Access to the Personal Training Account (CPF) will now go through more secure authentication. From tomorrow, Tuesday October 25, it will be necessary to use FranceConnect+ instead of FranceConnect to confirm the purchase of a training course, the administration has just announced.
This strengthening of security was expected. It had indeed been announced several weeks ago after partial suspensions of the service due to an increase in fraud. This change was also mentioned not long ago by the Minister responsible for Vocational Education and Training, Carole Grandjean.
CPF scams using the FranceConnect gateway
A target of choice for cybercriminals with its 40 million users and access to 1,400 online services, FranceConnect is in a way a victim of its own success. This portal allows you to connect to different services by reusing your tax, Health Insurance, digital identity, Mutualité sociale agricole or La Poste identifiers. But the administration had noticed the theft of identifiers and passwords from Health Insurance or Taxation to then validate purchases of training on the CPF, for example.
At the end of the summer, the Chained Duck had also noticed that authentication on the tax site via FranceConnect had been suspended. A report by the financial intelligence service Tracfin assessed personal training account fraud at 43.2 million euros in 2021, compared to 7.8 million euros the previous year, a sharp increase which led to the filing of a bill.
Already used by AP-HP
The new version of FranceConnect, FranceConnect +, operated by the interministerial digital department, should precisely make it possible to prevent such scams. This service is intended for the most sensitive procedures, linked to a bank account, a change of bank details or access to a medical file, for example, such as the patient space for users of the Assistance Publique – Hôpitaux de Paris ( AP-HP).
Basically, FranceConnect+ adds a layer of security with strong two-factor authentication at the most critical times, keeping the same principles of reusing an identity without creating a dedicated account. However, you will have to create your La Poste digital identity beforehand, the first and only partner of the system for the moment, which will allow you, for example, to validate an operation in progress with a secret code via a notification received on your smartphone.