10 things to know if you’re taking payments

Increase security and reduce fraud by making sure everyone taking payments for your business knows these 10 important points:

1 - Authorisation does not guarantee payment

It only confirms that the card has sufficient funds available and has not been reported as lost or stolen at that point in time. If a transaction turns out to be fraudulent, you may be liable for chargebacks. Please note you should not enter an authorisation code provided by the cardholder. Authorisation codes can only be obtained from a cardholder’s bank (either via machine or gateway, or Authorisation Line).

2 - Your account can only be used for what it was approved for.

• It cannot be used as a personal banking machine.
• It cannot be used to sell your own personal property.
• It cannot be used to take payments on behalf of another business.

Any changes to your account setup must be pre-approved by Elavon.

3 - Credit-card terminals must be stored in a secure manner.

This is to ensure they cannot be accessed by fraudsters or removed from the premises. Take regular inventory of your terminals and if one is missing, contact Elavon immediately.

4 - Vigilance is the first line of defence against fraud attacks.

Fraudsters may attempt to distract you during a transaction, allowing them time to alter the amount, use a stolen card, enter a card number manually or issue a refund. Check the transaction receipt for any variances, such as ‘keyed’ or ‘*’ for swiped or chip-and-PIN cards, as soon as it is printed. They might indicate that the card used was copied.

5 - Set up a password on your terminal for refunds

and ensure only key personnel have access to it. This will ensure no unauthorised refunds will be processed by fraudsters.

6 - Always remember to issue a refund to the same card from which the original sale was taken.

7 - If you suspect that a fraudulent transaction has been processed

you may still be able to void it, provided you have not performed an ‘end of day’ on the terminal. Call your terminal provider and ask them to walk you through the steps of voiding a transaction.

8 - Mail order and telephone (MOTO) transactions represent the highest risk

due to the difficulties in validating that the cardholder is who they claim to be. Use chip and PIN or contactless where possible and consider participation in pay-by-link if your business model requires MOTO processing. Talk to us about this.

9 - Complete a sense check on incoming orders.

• Is the order unusually large for a single customer?
• Are they looking to use multiple cards to pay?
• Should the goods be available closer to where they are located?
• Are they organising their own courier to collect the goods?
• Is the shipment address a third-party address (e.g. hotel, service station, etc)

These may be indications of fraud and if you are not comfortable to proceed with the order, you should ask the customer to come to the store and perform a chip-and-PIN transaction.

10 - For eCommerce processing.

Work with your gateway to ensure that you have up-to-date fraud prevention measures in place to prevent fraud attacks and to deter card testing on your website (also known as carding).