EFTPOS terminal tampering and data security
Fraud and misuse of credit and debit card information is a growing problem for many merchants globally. The loss and subsequent misuse of customer card data may lead to undermined consumer confidence, loss of money and/or customers and a reduction in card usage at your business.
As part of ANZ’s ongoing commitment to providing the most up-to-date information on EFTPOS terminal and cardholder data security, we have provided the following information and supporting tools to help protect your business.
Protect your business against EFTPOS terminal tampering and skimming
Terminal tampering occurs when criminals illegally access EFTPOS terminals and modify them to capture or ‘skim’ cardholder data and PINs during transaction processing. Criminals may then use this data in various ways to take money from the cardholder’s account and in many instances, use the stolen data to replicate fake cards and withdraw funds at ATMs.
What you can do to help protect your business against fraud and misuse:
- Always ensure that terminals are secure and under supervision during operating hours (including any spare or replacement EFTPOS terminals you have).
- Ensure that only authorised employees have access to your EFTPOS terminals and are fully trained on their use.
- When closing your store or kiosk, always ensure that your EFTPOS terminals are securely locked and not exposed to unauthorised access.
- Never allow your EFTPOS terminal to be maintained, swapped or removed without advance notice from ANZ - be aware of unannounced service visits.
- Only allow authorised ANZ personnel to maintain, swap or remove your EFTPOS terminal and always ensure that security identification is provided.
- Inspect your EFTPOS terminals on a regular basis, to ensure that the terminal casing is whole with external security stickers remaining unbroken and of a high print quality.
- Ensure that there are no additional cables running from your EFTPOS terminal.
- Make sure that any CCTV or other security cameras located near your EFTPOS terminal(s) cannot observe cardholders entering details.
- Notify ANZ Merchant Services (24 hours / 7 days a week) on 1800 039 025 immediately if:
- your EFTPOS terminal is missing
- you, or any member of your staff, is approached to perform maintenance, swap or remove your EFTPOS terminal without prior notification from ANZ and/or Security Identification is not provided
- your EFTPOS terminal prints incorrect receipts or has incorrect details
- your EFTPOS terminal is damaged or appears to be tampered with.
We’ve put together some tools and supporting material to further help you educate your staff on the importance of security and fraud prevention. Share this material with your staff or alternatively order these items from the stationery ‘quicklink’ located in the right hand column of this page.
Remember, terminal and data security is everyone’s responsibility!
- Safeguard against skimming brochure (PDF 1.24MB)
- Terminal checklist sticker (PDF 140kB)
- Terminal record form (PDF 128kB)
- Terminal Security ‘best practices’ card (PDF 104kB)
- Fraud Minimisation, Data Security & Chargeback Guide (PDF 480 kB)
- Safeguard against skimming- part 1
- Safeguard against skimming- part 2
- Safeguard against skimming: additional information- part 1
- Safeguard against skimming: additional information- part 2.
Fraud is a problem for many merchants and can have a substantial financial impact on businesses. Criminals may use cards or card details illegally to make unauthorised purchases at your business.
How to minimise fraudulent transaction
Here are a few preventative steps your business can take to help minimise fraudulent transactions:
- check the appearance of the card (for instance, does the card appear damaged or altered?)
- make sure the signature on the signature panel of the card does not appear altered, and that the signature on the transaction voucher matches the one on the card if a PIN has not been used
- be alert to customers who appear nervous, have no means of identification and ask for the transaction to be split or hand-keyed
- do not allow equipment to be used by unauthorised persons
- only process a refund to the same card used in the original transaction
- always use CVV2 as part of your authorisation procedure for purchases where the cardholder is not present.
If you are suspicious about a Visa or MasterCard transaction, contact the Authorisation Centre on 1800 999 205 and select option 1. You may be asked a series of ‘YES’ or ‘NO’ questions to help the operator determine whether you should proceed with the transaction.
Remember: Your safety comes first – don’t take any chances.
Get Smart About Fraud Online
APCA (Australian Payments Clearing Association), with the support of the Australian Crime Commission and the Australian Federal Police, has developed Get Smart About Card Fraud Online - a convenient and free source of facts, tips and video case studies that can help you to be more informed about the risks of online card fraud. It also outlines steps you can take to prevent impacts to your business. For more information, go to the Get Smart About Card Fraud Online website.
For more information on merchant security and fraud minimisation, please contact ANZ Merchant Services on 1800 039 025 available 24 hours a day, 7 days a week.
Visit the following websites for more information.
To view WMV files you will need a suitable media player, you can download Windows Media Player for free.
You need Adobe Reader to view PDF files. You can download Adobe Reader free of charge.