live in May 2026 — the Banque de France says the effects of both measures should only become visible in the 2026 data.

What this means for you

French SMEs are the most targeted and the least insured.

The pattern in the French survey data is consistent: 60% of SMEs faced a fraud attempt in the past year, fake-supplier fraud is the most common external technique against companies that get hit, and only 27% of micro-enterprises carry any fraud insurance — against 74% of large companies. Smaller firms absorb the same attacks with a fraction of the backstop.

The FOVI numbers are not broken down by company size, so no French source isolates SME-only losses — but the mechanism does not care how big you are. A compromised mailbox, a plausible "nous avons changé de banque" message mid-invoice-run, and a valid transfer leaves the account. After the Cour de cassation's 2025 rulings, that transfer looks entirely regular to the bank, and the loss stays with the company.

Verification of Payee helps at the keystroke. It cannot help when the fraudster supplies a name and an IBAN that match each other perfectly — which is exactly what happens when a supplier's own email thread is hijacked. That is the gap PayHQ closes: every incoming invoice is checked against the supplier record your team already verified, and a changed account is flagged for a human before the payment run.

FAQ

Common questions about fraud in France.

What is FOVI?

"Faux ordre de virement" — fraudulent transfer order. It is the French police category covering supplier bank-detail substitution and CEO fraud against organisations. In 2024, the DNPJ recorded 649 FOVI cases against businesses and public bodies, worth €34 million.

Will a French bank refund my company after a fraudulent transfer?

Usually not. L133-18 of the Code monétaire et financier requires refunds for unauthorised transactions only, and a transfer your employee issued is authorised. The Cour de cassation ruled on 12 June 2025 that being a CEO-fraud victim does not by itself make the bank liable — you must show an apparent anomaly in the transfer.

Does Verification of Payee stop supplier invoice fraud in France?

It helps, but it warns rather than blocks — the payer can proceed past a mismatch — and it cannot detect the core problem: a supplier's bank details changed through a compromised email thread, where the name and IBAN the fraudster gives you match each other perfectly.

Sources & methodology

Where these numbers come from.

Every statistic on this page was checked against the named source in July 2026. France's figures come from two different systems: the Banque de France reports fraud value collected from payment providers, while the DNPJ counts police-recorded FOVI cases against organisations — the Banque de France notes these police figures are a representative but not exhaustive sample, revised upward as late complaints arrive. Figures describe what each source measures — reported losses are not the same as total losses, and most fraud goes unreported. National figures are not directly comparable between countries, because each country counts differently. When a figure cannot be verified against a primary source, we remove it rather than keep it.

Other countries

Compare with other EU markets.

Protect your supplier payments in France.

PayHQ checks every incoming invoice against your verified supplier records and flags changed bank details before the payment goes out.