Protecting cardholder data is important to you and your customers. If you don't protect payment card data you can be subject to attacks from fraudsters, not to mention the risk of damage to your brand and reputation.

If you want to accept payments via payment cards such as credit cards then you need to understand and comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS applies to all merchants that store, process and/or transmit Payment Card Data.

PCI DSS Compliance is your responsibility. Complying with PCI DSS forms part of your Merchant Agreement.


Where do I start

PCI DSS consists of 6 core principles which are accompanied by 12 requirements. Becoming PCI DSS compliant means that you can show that you have addressed all of the elements that apply to you.

The 6 Core Principles The 12 PCI DSS Requirements
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data 3. Protect stored data by using methods such as lock and key, data masking or data encryption
4. Encrypt transmission of cardholder data & sensitive information across public networks
Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures 7. Restrict access to data on a need to know basis
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy 12. Maintain a policy that addresses information security


How can ANZ assist

ANZ's Fraud Minimisation, Data Security and Chargeback Guide (PDF 300kB) provides additional information on best business practices to protect your business against fraudulent transactions, chargebacks and secure your customer data.

For more information on merchant security and fraud minimisation, please contact ANZ Merchant Services on 1800 039 025 available 24 hours a day, 7 days a week.

Fraud Minimisation, Data Security and Chargeback Guide. Securng Your Business.

Get Smart About Fraud Online

APCA. Australian Payments Clearing Association.
APCA (Australian Payments Clearing Association), with the support of the Australian Crime Commission and the Australian Federal Police, has developed Get Smart About Card Fraud Online - a convenient and free source of facts, tips and video case studies that can help you to be more informed about the risks of online card fraud. It also outlines steps you can take to prevent impacts to your business. For more information, go to APCA's Get Smart About Card Fraud Online.


More information

The PCI Security Standards Council produces some excellent resources for merchants in relation to PCI DSS. You can find these resources by visiting their website.

EFTPOS terminal tampering and data security

Fraud and misuse of credit and debit card information is a growing problem for many merchants globally. The loss and subsequent misuse of customer card data may lead to undermined consumer confidence, loss of money and/or customers and a reduction in card usage at your business.

As part of ANZ's ongoing commitment to providing the most up-to-date information on EFTPOS terminal and cardholder data security, we have provided the following information and supporting tools to help protect your business.

Protect your business against EFTPOS terminal tampering and skimming

Terminal tampering occurs when criminals illegally access EFTPOS terminals and modify them to capture or 'skim' cardholder data and PINs during transaction processing. Criminals may then use this data in various ways to take money from the cardholder's account and in many instances, use the stolen data to replicate fake cards and withdraw funds at ATMs.

What you can do to help protect your business against fraud and misuse:

  • Always ensure that terminals are secure and under supervision during operating hours (including any spare or replacement EFTPOS terminals you have).
  • Ensure that only authorised employees have access to your EFTPOS terminals and are fully trained on their use.
  • When closing your store or kiosk, always ensure that your EFTPOS terminals are securely locked and not exposed to unauthorised access.
  • Never allow your EFTPOS terminal to be maintained, swapped or removed without advance notice from ANZ - be aware of unannounced service visits.
  • Only allow authorised ANZ personnel to maintain, swap or remove your EFTPOS terminal and always ensure that security identification is provided.
  • Inspect your EFTPOS terminals on a regular basis, to ensure that the terminal casing is whole with external security stickers remaining unbroken and of a high print quality.
  • Ensure that there are no additional cables running from your EFTPOS terminal.
  • Make sure that any CCTV or other security cameras located near your EFTPOS terminal(s) cannot observe cardholders entering details.
  • Notify ANZ Merchant Services (24 hours / 7 days a week) on 1800 039 025 immediately if:
  • your EFTPOS terminal is missing
  • you, or any member of your staff, is approached to perform maintenance, swap or remove your EFTPOS terminal without prior notification from ANZ and/or Security Identification is not provided
  • your EFTPOS terminal prints incorrect receipts or has incorrect details
  • your EFTPOS terminal is damaged or appears to be tampered with.

We've put together some tools and supporting material to further help you educate your staff on the importance of security and fraud prevention. Share this material with your staff or alternatively order these items from the stationery 'quicklink' located in the right hand column of this page.

Remember, terminal and data security is everyone's responsibility!

Support tools:

Video tools:

 

Fraud minimisation

Fraud is a problem for many merchants and can have a substantial financial impact on businesses. Criminals may use cards or card details illegally to make unauthorised purchases at your business.

How to minimise fraudulent transaction

Here are a few preventative steps your business can take to help minimise fraudulent transactions:

  • check the appearance of the card (for instance, does the card appear damaged or altered?)
  • make sure the signature on the signature panel of the card does not appear altered, and that the signature on the transaction voucher matches the one on the card if a PIN has not been used
  • be alert to customers who appear nervous, have no means of identification and ask for the transaction to be split or hand-keyed
  • do not allow equipment to be used by unauthorised persons
  • only process a refund to the same card used in the original transaction
  • always use CVV2 as part of your authorisation procedure for purchases where the cardholder is not present.

If you are suspicious about a Visa or MasterCard transaction, contact the Authorisation Centre on 1800 999 205 and select option 1. You may be asked a series of 'YES' or 'NO' questions to help the operator determine whether you should proceed with the transaction.

Remember: Your safety comes first – don't take any chances.

Get Smart About Fraud Online

APCA. Australian  Payments Clearing Association.
APCA (Australian Payments Clearing Association), with the support of the Australian Crime Commission and the Australian Federal Police, has developed Get Smart About Card Fraud Online - a convenient and free source of facts, tips and video case studies that can help you to be more informed about the risks of online card fraud. It also outlines steps you can take to prevent impacts to your business. For more information, go to APCA's Get Smart About Card Fraud Online.

More information

For more information on merchant security and fraud minimisation, please contact ANZ Merchant Services on 1800 039 025 available 24 hours a day, 7 days a week.

Visit the following websites for more information,

To view WMV files you will need a suitable media player, you can download Windows Media Player for free.

You need Adobe Reader to view PDF files. You can download Adobe Reader free of charge.