To fight against CPF fraud, the Mon compte training site adopts FranceConnect+

To fight against CPF fraud, the Mon compte training site adopts FranceConnect+

As of Tuesday, October 25, users of the www.moncompteformation.gouv.fr site will have to go through the FranceConnect+ authentication service to purchase new training courses. A twist that makes it possible to add additional verification of the identity of site users: FranceConnect+ is a version launched in 2021 of the FranceConnect online identity service that offers strong authentication, based on at least two factors, for most sensitive services.

While FranceConnect provides access to online services by reusing access credentials to other administrative services, FranceConnect+ offers more secure authentication through an approved provider. This device, which allows connection to more than 1,400 public services already covered by FranceConnect, was optional for the time being. This is the first time it has been made mandatory on a portal.

At the moment, only one provider allows you to connect via FranceConnect+: La Poste’s digital identity, which allows you to use strong authentication based on a username and password pair and a smartphone app to verify the identity of the Username. For users who do not have a smartphone or who do not wish to use the La Poste service, a special form will be made available in the “Help” section of the site, allowing them to subscribe to training without going through FranceConnect+.

Support system in post offices

A user service system will also be implemented in post offices, to allow users “verify your identity online, at the post office or at home by making an appointment with your mail carrier”, details the Interministerial Digital Directorate (Dinum), which oversees the system. It specifies that if La Poste Digital Identity is the only provider approved at the moment, others should be compatible in the future.

This technical choice shakes the National Federation of Local Elected Training Organizations (Fnofel), which regrets in a statement “one-sided change” force elected officials to submit to a “incomprehensible authentication system”, inadequate for the needs of local elected officials. The federation regrets a new stage in the forced digitization imposed by the Caisse des dépôts et des consignations – which has managed the My Training Account site since the beginning of 2022 – to the detriment of elected officials and the organizations dedicated to their training.

Fraudsters obtain the identifiers of the victim’s CPF account (…) to register the victim for fake training (…) and recover the sums in the account

This strengthening of identity checks on the platform is intended to better combat Personal Training Account (CPF) scams, which have become particularly prevalent since the transition from Individual Right to Training (DIF) to CPF in 2019. In this type of scam, scammers obtain the victim’s CPF account credentials, most often by posing as service representatives over the phone, and then exploit this access to enroll the victim in shoddy or fake training and so on. recover the sums present in the account.

Reinforced controls in 2022

In 2021, the organization for the fight against financial fraud Tracfin thus estimated at 43.2 million euros in 2021 the total related to declarations for suspected fraud in the CPF, compared to only 7.8 million euros for the year 2020. The deployment of new controls during the year 2022, however, seems to be bearing fruit: as explained by the Caisse des dépôts, the number of complaints of attempted fraud in the CPF during the year 2022 has increased from 8,207 in January from 2022 to 4 123 in August. A substantially equal trend on the Cybermalveillance.gouv.fr platform: on this platform, the number of reports of Internet users who are victims of CPF account fraud has dropped considerably since June after a peak in January, explains Jean-Jacques Latour, director of cybersecurity experience within the platform.

Also read: Article reserved for our subscribers The CPF, hunting ground for thieves

Parliamentarians study a bill aimed at prohibiting any commercial prospecting of personal training account holders

Parallel to this technical measure, parliamentarians are studying a bill aimed at prohibiting any commercial prospecting of holders of a personal training account, by phone, email or social networks. This text, approved by the National Assembly on October 7, provides in particular for punishing organizations responsible for this type of campaign with a fine of up to 75,000 euros for a natural person or 375,000 euros for a legal person. The text must now be validated by the Senate before its promulgation.

Other more general measures have also been taken to combat scams. Since January, organizations that wish to offer training on the My Training Account platform must, for example, have the Qualiopi seal, which guarantees a minimum level of quality for the content of the training. On FranceConnect, the connection to the tax site using the FranceConnect and Ameli identifiers was disabled in September due to an increase in fraud attempts. Caisse des dépôts specifies that it also uses artificial intelligence tools to detect fraud preventively and carry out checks with training providers according to reports.

Also read: FranceConnect: the connection button with Ameli partially disabled after security problems

#fight #CPF #fraud #Mon #compte #training #site #adopts #FranceConnect

Leave a Comment

Your email address will not be published. Required fields are marked *