Fraud

Part 1

Melanie Olson, Manager, Intelligence, Fraud and Cyber Crime helps you tackle eftpos fraud, cash register safety, credit card fraud and detecting stolen credit cards.

View part 2.

Transcript 

Melanie Olson: Fraud is defined as obtaining a benefit, usually financial, by deception. 

Small businesses can be defrauded in a number of different ways. The most prevalent way is through eftpos terminals or through misuse of credit cards, either fraudulent credit cards or stolen ones. And there's also the card not present fraud where a person provides the information of their credit card details over the phone. 

A business can be targeted using eftpos machines by criminal groups in many different ways. And they'll change their methods to attack particular witnesses that they identify. 

One common way is to approach a business saying they're from a bank and replacing the eftpos terminal with one of their own which they can then use. 

Another way is via the cash register. The eftpos connection to the cash register, it requires an internet connection, and that can be used by criminal groups uploading malware. 

There are a number of steps a business can take to limit its vulnerability to eftpos fraud.

It's important that staff are aware that eftpos security is paramount. If the eftpos terminal is not being utilised, it should be kept under the counter or in a drawer so that it's not accessible by the public. Also, the cash register should not be utilised by staff to access the internet, other than eftpos transactions. 

If a business suspects it's been the victim of eftpos fraud, the first thing it should do is contact the bank. They're likely to advise them to close the terminal immediately via switching off the eftpos terminal to allow the bank to have some time to investigate the matter. If they've suffered a financial loss, they should contact the police and they should contact their business headquarters. And if they are within a large financial centre, they should contact central management or security. 

Criminals can target a business using fraudulent credit cards by obtaining information from a real credit card by scanning that information through an ATM or an eftpos terminal and then creating another fraudulent card with that information on it. That card can use a PIN or a signature, and the information on the card isn't necessarily the same as the account holder's name. So when that information is printed off on the receipt, the credit card number or the person's name may not be the same as what is indicated on the card itself. 


There are a number of steps a business can take to limit its vulnerability to credit card fraud.

Firstly, staff should ensure they check the receipt against the card itself and make sure all the details on the receipt are the same as the card. 

Businesses should also consider setting floor limits. So if a purchase is over a certain amount, a bank authorisation should be required. 

Businesses should be more suspicious of brand new cards and be more vigilant with those. Businesses should also instruct their staff not to allow manual import of the credit card number. That's sometimes used if the credit card chip or the swipe doesn't work. 

Businesses should also consider installing CCTV, because any obvious security like that can deter criminal groups from targeting that particular business. 

Lastly, if a business suspects the card is stolen rather than fraudulent, they should ask for some photo ID, like a driver's license, to compare the name on the driver's license with the name on the credit card. 

If you suspect your eftpos facilities or your credit card security has been compromised, the first thing you should do is contact your bank, and they'll provide some advice to you. You should also contact the police and secure any CCTV footage if it's available. And you should contact security or centre management if you're within a large commercial centre. 

Business owners should check the eftpos terminal regularly to ensure that it is their actual terminal. And they might consider putting their own identifier underneath by etching it or something like that. 

There are a number of resources available for businesses to stay aware and up-to-date on the latest fraud trends. The New South Wales Police Force and Cybercrime Squad have information on our website-- this includes fact sheets on various types of fraud and what you can do to protect yourself and your money. This site also has links to other government websites that provide excellent information. There is an ACCC site called SCAMwatch. This provides a detailed guide on spotting, avoiding and reporting consumer fraud. Concerned people can also contact their local police, or the police assistance line to report information on 131 444.

Contacts 

Triple Zero (000) for emergencies or life threatening situations.

Police Assistance Line: 131 444 for non-emergencies.

Crime Stoppers: 1800 333 000 to provide crime information. You can remain anonymous. 

Part 2

Find out more about credit card purchases over the phone or online, chip technology on cards, and tap-and-go and Paywave scams from Melanie Olson, Manager, Intelligence, Fraud and Cyber Crime. 

Transcript 

Melanie Olson: Fraud is defined as a tiny benefit, usually financial, by section. 

Small businesses can be defrauded in a number of different ways. 

The most prevalent way is through eftpos terminals, or through misuse of credit cards, either fraudulent credit cards or stolen ones. And there's also the card not present fraud where a person provides the information of their credit card details over the phone. 

Credit card not present fraud poses a big risk to a business. That's where a customer rings up and provides information over the phone about their credit card, or they'll go online and make a purchase from the business online. 

The business should make sure that it's aware of its eftpos terminal usage, that it's been set by the bank, that you need to make sure that you've been set up as an online business, or to accept credit card not present transactions. If not, you may be liable for those transactions. 

If a business is defrauded it isn't necessary protected, and it won't necessarily have its funds reimbursed by the bank. The bank will need to be satisfied that the business took adequate steps to identify the customer before they make that transaction. If so, they're likely to get their funds reimbursed. If not, the bank will charge that small business for the amount of money they had to reimbursed the legitimate credit card owner. In that case, the business loses out twice because they've lost the goods and they've also lost the money that the bank has had to claim back from them. 

Chip technology is a square gold chip that is inserted on a credit card now. All Visa cards and MasterCards are being issued with those from now on. That square gold chip holds all the account holder's details, and that was previously on the magnetic strip on the back of the card. 

Chip technology is much harder for criminals to replicate. If a chip doesn't work in your eftpos terminal, you should be very suspicious of that, particularly if you know that your terminal has been used successfully by chip cards several times that day. 

payWave or tap-and-go is a new form of payment that utilises the chip technology on the credit card, and it allows the customer to use the card to make small transactions less than $100. 

payWave cards can be used to defraud because they allow a customer to make several transactions under the $100 value limit. And a business should be suspicious if a person is making several transactions under that $100 limit, whereas if I had combined that to make one transaction it would require authorization from the bank.

If a business suspects it's been defrauded using payWave, it's similar to the advice we give on other forms of fraud. You should contact the bank, contact the police, secure CCTV footage, and contact security or centre management ?] if they're in a big centre. 

There are a number of other scams and activities that businesses need to be aware of in relation to fraud. Criminal groups are always evolving in methods to access money in a more effective way, and businesses should be aware that this can be perpetrated by their staff, or by the community, or both. 

Things that you should look out for include suspicious transactions like a person making a small purchase just to check that the card's working, and then purchase a really high value item. Another way is for them to purchase a number of high value gift cards because that gives them access to funds without having to use that fake credit card which they can then throw away. 

There are a number of resources available for businesses to stay aware and up to date on the latest fraud trends. The New South Wales Police Force Fraud and Cybercrime Squad have information on our website. Basically, it's fact sheets on various types of fraud and what you can do to protect yourself and your money. This site also has links to other government websites that provide excellent information. There is an agency site called SCAMwatch. This provides a detailed guide on squashing, avoiding, and reporting consumer fraud. Concerned people can also contact their local place, or the Police Assistance Line to report information on 131 444.

Contacts 

Triple Zero (000) for emergencies or life threatening situations.

Police Assistance Line: 131 444 for non-emergencies.

Crime Stoppers: 1800 333 000 to provide crime information. You can remain anonymous. 

Last updated: Thursday, 11 December 2014