Skip to main content Skip to accessibility page Skip to search input

Fraud Protection

Safeguard against Skimming

Accepting card payments is safe, convenient and essential to the smooth operation of merchant businesses. However, card fraud is a global problem and card skimming at in-store terminals also occurs in Australia.

Without the right safeguards in place, any store that uses terminals is potentially at risk. The impact of skimming is significant – it can lead to loss of money, loss of customers and undermine the reputation and credibility of your business. It is vital that you know how to prevent and detect skimming so you can protect your customers and your business from this type of fraud.

This information forms part of an industry education programme that is supported by law enforcement to increase awareness on how to safeguard your terminals against skimming.

If you have any questions after viewing the information, the Merchant Helpdesk is available 24 hours a day, 7 days a week on 1300 650 977.

Preventing fraud when a credit card is not present

Transactions where the credit card and cardholder are not present are referred to as "card not present transactions". For example, when a customer provides their credit card number by mail order, telephone order, fax or internet.

The anonymity of card not present transactions can make it harder to detect fraud.

In a card not present transaction where no sales voucher is signed or EFTPOS receipt exists, you may find it challenging to prove that the cardholder authorised the transaction.

In the event of a dispute, the responsibility rests with you, the merchant, to prove that the cardholder did authorise the purchase. 

Authorisation - what protection does it offer?

The authorisation number you receive via your terminal or by phone verifies that the card number and expiry date are valid and that there are sufficient funds available for the sale. The authorisation number also allocates the sale amount to the merchant (for a set period) until the sale comes through and is matched.

Authorisation does not identify the person the card belongs to, or who is placing the order, in a card not present transaction. The key to reducing card not present fraud is verification of the customer's identity and address.

So while authorisation is helpful, it should be combined with other checks if the transaction appears suspicious. You should review the transaction and create an order database to keep track of past fraudulent activity.

Check the transaction

Be alert for card not present transactions that involve:

  • First purchases, since they may allow fraud offenders to minimise the possibility of identification
  • Large dollar value orders that may be maximising purchases on stolen or falsified credit card accounts
  • Multiple unit orders that maximise resale value and profit potential of the goods being ordered
  • Orders shipped to Post Office boxes that may provide anonymity to fraud offenders
  • Orders shipped "rush" or "overnight" to deliver fraudulently obtained items as soon as possible for quick resale
  • Orders from free email services that don't require a billing relationship or verification that the email account was opened by a legitimate cardholder. These accounts may provide anonymity to fraud offenders.
  • Orders shipped to an international address that may be falsified.

Create an order database

Subject to your privacy requirements at law, you can reduce your exposure to fraud by creating and maintaining a customer database to help identify fraudulent customers and high-risk orders. Your order database should identify low and high-risk orders:

Low-Risk Orders

High-Risk Orders

  • From longstanding customers
  • From customers who have not previously attempted to make an illegitimate chargeback.
  • From customers who previously attempted to make an illegitimate chargeback
  • From an Internet Provider address that previously caused a chargeback
  • Orders shipped to a single address but made on multiple cards to maximise resale value and profit potential
  • Multiple transactions charged to one card over a very short period of time to maximise usage on an account before it is closed
  • Multiple transactions on one card or similar cards with a single billing address but multiple shipping addresses. This could indicate fraudulent activity by an organised, large scale group.
  • Multiple cards used from a single Internet Provider address to maximise purchases and profit

No card details should be stored in the database.

What to do if you suspect a fraudulent card not present order

If you are suspicious of an order you may choose to:

  • Decline the order
  • Request additional customer information
  • Confirm orders separately before shipping by follow up phone call, phone number verification and address verification.

Additional Information