On May 5, 2017

Business Information Sheet – Credit Card Security

Data from Australian Payments Clearing Association (APCA) in 2014 shows that 0.02% of all credit card and cheque transactions were fraudulent – total of $311 million. Over the last ten years, the amount of fraud has increased significantly due to a rise in online transactions (where the physical card is not present), and sophistication of the technology used by the criminals.

Types of Credit Cards

  • Stored value cards – gift cards, phone cards, petrol cards and in-store cards
  • Debit cards – connected to a bank account
  • Credit cards – connected to a credit account with an agreement that funds will be paid to the provider at a later date.

Types of Credit Card Fraud

  • Card not presented – making purchases over phone or internet; it is easy to provide another person’s card details
  • Counterfeit card – using fake credit cards, created by ‘skimming’ the data from legitimate cards
  • Card not received – cards stolen from mailbox before the recipient receives the card; the thief activates and uses the card before the correct owner realises it has not been received
  • Application fraud – using a false identity for a credit card application

Merchant Responsibilities

A business that uses credit card details must take care of security of credit card details. As a merchant you will be bound by the institution that issues the credit card payment facility and their terms of use. These institutions are in turn bound by the PCI Security Standards, (a global governing body), as well as local laws.

  • Do not store ANY sensitive cardholder details on computer or paper—this means you may not store any numbers, dates, security code or photocopy of the card. The only detail you may store is the customer’s name.
  • Some online payment gateways do store the data in encrypted form, this may be acceptable – you will need to check the provider’s information about security and privacy.
  • Ensure card readers, point-of-sale systems and online payment systems are secure and limited to approved users only. Never allow staff members or customers to remove the device from the point-of-sale area. Consider locking the device in place.
  • Mark all devices and cables with an identification number or symbol to show that it is your device.
  • Record any serial numbers provided by the facility provider and check your device against the number provided – these must match.
  • Ensure access to sensitive information during the transaction is limited to approved users
  • Use approved merchant facilities only
  • Make sure all your computer and online systems are protected with firewall, passwords, user integrity, and backups
  • Change passwords regularly
  • Check any physical merchant devices for skimming devices
  • Check that receipts issued by the device have the exact and correct merchant name.


© The Institute of Certified Bookkeepers

  • By Jennifer Lawrence  0 Comments   
  • EFTPOS, fraud, security