Estimated reading time is 4 minutes.

The importance of cashless payments

Being able to accept payment by credit or debit card is essential in today’s world. But businesses need to guard against scammers whose actions may cost them dearly.

Cashless payments have become the norm for Australian businesses. Customers expect to be able to pay for goods and services by credit or debit card, or by way of a mobile app, regardless of the purchase cost. Businesses that don’t offer electronic payment facilities, or have a merchant terminal, may lose sales as a result.

But while the electronic payment system is efficient and convenient for both businesses and customers, it can also be targeted by criminals looking for a quick dollar.

It’s important to be alert to payment fraud and to take steps to protect your business against it. Failure to do so may result in your business being left out of pocket for chargebacks and the value of fraudulently obtained good and services.

Educate yourself about common payment scams

Criminals can be very creative. Some devote considerable energy to identifying and exploiting potential weaknesses in the electronic payment system. It’s important to know about commonly reported scams. Here are a couple of ways they’ve managed to exploit unsuspecting Australian businesses.

Terminal takeover

Temporarily ‘taking over’ the merchant terminal can allow scammers to re-key a transaction amount, or pay for goods and services using a stolen card number. One Gold Coast cafe found this out the hard way when two diners came to pay for their $25 breakfast and insisted on holding the terminal ‘for security reasons’.

While one customer distracted the cashier, the other cancelled the original transaction and entered another for $2,500. He then made a payment by manually keying a stolen card number into the terminal. After receiving a receipt which showed he’d been charged $2,500, the customer demanded an immediate refund. He insisted this be paid onto his companion’s card as he himself was late for work. Hoping to defuse the situation, the cafe owner agreed to do so, only to receive a chargeback notice a week later when the owner of the stolen card reported the transaction as fraudulent.

Third party payment scams

Processing payments on behalf of third parties can be costly. It certainly was for one Sydney dance school owner. After exchanging numerous emails with a potential client, he agreed to accept a credit card payment for their tuition bill via email. He also agreed to accept an additional amount. This extra amount was to pay the driver who would be bringing the children to their lessons; as he’d been told the driver didn’t have his own merchant terminal.

Prior to classes commencing, the owner processed the agreed payment of $1,200. This included $700 for lessons and $500 for the driver, using the credit card details that had been emailed through. The next day, the driver arrived and collected his $500 in cash. But the children failed to turn up for their lessons and emails to the ‘parent’ who’d booked them went unanswered. The following week, the dance school was notified that the card details had been stolen. In addition to the $1,200 chargeback, the business was out of pocket for the $500 paid out in cash.

Stopping scammers in their tracks

Being alert to fraudulent payment activity can reduce the chances of your business falling victim to scams. Here are some simple tips to follow:

  • Keep payment terminals behind the counter. Don’t allow customers to edit or manually enter transactions and, if you don’t require the key entry feature on your terminal, ask your banker to switch it off.
  • Never accept payments on behalf of third parties, or for services you did not provide.
  • Don’t agree to forward payments to other businesses.
  • Don’t allow people to leave debit or credit card details with you for processing after they’ve left the premises.
  • Never refund money to a card other than the one originally presented.
  • Educate your staff about scams by discussing scam alerts and instances of fraud.
  • Trust your instinct – if you have concerns about a transaction, contact your bank for guidance.

To learn more about protecting your business from fraud and scams, visit the NAB Security Hub.

If you’re a NAB customer and believe you’ve been impacted by a merchant scam, please call 1300 622 372 and select Option 3, 7 days a week between 9am – 5pm. Outside of these hours, please call 13 22 65 and quote ‘Fraud’.

Helpful resources

Want to learn more about protecting your business from scammers and cyber-criminals? Here are some resources for you and your team.

Stay Smart Online provides straightforward advice to help small businesses respond to cyber-threats and protect themselves online.

The Australian Cyber Security Centre is a hub for private and public sector agencies to share information about cyber-security risks and strategies to combat them.

Australian Cybercrime Online Reporting Network (ACORN) is a national policing initiative to report cyber-crime and online incidents that may breach Australian law.

Scamwatch is an Australian Competition and Consumer Commission (ACCC) site that provides information to help consumers and small businesses recognise, avoid and report scams.

Safely storing your data

Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?

Building employee awareness of cyber safety

When it comes to managing cyber safety risks and protecting your business your employees are your first line of defence.

Understanding the value of your business data

Protecting valuable business data from cyber crime is everyone’s business.

How to protect your website from being compromised

Your website is your face to the world and is a target for cyber criminals 24 hours a day. How safe is it from a cyber attack?

Cyber safety

Stay informed

Report a suspicious NAB message
Report a suspicious text

047 NAB 0003