By accepting cards you provide convenience for both you and your customers, but there are some risks. One key risk is that third parties may use cards or card details fraudulently. You need to be aware of this because fraud could lead to chargebacks and other losses to your business.
What you can do to minimise fraudulent transactions
Make sure that you have policies and procedures for handling irregular or suspicious transactions. Remind your staff that they must take steps to verify that the cardholder is who they say they are.
For card present transactions, never accept a card if:
Card-not-present transactions carry a higher risk of fraud, because you can’t verify whether the person you are dealing with actually has their card with them and the signature matches that on their card.
By carrying out the following checks, you can reduce the likelihood of fraudulent activity:
What is a chargeback?
A chargeback is a reversal of a credit card transaction previously credited to your account.
Generally, if a cardholder disputes a transaction and you do not have sufficient evidence to show that the cardholder authorised the transaction, the liability for the chargeback will then rest with you.
This means that the original transaction is reversed and you will not receive payment for the goods or services you may have already delivered. You may also be required to pay fees for investigating and processing the chargeback.
When can a chargeback occur?
We can chargeback a transaction if:
What you can do to reduce the risk of chargebacks
There are business processes you can implement to help your business reduce the likelihood of receiving a chargeback.
You can reduce the risk of chargebacks caused by customer disputes by keeping good records. This will help you to find specific transactions quickly and easily.
You should include all of the following information in your invoices, contract and promotional materials:
You can also reduce the risk of chargebacks resulting from fraudulent use of cards by requesting the card verification code, or CVV2/CVC2, and using a security program such as MasterCard SecureCode or Verified by Visa.
What is EFTPOS skimming?
EFTPOS skimming is when someone illegally copies customer’s card details and PIN. They usually do this by replacing a genuine EFTPOS terminal with a tampered device which looks and works like a normal EFTPOS terminal.
In most instances, the criminal will use the stolen card details to create fake cards and withdraw money from customer’s accounts.
EFTPOS skimming is difficult to detect and is often not identified until we find irregular transactions on customer’s accounts or we find that several affected customers all used the same merchant.
What you can do to reduce your risk of EFTPOS skimming?
View educational videos on EFTPOS skimming to learn how to protect your business and customers.
Customers are rapidly changing how they choose to shop. They no longer need to be present to purchase, and increasingly shop by internet, phone, mail order and fax. With this change comes an increased risk of fraud. Fraudsters can illegally access customer card data through computers used to process transactions and unsecured data.
To protect your business and customers, you need to be aware of how you manage your customer card data, including the security measures you have in place when making transactions, using your computer, and storing customer card data.
What you can do to keep customer card information secure
There are some simple steps you can take to keep your customers’ card information safe and secure, including:
Europay MasterCard Visa (EMV) is a global electronic transaction standard named after the three organisations that established it. The EMV standard enables EFTPOS terminals worldwide to process chip-based debit and credit cards. Chip cards offer a more secure way to process card transactions.
Find out more about EMV and chip cards.
What is the Business Risk and Mitigation program?
The Business Risk and Mitigation program is designed to educate you on illegal transactions and how it can affect your business.
What types of transactions does the program cover?
Types of illegal or brand-damaging transactions include:
What are the consequences for processing these types of transactions?
If you have been found to have processed illegal transactions, there are a number of consequences which may apply to you, such as:
What you can do to safeguard your business
You can follow a few simple steps to safeguard your business including:
What is MasterCard SecureCode and Verified by Visa?
MasterCard SecureCode and Verified by Visa are online security programs designed to make internet transactions safer. MasterCard SecureCode and Verified by Visa are an easy, cost-effective way of promoting customer confidence in internet transactions by authenticating the cardholder at the point of purchase with a password.
How do you benefit?
How do your customers benefit?
How do MasterCard SecureCode and Verified by Visa work?
MasterCard SecureCode and Verified by Visa were designed to alleviate online security concerns. It is a small additional step in the payment process which verifies the identity of the cardholder.
Step 1: The cardholder (customer) shops at a merchant website and proceeds to initiate card payment.
Step 2: The cardholder is directed to the payment page where they enter their card details and click submit.
Step 3: The cardholder is automatically linked to their appropriate issuing bank to verify their identity.
Step 4: If the cardholder has registered for MasterCard SecureCode or Verified by Visa with their issuing bank, they will be required to enter a password or code.
If the cardholder has not registered for MasterCard SecureCode or Verified by Visa with their issuing bank, they will be required to do one of two things:
Step 5: If the password is entered correctly, the cardholder is authenticated and the transaction is sent for authorisation.
How do I get enabled for MasterCard SecureCode and Verified by Visa?
To implement MasterCard SecureCode and Verified by Visa you are required to use one of our e-Commerce payment services such as eVolve, BPOINT or CommWeb. New customers are able to apply at sign up and existing customers need to call the merchant helpdesk to enable this feature.
Security needs to be considered with all of your other banking services such as ATMs, online banking, credit and debit cards and cheques. For more information on security and privacy, please visit our Security Centre.
As detailed in your merchant agreement, the card schemes have special requirements for some industries such as accommodation and car rental.
Get Smart About Card Fraud Online is a training module that has been designed by APCA (Australian Payments Clearing Association) to raise awareness of the real risks of online card fraud and the simple steps you can take to protect your business and customers against it.
Get Smart about Card Fraud Online provides tips, information, advice and video case studies for doing business online.
For more information please visit APCA or you can call us on 1800 230 177, 24 hours a day, 7 days a week.
To report any suspicious activity, contact the merchant helpdesk immediately on 1800 230 177, 24 hours a day, 7 days a week.