Our aim is to assist merchants to reduce potential fraud in their businesses through the use of highly developed fraud detection tools and education. The more you know about potential risks, the better you can protect your business from fraud, so we also recommend training your staff to look out for fraudulent behaviours.

Please familiarise yourself with fraud minimisation and chargeback procedures, detailed in our Macquarie Merchant Services Terms and Conditions.

Please note:

  • procedures and recommendations on this page are a guide only
  • we don’t warrant that compliance with this guide will eliminate all fraud risks
  • instructions appearing on this page may be varied or replaced by us at any time.

Your liability for credit card fraud is detailed in our Macquarie Merchant Services Terms and Conditions.

Protecting your merchant terminals

Before installing your new merchant terminal, we recommend preparing your business premises so the installation of the equipment is in a secure location to reduce the risk of fraud. 

A secure location is usually away from cameras and skimming devices, and in a location which enables the cardholder to shield the entry of their card information and secure PINs.

We also recommend securing your terminal to protect your business from theft .

You can secure your terminal by:

  • ensuring terminals are secured and monitored during business hours
  • only allowing authorised personnel to access the terminal
  • securing the terminal when not in use by locking it away
  • inspecting the terminal regularly to ensure it has not been tampered
  • ensuring no additional cables are running from the machine
  • ensuring any software updates are applied
  • checking positioning of CCTV, to ensure card details cannot be captured and used.

Credit card transactions

It’s important to be extra vigilant when processing the following types of transactions as they are considered high-risk:

  • card not present (i.e. transactions processed without the card or cardholder present)
  • where the card number is manually keyed in
  • no authorisation obtained (i.e. verified the relevant card account is open and there are sufficient funds available in the account to meet the transaction amount)
  • offline transactions (i.e. transactions that are processed while the terminal is offline).

Before the transaction

Check the credit card to ensure it has:

  • a name which matches the customers identity
  • the card is currently valid (a card can only be used from the first day of the ‘valid from’ month to the last day of the ‘until end’ month)
  • the hologram appears three-dimensional and isn’t suspicious or made of inferior material
  • the card hasn’t been tampered with or damaged
  • the magnetic stripe is smooth and free from signs of tampering
  • the signature panel shows no signs of tampering
  • the card has been signed
  • the embossing should not be flattened (unless it is not an embossed card)
  • the embossing should be clear and even.

If a card appears to be fraudulent, you should request an alternate form of payment. 

During the transaction

  • The client’s signature on the transaction receipt should match the signature on the card, if signature authorisation is required.
  • Credit cards should be signed on the signature panel in order to accept payment with a signature authorisation.
  • If the signature panel on a card is blank, you should ask the cardholder for additional identification information, but not record it. If you are satisfied that the information you are given is true and correct, you should ask the cardholder to sign the card before accepting the transaction.
  • Most card issuers now have chip enable technology, so the card should be entered into the reader in the first instance. If the client asks for the card number to be entered manually or to be processed via a swipe on the magnetic strip, caution should be taken.

After the transaction

  • Check that the last four digits of the card number on the credit card match those details printed on the transaction receipt.
  • Check that an approval number or approval code is printed on the transaction receipt.

Things to look out for

Be alert for cardholders acting suspiciously who:

  • appear nervous, overly talkative or in a hurry
  • arrive at closing time
  • try to rush you or disturb your concentration
  • carry the card loose or by itself
  • have no means of identification
  • make numerous tap and go purchases
  • ask for transactions to be split
  • ask for transactions to be manually entered
  • sign the transaction receipt slowly or unnaturally.

Other potential areas that could present a fraud risk include the following:   

Refunds

  • A common type of fraud involves employees issuing credits (refunds) to their own account via your terminal. To guard against this type of fraud, we recommend you closely monitor all refunds, checking that all refunds correspond to a legitimate sale and are refunded back to the original purchase card.
  • Your merchant terminals will have a refund pin. We suggest resetting the default pin this as soon as you receive the terminal and store this safetly with a limited number of people authorised to use it. 

Offline transactions

  • Offline transactions are transactions that are processed when the terminal is offline. An offline transaction may occur due to a technical issue where the terminal cannot connect with the bank. Offline transactions are processed later than would normally be the case due to this malfunction. An offline transaction is easy to identify as the transaction receipt has the word ‘offline’ printed on it.
  • Repeated offline transactions are uncommon and if this occurs you should seek advice by calling the Merchant Support Team on 1800 183 879.

