How to Avoid Credit Card Fraud

Safeguarding your business against fraud is important, particularly if your business is accepting credit cards. Credit card fraud and identity theft can never be eliminated, but rather something that must be managed with the right security measures.


Preventing the cause of fraud

If you can and it's appropriate, avoid the chance of credit card fraud by asking for and offering alternative payment options for customers. Ensure your ASB facility is approved to process mail, telephone and/or internet orders before accepting card payments.

If you don't have to accept credit cards, then your fraud rate will be zero.

But if credit card orders are part of your business model, either over the phone or for online purchases, there are some things you can do to reduce the chance of fraud:

  • Take extra care to validate the customer's personal information and question any changes if customers request you amend their card details for future purchases. Contact someone you trust to confirm the change if you suspect fraud.
  • Be wary of new accounts if the address the goods are sent to differ from the cardholder's address (especially if the credit card address and shipping destination are different countries).
  • Question an order to be shipped overseas if the customer could purchase the goods locally for a similar or lower price.
  • Have deliveries made 'signature required' with your choice of courier to minimise the risk of carrier collusion. At the same time, never deliver goods to unattended premises.
  • When receiving card payments, ensure you never request for credit card information to be sent to your business by email. Email is not a secure channel, and fraudsters can steal money by intercepting card or account numbers and using them for fraudulent activity.
  • For paper invoices and mail or telephone orders, utilise options such as click-to-pay invoicing solutions. They allow your business to create a payment order that can be copied into an email. This is a far safer way of processing card details.
  • For e-commerce merchants, the safest option is to use an approved outsourced third party to capture and process payments for customers shopping online through your website.
  • Be vigilant about suspicious activity. This can include spotting unusual spending patterns or behaviour that could help you identify early warning signs that something may not be right.

Protecting your business

The chance of credit card fraud lowers if the cardholder pays in-store with their physical credit card to swipe, insert and/or enter a PIN. Making a transaction with a physical card makes defrauding more difficult from a distance online.

If you do experience credit card fraud, possibly the first you'll know is when you get a chargeback from the credit card company (a reversal of a credit card payment from your account). For this reason, merchants must take steps to identify the purchaser and ensure that all transactions are legitimate.

Authorisation approval

Authorisation approval does not mean that the merchant is guaranteed payment. Approval only indicates that at the time the credit card issuer approved the transaction, the card hasn't been reported lost or stolen and that the card credit limit has not been exceeded.

If someone else is using the credit card number illegally, the cardholder has a right to dispute the 'approved' charges, and the transaction could be charged back to your business.

Refund fraud

Refund fraud is a common type of fraud where credit card transactions have been refunded by the card issuer via your EFTPOS terminal. It is often committed by employees processing refunds to their own credit or debit card. To avoid detection, they may create a large sale using fraudulent credit card numbers, then process a refund to their own card.

To protect your business against this type of fraud, we recommend you closely monitor your accounts of all refunds, checking they all correspond to a legitimate sale and are refunded back to the card used in the original purchase.

Shipping scam

An increasingly common scam we are seeing is what's called a ‘shipping scam'. These types of scams involve a malicious third party using a stolen credit card to pay for goods. The scammer contacts the business requesting goods to be shipped overseas, requesting a price including freight charges to be billed and split between several cards.

The scammer insists that the business use a particular shipping company and provides phoney contact information. The business then contacts that 'shipping company' which requests the freight charges be transferred upfront to a nominated account number.

The business is fooled into making the transfer after having checked that the credit cards have sufficient funds and are not reported stolen. But the shipping company's email address is a front for the scammers and the credit card details are stolen, probably from online card accounts which may take some time to discover.

At the end of the day, the business can be out of pocket for the cost of the shipping.

Ticket scams

Another prominent scam on the rise relates to sales. These are generally for tickets – tourism activities and travel passes etc., via private sellers on a social media app or resale website.

The scammer poses as an independent re-seller offering discounted prices for tickets via this online platform. The seller buys the tickets from the rightful ticket company using illegally obtained card details.

These tickets are then onsold to the unaware consumer, who pays for the tickets at a discounted rate via bank transfer. The ticket company then receives a reversal/chargeback for the fraudulent transaction a short time later.

You are within your rights to decline suspicious orders or fraud. Credit card details illegally obtained will leave your business liable for any loss incurred by the legitimate cardholders who dispute any transactions after an account takeover.

Next steps


If you experience fraud, try to stop the delivery of the goods in question if they are still in transit.

Get tips and tools to help run your business straight to your inbox.

No thanks