Skip to main content Skip to log on Skip to search Accessibility at CommBank

Business / Merchant fraud protection tips / Preventing online and phone payment fraud

Learn how to make them as secure as possible.

  • Online or Mail Order/Telephone Order (MOTO) transactions (also known as Card Not Present) carry a higher risk of fraud due to the limited ability to authenticate the cardholder as genuine and the anonymity of the purchasing process. Examples include purchases where your customer provides their credit card details over the phone, via email or through the mail. 

    You can use the below tips to reduce the risk of fraud and chargebacks:

    • If you’re suspicious of an order, reject it
    • Where possible, use your gateway’s inbuilt fraud tools such as country code blocking, IP Whitelisting, Blacklisting, Velocity checks. These are easy and cost-effective tools for authenticating a cardholder at the point of purchase
    • Where possible, use Mastercard Identity Check or Visa Secure to authenticate transactions
    • Ensure Card Verification Value (3 digits on back of card) is switched on and checked at the time of processing. It does not guarantee the cardholder is making the transaction but it may guarantee the card is with the person making the transaction
    • Review sequential or recurring orders made to a single address with multiple cardholder names or card numbers
    • Request another form of payment, such as bank account transfer, if there are multiple transactions charged to one card over a very short period or if a decline code appears on your screen 
    • Do not accept or offer split payment for a single order over multiple credit cards
    • Avoid delivering goods to a post office box for new customers
    • Develop processes to verify the photo identification of all new customers when they are placing orders online to collect in person, see example below

  • Upon collection of goods:

    • Ask the cardholder to present Photo ID as well as the card used to purchase the goods, confirm the name matches the name on the original order
    • Check the credit card security features to ensure it is a legitimate card
    • Ask the cardholder to sign an acknowledgement form to confirm receipt of goods
    • Check the signature matches the back of the credit card
    • It is recommended that for initial purchases to not permit new customers to use a third party to pick up goods for the first purchase

Fraud in practice: A real-life example

  • Sam owns a catering company and received an order valued at $5,000 over the phone to supply food at a wedding. The customer asked if she could pay Sam $10,000 as the customer needed to pay $5,000 to the florist but was having trouble with their internet banking. Sam agreed and the customer paid $10,000 over the phone using a credit card and provided a BSB and account number to transfer the $5,000 to the florist.

    A couple of weeks later Sam received a chargeback for the $10,000 transaction as the credit card details were stolen. Sam was immediately debited for the $10,000 transaction and also liable for a chargeback fee. Sam also experienced a $5,000 loss as the funds transferred to the florist could not be recovered.