Retailers urged to address payments fraud

The Australian Payments Clearing Association has issued fraud protection guidelines for merchants, after revealing total payments fraud increased to 12.2 cents in every $1,000 transacted over the year.

APCA, which publishes fraud statistics twice a year, has revealed the total number and value of cheque and payment card fraud in Australia for the 12 months to the end of June 2011.

The figures show total payments fraud in Australia increased from 9.9 cents to 12.2 cents out of every $1,000 transacted over the past 12 months.

A breakdown of the figures reveals scheme credit, debit and charge fraud increased from 58.9 cents to 74.3 cents in every $1,000 transacted.

However, counterfeit and skimming fraud – perpetrated in Australia on overseas-issued cards – fell by 34% in value, and is at the lowest level since June 2006.

“We expect counterfeit and skimming fraud to decreased through to 2013, when all terminals and most cards in Australia will be chip-enabled,” APCA chief executive Chris Hamilton says.

Meanwhile, the figures show CNP fraud is increasing. CNP is where the consumer is not face-to-face with the retailer because they are purchasing items online, by mail or by phone.

The figures reveal CNP now accounts for 71% of fraud value on Australian-issued scheme credit, debit and charge cards, of which more than half occurs overseas.

This is related to the increasing number of Australian consumers shopping online, particularly on overseas websites due to the strength of the Australian dollar.

“Tackling CNP fraud requires effort from everyone, [including] the retailer,” Hamilton says.

Hamilton says retailers need to protect their customers’ card details by ensuring they are compliant with PCI Data Security Standards.

They can limit the opportunities for fraud by implementing stronger authentication methods, including a 3D Secure online fraud prevention solution.

3D Secure is a technical standard developed by Visa and MasterCard to further secure CNP.

To help retailers protect against CNP fraud, APCA is also developing online training on how to protect data and stay safe when doing business over the internet, to be released next year.

In the meantime, it has issued guidelines for merchants that use Eftpos terminals, which, according to APCA, should be treated as securely as cash registers.

“An Eftpos terminal that has been fraudulently tampered with can lead to significant losses,” it says.

“Criminals tamper with Eftpos terminals so that they can gather card account information. The information they capture is used to produce counterfeit cards to obtain cash at a later time.”

“Criminals can also get pins from the tampered Eftpos terminal or through other means, such as a hidden camera.”

Merchants should be particularly vigilant where:

• There is one staff member working on the premises alone.
• The business is in an isolated or remote location.
• The business is left unattended or closed for a period during the day.
• Particular Eftpos terminals are not attended or supervised from time to time.
• Wireless Eftpos terminals are in use.

Suggestions for protecting your Eftpos terminal:

• Lock the Eftpos terminal in its position, and remove and secure the Eftpos terminal when it is not in use.
• Regularly conduct an inventory check on your Eftpos terminals. Report missing or stolen terminals to your provider.
• Always verify the credentials of service staff or “official” visitors to your premises. Do not allow unannounced service visits or inspections.

Keep a list of all Eftpos terminals on your premises, including the following:

• The make, model and serial number.
• Where each Eftpos terminal is kept on your premises.
• Any stickers on the Eftpos terminal and where they are placed.
• The type of cables connected to the Eftpos terminal.