How can I protect my terminals from fraud?

How can I protect my terminals from fraud?

All merchants should be vigilant against tampering activity. Terminals can be stolen by criminals and tampered with. Terminals can also be tampered with while they are still on the premises. Merchants should be particularly cautious where:

  • There is one staff member working on the premises alone
  • The business is in an isolated or remote location
  • The business is left unattended or closed for a period during the day
  • Particular EFTPOS terminals are not attended or supervised from time to time
  • Wireless EFTPOS terminals are in use (It can be harder to keep track of where these terminals are at all times).

There are a variety of ways to ensure that your EFTPOS terminals stay protected from fraudulent behaviour:

1. Create a list of the EFTPOS terminals on your premises and include the following details for each terminal:

  • The make, model and serial number
  • Where each EFTPOS terminal is kept
  • Any stickers on the EFTPOS terminal and where they are placed
  • The type of cables connected to the EFTPOS terminal.

There are also activities you can carry out daily that will help prevent you being a victim of fraud:

  • On a daily basis check the serial number underneath the EFTPOS terminal against the serial number you have recorded on your list and/or that is displayed electronically on the EFTPOS terminal (if applicable). These serial numbers must match.
  • Also, check that the merchant name on the receipts being issued by the terminal is correct.

2. Other ways to protect your terminal include:

  • Locking it in its position with a cable lock or something similar. If practical, remove and secure the EFTPOS terminal when it is not in use.
  • Regularly conducting an inventory check on your EFTPOS terminals. Report missing or stolen terminals to your terminal provider immediately.
  • Always verify the credentials of service staff or ‘official’ visitors to your premises. Do not allow unannounced and unidentified service visits or inspections.
  • If an EFTPOS terminal is being connected make sure only authorised personnel do this, preferably two staff members at least.

Dispose of old EFTPOS terminals securely – return old terminals to your acquirer or to your terminal provider.

3. How can I check for evidence of tampering?

You should check daily for evidence of tampering. The following questions will help you identify the signs of tampering.

  • Do all the details on your terminal list still match your EFTPOS terminals?
  • Have any stickers been removed, replaced or damaged?
  • Does any part of the cabling look different?
  • Are there any additional electronic items connected to the EFTPOS terminal?
  • What should I do if I suspect that an EFTPOS terminal has been tampered with?

If you notice anything suspicious, disconnect the terminal immediately and contact your EFTPOS service provider. Keep the disconnected terminal in a secure place so that evidence such as fingerprints can be preserved. Contact the Paymark Customer Care Helpdesk immediately on 0800 PAYMARK (0800 729 627).

How can I protect my EFTPOS terminal connections?

How can I protect my EFTPOS terminal connections?

Make sure that the point at which your terminal connects to the network is not easily accessible to the general public. This means it will be more difficult for criminals to simply plug in and activate a replacement EFTPOS terminal.

You can also set up a warning notification or an alarm alert that will activate when a terminal is removed or replaced in the network. Include in your procedures that when an EFTPOS terminal is connected or reconnected, authorisation must be given before it can “go live”.

How can I protect myself against staff risk?

How can I protect myself against staff risk?

Criminals have been known to attempt to trick, bribe or threaten your staff into ‘looking the other way’ while they tamper with your EFTPOS terminals. To assist in preventing this from happening, only allow senior staff to replace terminals and perform the daily fraud checks. Ideally, two staff members should undertake these activities together.

Do not allow any staff access to CCTV equipment and before you hire new employees, conduct a background check. It is also beneficial to randomly check that your staff members are complying with these guidelines.

Ensure that your staff are aware of these guidelines and have been trained to follow them. Make your staff conscious of the risks and consequences of fraud and consider rewarding employees that notice suspicious activity.

How can I prevent criminals from obtaining the PIN details from my customers?

How can I prevent criminals from obtaining the PIN details from my customers?

Criminals may attempt to obtain details of PINs from customers. This can be done in a variety of ways; however you can take steps to avoid it happening:

  • Check false ceilings above where the EFTPOS terminal is kept.
  • Be aware of anything different in the area surrounding the EFTPOS terminal, including leaflets and charity boxes – they may be hiding a small camera.
  • Make sure your surveillance camera adequately covers the area where an EFTPOS terminal is kept. It is important that the camera should not be able to record the PIN as a customer enters it.
  • Report and disconnect suspicious terminals.