Research suggests that global online payment fraud merchants stand to lose $206 billion between 2021 and 20251, and in 2021 overall card fraud increased by 5.7%, to $495 million in Australia2.

You and your employees could be considered the first line of defence to detect fraudulent activity and prevent fraud before it happens.

Help protect your business and limit the impact of scams and fraud by remembering these tips.

1. Watch out for warning signs

It’s important to pay special attention if one or more of these things happen:

  • Large unusual transactions from unknown buyers. If they’re in your store you could ask for additional identification to make sure they are the true cardholder. Tools like EMV 3DSecure (3DS 2.0) can help with these additional security processes.
  • Payment with many credit cards with similar or sequential numbers
  • Rush orders that need overnight or express shipping
  • High volume of transactions on a card over short periods of time
  • Transfer of funds to a transaction account or money transfer agency

2. Be aware of refund fraud

  • Closely monitor all refunds to ensure they have a legitimate corresponding sale
  • Establish processes for only a small group of staff to process high value refunds
  • Be alert to changes in staff behaviour or a sudden increase in their spending habits or wealth
  • Never refund a card transaction if the customer asks you to refund the transaction in cash, to a bank account, through online international transfer services or different card. Credit cards can accept refunds even if the card is reported as lost or stolen

3. Be careful of business email compromise & watch out for payroll scams

In payroll scams, cyber criminals impersonate employees in an attempt to trick staff into redirecting funds to the scammer. Staff working in HR, payroll or finance are most at risk.

  • The emails they send might look official or even appear to come from a legitimate employee email address
  • They may send ‘phishing scams’ in the form of fraudulent emails or SMS to your employees, usually containing a clickable link or an attachment to lure your employees in providing information about themselves, or your business
  • They might ask for an urgent update of bank account details to a scammer account instead
  • In other cases, the first email will seem harmless, simply asking what the process for updating payment details is. The idea is to later make contact with a more targeted follow-up

Educating staff on how to spot these fraudulent emails will mean your business isn’t compromised and money and customer trust isn’t lost. Here’s how to keep your business safe, as recommended by the Australian Cyber Security Centre:

  1. If an email appears suspicious, don’t reply or click on any links. Instead, look up the person’s email address and create a new email to verify the request being made. If your company’s database lists phone numbers, give them a call to quickly check the email’s validity
  2. Always set a strong, unique, two-factor authentication password with your email. If you receive a notification about a bank account update you didn’t authorise, contact payroll immediately
  3. Frequently check your bank accounts for any unusual activity
  4. Avoid clicking on links or attachments sent in emails and make sure to report or check any suspicious looking emails

Gear up with extra security

Enrol your facility with 3DS 2.0 to protect your business from ‘friendly fraud’ and educate your staff on how to spot fraud. For more information on protecting your business, read more on Tips to prevent card chargebacks for your business, or visit

We’re here to help

If you're a CommBank customer and need immediate support, call us anytime:

  • 1800 230 177 for Australian based support 24/7
  • 1800 022 966 if someone tampers with, removes or tries to remove your EFTPOS terminal