PROTECTING YOUR BUSINESS

By accepting cards you provide convenience for both you and your customers, but there are some risks. One key risk is that third parties may use cards or card details fraudulently. You need to be aware of this because fraud could lead to chargebacks and other losses to your business.

Make sure that you have policies and procedures for handling irregular or suspicious transactions. Remind your staff that they must take steps to verify that the cardholder is who they say they are.

For card present transactions (being those transactions where the cardholder are at your business with their card), never accept a card if:

• the terminal doesn’t recognise the card
• the card expiry date has passed
• the card or the signature has been visibly altered or tampered with
• the signature doesn’t match that on the back of the card
• the card is damaged.
  

Card-not-present transactions (being those transactions where the cardholder is not at your business with their card) carry a higher risk of fraud, because you can’t verify whether the person you are dealing with actually has their card with them and the signature matches that on their card.

By carrying out the following checks, you can reduce the likelihood of fraudulent activity:

• Request the card verification code, more commonly known as CVV2 or CVC2. It is the last 3 digits printed on the signature panel of MasterCard and Visa cards and helps validate that the customer actually has a genuine card.
• Use a security program such as MasterCard SecureCode or Verified by Visa
• Ask for comprehensive customer details and do validity checks
• Follow up with an order confirmation
• Always use your own courier
• Ask for identification on delivery and don’t leave goods at unattended addresses
• Use minimum and maximum transaction amount controls

A chargeback occurs when a cardholder disputes a transaction and the payment is reversed.

This means you won’t be paid for the goods or services relating to the transaction, even if you’ve already provided them. You may also have to pay fees for the chargeback to be investigated and processed.

The credit card issuer (cardholder’s bank) can make a chargeback on a transaction if the:

• Transaction is illegal or prohibited
• Card wasn’t valid at the time of the transaction
• Cardholder didn’t authorise the transaction
• Cardholder says they’re not liable for the transaction
• Authorisation for the transaction is declined
• Sales receipt is changed without the cardholder’s authorisation
• Transaction was processed to your own credit card
• Term of your Merchant Agreement is breeched
• Transaction amount is above your floor limit, but this amount wasn’t authorised
• Transaction was made to refinance an existing debt or collect a dishonoured cheque.

Generally, a cardholder can dispute a transaction for any of the above reasons. If you can’t prove that the cardholder authorised the transaction, then you’ll be liable for the chargeback.

EFTPOS skimming is when someone illegally copies customer’s card details and PIN. They usually do this by replacing a genuine EFTPOS terminal with a tampered device which looks and works like a normal EFTPOS terminal.

In most instances, the criminal will use the stolen card details to create fake cards and withdraw money from customer’s accounts.

EFTPOS skimming is difficult to detect and is often not identified until we find irregular transactions on customer’s accounts or we find that several affected customers all used the same merchant.

View educational videos on EFTPOS skimming to learn how to protect your business and customers.

MasterCard SecureCode and Verified by Visa are online security programs designed to make internet transactions safer. MasterCard SecureCode and Verified by Visa are an easy, cost-effective way of promoting customer confidence in internet transactions by authenticating the cardholder at the point of purchase with a password.

• Greater confidence in online payments by enhancing the security and integrity of internet transactions
• Facilitates growth in online shopping
• Reduction in fraud exposure
• Reduction in chargeback liability
• Less operational expenses (fraud and dispute handling)

• Ease of use
• Reduced risk of unauthorised card use
• Cardholder’s identity is verified by their own bank
• Customer can choose to make payments only on merchant sites that have implemented the programs

MasterCard SecureCode and Verified by Visa were designed to alleviate online security concerns. It is a small additional step in the payment process which verifies the identity of the cardholder.

Step 1: The cardholder (customer) shops at a merchant website and proceeds to initiate card payment.

Step 2: The cardholder is directed to the payment page where they enter their card details and click submit.

Step 3: The cardholder is automatically linked to their appropriate issuing bank to verify their identity.

Step 4: If the cardholder has registered for MasterCard SecureCode or Verified by Visa with their issuing bank, they will be required to enter a password or code.

If the cardholder has not registered for MasterCard SecureCode or Verified by Visa with their issuing bank, they will be required to do one of two things:

• Click on continue to proceed without a password
• Register for MasterCard SecureCode or Verified by Visa at the time of payment

Step 5: If the password is entered correctly, the cardholder is authenticated and the transaction is sent for authorisation.

To implement MasterCard SecureCode and Verified by Visa you are required to use one of our e-Commerce payment services such as BPOINT or CommWeb. New customers are able to apply at sign up and existing customers need to call the merchant helpdesk to enable this feature.

The Business Risk and Mitigation program is designed to educate you on illegal transactions and how it can affect your business.

Types of illegal or brand-damaging transactions include:

• Transactions relating to child pornography, bestiality or other extreme sexual content
• Transactions that involve non-consensual and violent sexual conduct
• Transactions relating to counterfeit and copyright infringing merchandise
• Transactions that breach local and/or international laws including, but not limited to, the online sale of tobacco, prescription pharmaceuticals and gambling

If you have been found to have processed illegal transactions, there are a number of consequences which may apply to you, such as:

• The Card Schemes such as Visa and MasterCard may impose significant fines
• The Bank may terminate your merchant facility
• Your business may be listed on a Credit Card Scheme Database preventing you from operating a merchant facility in any future business

You can follow a few simple steps to safeguard your business including:

• Only process transactions for your own business
• Do not accept or process any transactions for another person or business
• If you run a website, do not allow another website operator to link to your site so their transactions are processed through your site

Europay MasterCard Visa (EMV) is a global electronic transaction standard named after the three organisations that established it. The EMV standard enables EFTPOS terminals worldwide to process chip-based debit and credit cards. Chip cards offer a more secure way to process card transactions.