Bank card payments are now the dominant payment method in France, but they come with a dense legal framework that merchants, creditors, and debt-collection professionals must understand. Card payments are governed both by contractual rules agreed with banks and by mandatory provisions of the Monetary and Financial Code, European regulations, and extensive case law.
This article explains, in practical and intelligible terms, the legal obligations of merchants, prohibited practices, criminal risks, cashback rules, opposition to payment, and the strict reimbursement regime applicable to unauthorised card transactions.
1. The merchant’s contract with the bank determines many obligations
Before accepting card payments, a merchant enters into an affiliation contract with its bank. This contract defines the technical conditions of acceptance, the financial terms, and the scope of the payment guarantee. These contracts differ between banking networks and are often partially negotiated.
Most affiliation contracts also allow the bank to modify the contractual terms unilaterally. Merchants must therefore remain attentive to communications sent by their bank and comply with any updated conditions.
A merchant cannot later claim ignorance of the risks inherent in card payments if the contract explicitly defines the merchant as a professional. In a case involving distance card payments and deliveries abroad, a merchant attempted to hold its bank liable for failing to warn it of fraud risks. The claim failed because the merchant had expressly accepted professional status and could not pretend to be unaware of the risks of this payment method (Cass. com., 8 June 2010, n° 09-15080).
2. Corporate cards may expose employees or directors to personal liability
Companies may issue bank cards in the company name for use by employees or directors, with all transactions debited from the company account. The contract signed between the bank, the employer, and the employee may provide that both the company and the cardholder are jointly liable for all expenses made with the card.
If the company later enters judicial reorganisation or liquidation, the employee may be required to repay the debit balance, even if the expenses were professional and even if the account was funded exclusively by the company (Cass. civ., 1re ch., 22 May 1991, n° 89-20107).
If a company objects to the continued use of a corporate card retained against its will by an employee, the bank must take all necessary measures to prevent withdrawals and payment orders (Cass. com., 20 October 1998, n° 96-10259).
Separately, a company may require a director to reimburse expenses paid with corporate funds when no supporting documents are provided (Cass. com., 25 June 2013, n° 12-21206).
3. Refusing low-value card payments is allowed if customers are informed
A merchant affiliated with a card payment system may refuse transactions of very low amounts. This refusal is lawful only if customers are informed in advance, for example through clear signage (Rép. Thomas n° 83991, JO 22 March 2011).
A refusal announced only at checkout may be challenged.
4. Splitting payments to bypass authorisation thresholds is prohibited
When a merchant benefits from a contractual guarantee for card payments below a certain amount, it is prohibited to split a single transaction into several card payments to secure the bank’s guarantee. Such conduct is unlawful (CA Paris, 21 June 1991, SDH 4 A c/ Crédit agricole de la Brie).
A hotelier who divided a monthly rental price into daily card payments just below the authorisation threshold was lawfully debited by its bank after opposition on the card. Courts held that the repeated fractioning was suspicious and that the hotelier had failed to verify the validity of the card (CA Paris, 15 September 2000).
However, fractioned payments are not automatically unlawful. A jeweller who accepted seven authorised transactions within minutes for a high-value purchase was not held liable because each transaction carried a valid authorisation number, the card issuer had not set investigation thresholds, and the affiliation contract required acceptance without restriction (CA Paris, 26 February 2002).
5. Card payment receipts are no longer printed automatically
Since 1 August 2023, merchants must no longer automatically print and hand over card payment receipts (Code de l’environnement, art. L. 541-15-10).
Certain receipts remain excluded from this rule, including those relating to cancelled or refunded transactions, receipts necessary to benefit from a service, and documents required for legal conformity guarantees (art. D. 541-371).
If the customer expressly requests a printed receipt, the merchant must comply. Customers must be informed of this right through visible and understandable signage (art. D. 541-372).
6. Storing card data online requires explicit consent
When an e-merchant stores card data to facilitate future purchases, prior and explicit consent from the customer is mandatory. Implied consent is insufficient (CNIL, Délibération 2013-358, 14 November 2013).
