Protect your business from Card Fraud and EFTPOS Fraud

Introduction

Accepting card or EFTPOS payments offer many advantages. However, merchant scams can leave you out of pocket for costly chargebacks to the value of fraudulently obtained goods and services.

Card Fraud and EFTPOS Fraud are two distinct types of financial crimes, each with their own unique characteristics and implications.

Learn how to safeguard your business.

What is Card Fraud?

Card Fraud encompasses a broad range of activities involving the unauthorised use of credit or debit cards. One common type is “Card Present” fraud, which occurs when the physical card is used at the point-of-sale terminal. It often involves theft or cloning of the card, such as when card details are stolen or copied during a transaction.

However, card fraud also occurs without any direct interaction with the point-of-sale systems, and this is known as “Card Not Present” fraud. This type of fraud occurs when card details are stolen and used for online purchases or provided over the phone or via email. Such fraud often employs sophisticated methods like phishing, data breaches, and malware to capture sensitive card information, making it a versatile and pervasive threat to consumers and businesses.

Find out how to protect your business from fraud.

What is EFTPOS Fraud?

EFTPOS Fraud (Electronic Funds Transfer at Point of Sale) specifically refers to the unauthorised use of EFTPOS terminals to process fraudulent transactions. This type of fraud can occur through various methods, such as skimming, where criminals capture card details during legitimate transactions by using hidden devices on terminals. Additionally, fraudsters may manipulate EFTPOS machines to directly capture card information. Unlike broader card fraud, which can occur remotely and without physical interaction, EFTPOS fraud focuses primarily on point-of-sale systems and the direct interaction between cardholders and merchants.

How common is Card Fraud and EFTPOS Fraud?

The impact and prevalence of Card Fraud in Australia

Card fraud continues to be a significant issue for consumers and businesses in Australia. Card fraud includes unauthorised use of card details to make purchases or withdraw cash without the account owner’s permission. This includes the use of stolen card details for remote purchases through mail or telephone orders.

According to the Australia Bureau of Statistics (ABS), an estimated 1.8 million Australians experienced card fraud, opens in new window in the 2022-23 financial year. This represents an increase of 8.1%, opens in new window from the previous financial year, with the most common victims being individuals aged 45 to 54 years, with a victimisation rate of 12%, opens in new window.

In the same timeframe, the ABS reported that Australians lost an estimated gross amount of $2.2 billion to card fraud, with Australian businesses collectively losing around $484 million, highlighting the importance of increased awareness of frauds and scams. This also reflects the financial strain on businesses and the need for enhanced security measures and fraud prevention strategies across all industries.

The impact and prevalence of EFTPOS Fraud in Australia

EFTPOS fraud, while often included under the broader category of card fraud, specifically involves the misuse of EFTPOS terminals. This type of fraud typically involves skimming devices or tampered EFTPOS machines to capture card details during legitimate transactions. “Terminal takeovers” could occur when scammers physically seize control of your EFTPOS machine, alter transaction amounts, or make purchases with a stolen card. They may also key in a large purchase, then carry out a refund scam by asking you to refund the cost to another card.

Detailed statistics on EFTPOS-specific fraud are less frequently reported separately. However, given that EFTPOS transactions are a common method for card fraud, it is reasonable to infer that a significant portion of the 8.7% card fraud victimisation rate, opens in new window involves EFTPOS transactions.

This impact of EFTPOS fraud can be severe, with many businesses reporting not only the financial losses involved but also the reputational damage that accompanies it – signifying a pressing need for businesses to strengthen their EFTPOS security protocols.

How to identify Card Fraud and EFTPOS Fraud?

Identifying Card Fraud:

• Refuse expired, altered or damaged cards and be cautious with email-only customers.
• Be suspicious about multiple different cards originating from the same email address or IP address, or multiple transactions on the same card in a short time.
• Be aware of unrecognised transactions on bank statements.
• Respond to alerts from banks or credit card companies about suspicious activity.
• Take note of unauthorised charges, especially from unfamiliar locations or merchants.

Identifying EFTPOS Fraud:

• Be cognisant of discrepancies in transaction records.
• Act on reports from customers about unauthorised charges.
• Be aware of unusual patterns of refunds or chargebacks.
• Beware of customers who are willing to overpay or who place unusually large orders.

How to prevent Card Fraud and EFTPOS Fraud?

Preventing Card Fraud:

• Educate staff about fraud risks and unusual transaction patterns.
• Implement strong authentication methods, such as two-factor authentication.
• Monitor regularly bank statements and credit reports for suspicious activity.
• Use secure and reputable websites for online transactions.
• Educate customers about phishing and other common fraud tactics.

Preventing EFTPOS Fraud:

• Ensure EFTPOS terminals are secure and regularly inspected for tampering.
  • Keep the terminal behind the counter or with your staff.
  • Only share your terminal password with trusted employees and activate the lock. feature when your EFPTOS machine is unattended.
  • Ensure your software is up to date.
• Implement strong internal controls
  • Only refund to the card used for the original purchase.
  • Keep a list of the terminals you have onsite, including their make, model and serial number and check daily to see data matches.
  • Avoid any fund transfers via Western Union.
  • Change default PINS for refunds and keep the PIN function enabled.
  • Limit the knowledge of the refund PIN to key staff.
• Train staff to recognize and report suspicious behavior.
• Use encryption and tokenization to protect card data during transactions.
• Implement robust refund policies to prevent fraudulent refunds.

By understanding the prevalence and characteristics of Card Fraud and EFTPOS Fraud in Australia, businesses and individuals can take proactive steps to protect themselves against these pervasive threats.

Responding to suspected Card Fraud and EFTPOS Fraud

If you suspect any fraudulent activities, please immediately stop using the terminal and report the incident to your bank. Please keep detailed records accordingly.

For more tips, watch the NAB Security podcast.