GDPR and fraud prevention: a historic and strategic commitment for Oneytrust

1. The GDPR, a structured framework for data protection

Adopted in 2016 and effective since 25 May 2018, the GDPR has profoundly transformed the way companies collect, process and secure personal data.

Its objectives:

• Strengthen the rights of European citizens.
• To make companies more accountable in their use of data.
• To harmonise rules within the European Union.

For the anti-fraud sector, the impact is significant: the detection of anomalies and suspicious behaviour relies on the analysis of many types of personal data (identity, payment methods, transaction history, etc.). The GDPR therefore requires a balance between security, performance and respect for individual freedoms.

2. A legacy of innovation and security with our historic CNIL authorisation

Long before the GDPR came into force, Oneytrust had already adopted this approach to compliance.

In fact, we benefited from a historic agreement (FIA-NET in 2005 and Oney Tech in 2013) with the CNIL, authorising the pooling of our customers’ data, mainly in the e-commerce sector, subject to guarantees of privacy. Oneytrust has thus become the only French player to benefit from such extensive experience in data sharing, spanning more than 20 years.

This authorisation, developed in collaboration with the supervisory authority, has made it possible to:

• To significantly streamline the journey time for customers already known in our database,
• To identify anomalies and fraud trends more effectively by relying on velocity and using our fraud experts to make decisions,
• To protect both consumers and merchants,
• while ensuring a high level of personal data security.

This expertise was even cited by the CNIL in its 2021 White Paper, proof of the added value and pioneering nature of our approach.

3. A stronger internal GDPR culture

The implementation of the GDPR marked a new stage: beyond technical measures, we focused on fostering an internal culture of compliance.

At Oneytrust, every employee plays a role in data protection, thanks in particular to:

• mandatory annual training,
• regular awareness campaigns and monthly newsletters,
• the systematic involvement of our Data Protection Officer (DPO) and compliance team in our projects,
• the implementation of a data protection impact assessment on all our projects that have a structural impact on personal data,
• a continuous improvement process to adapt our practices to regulatory changes.

This collective effort means that compliance is not only perceived as a legal and regulatory issue by our teams, but more as a shared value in our daily work, by design, and acts as a differentiating factor for Oneytrust in a landscape of anti-fraud players, many of whom are based outside Europe.

4. Enhanced security thanks to our membership of a major banking group

Our membership of the BPCE group, France’s second-largest banking group, imposes particularly high standards in terms of security and compliance. Banking institutions are subject not only to horizontal regulations but also to numerous sector-specific regulations due to the critical nature of their activities.

This is reflected in particular by Oneytrust’s active participation in the Oney group’s DPO community, where we share best practices and regulatory monitoring, the implementation and execution of ongoing internal controls (quarterly, half-yearly, annual) that require the commitment of all our teams, and the integration of banking standards into our contractual processes (GDPR annexes, security clauses). All this is coupled with advanced technical measures: regular security tests, data flow security, etc.

Oneytrust’s commitments reinforce the robustness of our systems and the trust placed in us by our customers, placing compliance by design at the heart of our decision-making processes and projects.

5. Data protection: a key lever in the fight against fraud

Trust is the cornerstone of the fight against fraud. Consumers and businesses alike must be assured that their data is protected, even in the most sensitive contexts.

At Oneytrust, we consider compliance with the GDPR to be a strategic weapon. We see it as an opportunity: an opportunity to legitimise our role as a trusted intermediary, to ensure that the fight against fraud is conducted in a manner that respects individual freedoms and privacy, while also preparing for the future.

Indeed, with the proliferation of artificial intelligence applications, new challenges are emerging. In order to counter the increasingly widespread use of AI by fraudsters, it has become essential for those involved in the fight against fraud to increase their use of AI. This allows us to remain adaptable and effective in the face of these new fraud trends.

However, AI makes extensive use of data, particularly personal data, and requires continuous development of protection and compliance measures. This is why the CNIL (the French supervisory authority responsible for enforcing the GDPR) has already published several series of recommendations on the proper handling of personal data when using AI. These are new challenges that need to be fully taken into account by those involved in the fight against fraud!

In conclusion, for more than 25 years, Oneytrust has placed data protection at the heart of its anti-fraud measures. The GDPR should not be seen as a constraint, but rather as an opportunity to strengthen trust, protect our customers and guarantee ever more effective and responsible solutions.

In a context marked by the rise of artificial intelligence, this requirement has never been more essential. It guides our daily commitment: combining security, performance and respect for fundamental rights. Please do not hesitate to contact us if you have any questions about the security of our fraud prevention processes and solutions, including the protection of personal data!