Accepting card payments is safe, convenient and essential to the smooth operation of merchant businesses. However, card fraud is a global problem and card skimming at in-store terminals also occurs in Australia.
Without the right safeguards in place, any store that uses terminals is potentially at risk. The impact of skimming is significant – it can lead to loss of money, loss of customers and undermine the reputation and credibility of your business. It is vital that you know how to prevent and detect skimming so you can protect your customers and your business from this type of fraud.
This information forms part of an industry education programme that is supported by law enforcement to increase awareness on how to safeguard your terminals against skimming.
If you have any questions after viewing the information, the Merchant Helpdesk is available 24 hours a day, 7 days a week on 1300 650 977.
Preventing fraud when a credit card is not present
Transactions where the credit card and cardholder are not present are referred to as "card not present transactions". For example, when a customer provides their credit card number by mail order, telephone order, fax or internet.
The anonymity of card not present transactions can make it harder to detect fraud.
In a card not present transaction where no sales voucher is signed or EFTPOS receipt exists, you may find it challenging to prove that the cardholder authorised the transaction.
In the event of a dispute, the responsibility rests with you, the merchant, to prove that the cardholder did authorise the purchase.
Authorisation - what protection does it offer?
The authorisation number you receive via your terminal or by phone verifies that the card number and expiry date are valid and that there are sufficient funds available for the sale. The authorisation number also allocates the sale amount to the merchant (for a set period) until the sale comes through and is matched.
Authorisation does not identify the person the card belongs to, or who is placing the order, in a card not present transaction. The key to reducing card not present fraud is verification of the customer's identity and address.
So while authorisation is helpful, it should be combined with other checks if the transaction appears suspicious. You should review the transaction and create an order database to keep track of past fraudulent activity.
Check the transaction
Be alert for card not present transactions that involve:
- First purchases, since they may allow fraud offenders to minimise the possibility of identification
- Large dollar value orders that may be maximising purchases on stolen or falsified credit card accounts
- Multiple unit orders that maximise resale value and profit potential of the goods being ordered
- Orders shipped to Post Office boxes that may provide anonymity to fraud offenders
- Orders shipped "rush" or "overnight" to deliver fraudulently obtained items as soon as possible for quick resale
- Orders from free email services that don't require a billing relationship or verification that the email account was opened by a legitimate cardholder. These accounts may provide anonymity to fraud offenders.
- Orders shipped to an international address that may be falsified.
Create an order database
Subject to your privacy requirements at law, you can reduce your exposure to fraud by creating and maintaining a customer database to help identify fraudulent customers and high-risk orders. Your order database should identify low and high-risk orders:
No card details should be stored in the database.
What to do if you suspect a fraudulent card not present order
If you are suspicious of an order you may choose to:
- Decline the order
- Request additional customer information
- Confirm orders separately before shipping by follow up phone call, phone number verification and address verification.