To further protect your business against fraud:

  • only process refunds to the same credit card used in the original transaction
  • don’t transfer cash to a bank account as a refund for a card payment
  • don’t let anyone service, remove or install your terminal(s) without first providing proper identification and never reveal any passwords. If you are concerned with the identity of a technician, please contact the Merchant Support Team on 1800 183 879
  • keep passwords and pin numbers secured
  • don’t allow equipment to be used by unauthorised persons
  • store all equipment and transaction records in a safe, secure environment and do not divulge cardholder information (e.g. card numbers). Please note you must also comply with all data security standards as noted in the Macquarie Merchant Services Terms and Conditions
  • if your terminal is stolen, lost or misuse, contact your relationship manager or call us on 1800 183 879 for assistance.

Finally, always put the safety of you and your staff first.

Card not present transactions

Some transactions can be made online, over the phone or via post. These transactions occur where a card hasn’t been presented in person and are therefore labelled as “card not present”.

Merchants that accept card not present transactions are at a greater risk of fraud, as fraudsters can make purchases anytime, from any location and don’t need to present a physical card.

It’s important to understand the possible warning signals during these card-less payments for your business, to identify suspicious or unusual activity. 

Taking an order

When accepting a card not present order, you need to obtain:

  • the credit card number
  • Card validation code (CVC) number
  • name of the bank
  • expiry date
  • full name, address, and contact number of the cardholder (including landline contacts).

Other ways you can minimise fraud include:

  • refuse to proceed with an order if the authorisation has been declined
  • refuse to split a transaction after authorisation has been declined.

If you believe you’re processing a fraudulent transaction, track and note the details of the order to prevent repeat occurrence, including by tracking IP or email addresses.

For card not present transactions, you must instruct the cardholder to locate and quote the CVC which is the three digits on the signature panel of their card. For American Express cards, this authorisation number is four digits and printed on the face of the card.

Suspicious orders

If you experience the below, you may be processing a suspicious transaction:

  • multiple cards are presented with multiple declines within a short time span 
  • multiple cards being used which may appear to be sequential with only the last four digits changing
  • orders are from internet addresses using free email services
  • orders are placed where the client states or admits the card they’re using isn’t theirs
  • orders are cancelled, and a refund is requested to be made to a different account than the one used to place the order
  • orders are placed to be collected in person at a later date. You should sight the card upon collection of the purchase.

Mail order sales

When accepting mail order sales, you’re responsible for the handling and retention of the customer’s details and all privacy and confidentiality matters which may occur with the sale.

To ensure credit card details remain confidential, you must provide an appropriate envelope or instruct your clients to place their order coupons/ application forms in sealed envelopes.

Please note there are high risks involved with card-less transactions. Disputes may occur because substantial card security and validation checks weren’t conducted.

If you’re suspicious, we recommend asking the customer to provide an alternative method of payment. It’s your responsibility to confirm the customer is the authorised cardholder.

Dispatch of goods

Ensure that any goods purchased online, over the phone or via post are dispatched immediately to the cardholder after processing the order. This will help reduce the potential for the transaction being disputed due to non-receipt of goods.

If your business doesn’t usually service foreign customers, use caution when shipping goods to an address outside of Australia. Requests for goods to be shipped internationally are commonly associated with fraud.

If you’re dealing with a new customer, or receive a significantly large order, we also recommend processing this order with caution.

Transaction receipts

You should establish a fair policy for dealing with refunds and disputes about transactions (in accordance with any guidelines or instructions as required by the card schemes).

You should provide a customer with their transaction receipt immediately after completing the order in accordance with the relevant Department of Fair-Trading regulations (applicable to your state).

Retaining records

You should always keep records of card-less transactions in addition to what’s recorded on the transaction receipt which include the following:

  • cardholder’s name (as it appears on the card)
  • cardholder’s address (not a GPO Box)
  • type of card
  • a truncated version of the card number and card valid
  • from/to dates
  • authorised dollar amount to be debited
  • contact telephone number
  • details of goods or services required
  • transaction date.

Other information

We recommend taking the time to properly investigate international orders, and orders from customers who you haven’t previously done business with.

If you suspect your website has become a target for fraud, we recommend closing your site for a short period of time to conduct an investigation and ascertain where the fraud is coming from.

You should also discuss additional security measures with your service provider or IT expert, to ensure your site is secure.

You’re required to immediately notify the Merchant Support Team on 1800 183 879 if an unauthorised entity has accessed or retrieved transaction data. This allows procedures to be implemented immediately to reduce the usage of compromised data, protecting your clients, and reducing the potential financial loss for you and others.

Additional information

The information on this page has been prepared by Macquarie Business Banking, a division of Macquarie Bank Limited AFSL & Australian Credit Licence 237502 ("Macquarie") for general information purposes only, without taking into account your personal objectives, financial situation or needs. Before acting on this general information, you must consider its appropriateness having regard to your own objectives, financial situation and needs. The information provided is not intended to replace or serve as a substitute for any accounting, tax or other professional advice, consultation or service.