7. Merchants must pay card commissions and receive an annual fee statement
Each card payment gives rise to a commission payable to the bank, covering processing costs and the payment guarantee.
Banks must provide professional merchants with an annual statement detailing all fees charged for card payment collection during the previous calendar year. This statement must be sent during the first quarter and must break down fees by category and volume (Code monétaire et financier, art. L. 112-11).
8. Accepting counterfeit cards knowingly is a criminal offence
A merchant who knowingly accepts a counterfeit or falsified card, even if relying on contractual bank guarantees, risks criminal sanctions: up to five years’ imprisonment and a €375,000 fine (Code monétaire et financier, art. L. 163-3). For legal entities, the fine may reach €1,875,000 (Code pénal, art. 131-38).
Misuse of card data can also constitute abuse of trust. In a mail-order case, a company transmitted a customer’s card number to a subcontractor who used it without authorisation; the company’s president was convicted (Cass. crim., 14 November 2000).
Fraud may also arise from fictitious card transactions designed to create temporary account credit, even if transactions are later cancelled (Cass. crim., 13 September 2006).
9. Cashback: giving cash to consumers via card payments
Since 27 December 2018, merchants may offer cashback, allowing customers to pay more than the purchase price by card and receive cash in return. This service is optional and limited to customers acting for non-professional purposes (Code monétaire et financier, art. L. 112-14).
The purchase amount must be at least €1, and the cash amount may not exceed €60 (art. D. 112-6).
Merchants offering cashback must display clear signage near payment terminals detailing accepted instruments, minimum purchase amount, maximum cash amount, and whether the service is free or paid (Arrêté 29 January 2019). The same information must be provided online if cashback is advertised digitally.
Failure to comply exposes the merchant to a criminal fine of up to €1,500 (individual) or €7,500 (legal entity) (art. R. 112-7).
10. Opposition to card payments: when it is permitted
The cardholder must immediately inform the bank in case of loss, theft, diversion, or unauthorised use of the card or related data (Code monétaire et financier, art. L. 133-17).
Opposition is also permitted when the beneficiary enters judicial reorganisation or liquidation, provided the beneficiary’s bank account has not yet been credited (art. L. 133-17, II).
Outside statutory cases, cardholders may still revoke future payments in specific situations, such as unclear online subscriptions, by contacting their bank (Cass. com., 27 March 2012).
11. Unauthorised payments must be reimbursed immediately
When a cardholder reports an unauthorised transaction, the bank must reimburse the amount immediately and at the latest by the end of the next business day, unless it suspects fraud by the cardholder and reports its reasons to the Banque de France (Code monétaire et financier, art. L. 133-18).
If reimbursement is delayed, penalty interest applies, with increases after 7 and 30 days.
Before opposition is notified, losses due to loss or theft are capped at €50, subject to many statutory exceptions. After notification, the cardholder bears no loss unless fraud is proven (arts. L. 133-19 and L. 133-20).
12. Gross negligence may exclude reimbursement
If losses result from fraud or gross negligence by the cardholder, reimbursement may be refused. Courts have recognised gross negligence where a card and PIN were left together in a car (Cass. com., 16 October 2012) or where full card data was disclosed in a phishing scheme (Cass. com., 25 October 2017).
However, the bank bears the burden of proof. It must demonstrate fraud or gross negligence and cannot rely solely on the fact that the card or data was used (Cass. com., 18 January 2017).
Even in cases of negligence, the bank may remain liable if it debited the account without authorised overdraft or failed to require strong customer authentication (Cass. com., 17 May 2017; Cass. com., 30 August 2023).
13. Thirteen months to contest card transactions
Unauthorised or improperly executed card payments must be reported within 13 months of the debit date (Code monétaire et financier, art. L. 133-24). This regime is exclusive. Once the deadline has passed, the cardholder can no longer sue the bank, even under ordinary contractual liability and even if the fraud was committed by a bank employee (Cass. com., 2 May 2024).
