Protect your business from Card Fraud

Accepting EFTPOS and card payments offer many advantages. However, merchant scams can leave you out of pocket for costly chargebacks and the value of fraudulently obtained goods and services. Learn how to safeguard your business.

What is Card fraud?

EFTPOS and card fraud involves unauthorised transactions through EFTPOS terminals. There are two types: ‘card present’ and ‘card not present’.

1. A ‘card present’ card fraud occurs when a customer uses someone else’s card that they have stolen or copied at the terminal. If reported as fraudulent, their bank may issue a refund.
2. A ‘card not present’ fraud usually involves card details provided by phone, email or online. Merchants are usually liable for ‘chargebacks’ if disputes arise. Find out how to protect your business from fraud.

How common is EFTPOS and card fraud?

Approximately 1.8 million Australians aged 15 years and over experienced card fraud in 2022-23, according to the Australian Bureau of Statistics, opens in new window. A significant proportion experienced losses ranging from less than $100 to over $1000.

Types of EFTPOS and Card Fraud

• EFTPOS skimming involves illegally copying card details for buying goods or services.
• Terminal takeover happens when scammers physically seize control of your EFTPOS machine, altering transaction amounts or making purchases with a stolen card. They may also key in a large purchase, then carry out a refund scam by asking you to refund the cost to another card.
• Mail Order/Telephone Order fraud uses stolen card details for remote purchases.

Make sure your EFTPOS terminal is secure

• Keep it behind the counter or with your staff.
• Only share your terminal password with trusted employees and activate the lock. feature when your EFPTOS machine is unattended.
• Regularly inspect your terminal for tampering.
• Ensure your software is up to date.

Identify signs of potential fraudulent activity

• Educate staff about fraud risks and unusual transaction patterns.
• Refuse expired, altered or damaged cards and be cautious with email-only customers.
• Beware of customers who are willing to overpay or who place unusually large orders.
• Be suspicious about multiple different cards originating from the same email address or IP address, or multiple transactions on the same card in a short time.

Implement strong internal controls

• Only refund to the card used for the original purchase.
• Keep a list of the terminals you have onsite, including their make, model and serial number and check daily to see data matches.
• Avoid any fund transfers via Western Union.
• Change default PINS for refunds and keep the PIN function enabled.
• Limit the knowledge of the refund PIN to key staff.

Handling suspected Card Fraud

If you suspect fraud, stop terminal use immediately and report the incident to your bank. Keep detailed records.  

For more tips watch the NAB Security podcast.