Small Business Security: Five Tips to Avoid Credit Card Fraud

1. Never give away your Zeller Account information.

No one needs to know your Zeller password except you. We will never ask you for it, and neither should your employees. It’s imperative that you not only keep this to yourself, but that your password can’t easily be guessed. Scammers who manage to acquire account information can login, change passwords and account information, add themselves as authorised users, and start transferring money or requesting new cards to be issued.

To help counteract this, Zeller has enabled two-factor authentication and also sends real-time security notifications that will immediately alert you to any changes to your account, such as logins from new devices or password or detail changes. It is important, however, not to rely on these layers of security, which are designed as a last resort. Instead, you must ensure that your account information doesn’t get into the wrong hands in the first place. 

Need to give your team members access to your Zeller Account? Learn how to manage user permissions here. 

2. Never transfer money on behalf of a customer.

One common type of scam that targets small businesses involves a fraudster deliberately overpaying for a service, and requesting that the additional funds are transferred to a third party. This type of scam is becoming more and more common in the hospitality and service industry so it’s important to be aware so that you know what to look out for. The scam involves a fraudster using a stolen credit card and pretending to work on behalf of a client. They seek out services that can be associated with other services, for example: 

• A bridal shop and a limousine driver
• An event space and a partyware hire business
• A restaurant and a florist

How does it work?

Let’s take the example of the restaurant and the florist. A fraudster contacts your restaurant saying they are organising a dinner for a client. They request to pay up front for a set menu for 10 people, which comes to a total of $1000. However, they pay you $2000, and request that you transfer the extra $1000 to the florist who will be providing the floral arrangements on the night. This ‘florist’, however, is an associate of the scammer. When the rightful owner of the credit card becomes aware of the illegitimate $2000 transaction, they will request a chargeback and your business will lose the transaction amount. Unlike other financial service providers, Zeller will not charge your business additional chargeback fees, and our dedicated Account Services team will work with you to compile information to help you defend the chargeback, too. 

3. Never click on a link from an unknown source.

One of the ways fraudsters acquire account information is through cyber attacks, otherwise known as phishing. This involves the fraudster tricking individuals into revealing banking information such as account passwords or credit card details. Most commonly, the attackers will contact you via email, phone or SMS and either ask you to confirm your account information, or will invite you to click on a link. When clicked, the link might install a virus on your computer, from where the fraudsters can start gaining access to your accounts. 

If you’re not sure, always proceed with caution. If you receive a request from a known service provider requesting information, contact them through their official customer service channels, not through the message you received. Legitimate Zeller email addresses will all end with ‘@myzeller.com’ and if we contact you via text message, the contact name will automatically appear as ‘Zeller’. 

4. Stop using magstripe card readers.

A magnetic stripe or ‘magstripe’ is a thin strip of magnetic material that you’ll see on the back of credit and debit cards. The strip contains encoded data, which, when swiped in a magstripe reader, is transmitted to a business’s payment provider, enabling the authorization and processing of the transaction. The problem with this technology (which was invented more than 60 years ago) is that the encoded data is very easy to duplicate. Fraudsters can place small electronic devices called ‘skimmers’ into EFTPOS machines or ATMs for example, and capture credit card information from the magstripe. 

As a result, chip-based EMV technology has instead become the global standard. EMV cards have an embedded microprocessor chip that is tamper proof and nearly impossible to clone, making it a much more secure alternative. When a customer taps or dips their card, the payment is processed using EMV technology. Zeller Terminal supports both EMV and magstripe transactions, however it will only ever prompt a customer to swipe their card in the cases where a card presented doesn’t have a chip, or if the chip is broken. If you are using an older EFTPOS machine or a mobile card reader, be cautious around customers who insist on swiping their card rather than tapping or dipping it. 

5. Be extra-vigilant when taking payments over the phone.

Over-the-phone payments, otherwise known as MOTO payments (standing for ‘mail order telephone order)’, give you the ability to manually enter a customer's card details on your Zeller Terminal, or Zeller Virtual Terminal. However, given that the customer is not in front of you, it’s harder to physically verify that the person making the payment is in fact the legal cardholder. Whenever you are processing a payment over the phone, look out for the following:

• Large orders with unusual quantities being placed by new customers
• Orders where the card initially declines and the customer continues to provide different card details to complete the transaction
• Orders where the customer requests payment to be made to a third party (see tip #2 above). 

Any of the above situations should immediately spark alarm bells. If you are suspicious a transaction may be be fraudulent, or if you are simply taking a MOTO payment from a customer you don’t know, we recommend the following:

• Take down the card details including the full name
• Take down the billing address
• Request ID as a screenshot or photo (if possible)
• If the products are being shipped, provide tracking details and request the customer’s signature

Make sure that the billing address and shipping address are the same, if not, ask why. Also make sure that the name associated with the payment card matches that of the ID. And if your customer is not willing to provide any of the details above, we recommend that you do not proceed with the transaction or accept any type of payment. 

Keep your business finances safe with Zeller.

When you accept payments with Zeller, you’re not alone. Behind every transaction is a team of anti-fraud experts and 24/7 monitoring that – in addition to the best practices outlined above – keeps your account secure. You can transact with confidence knowing that our dedicated team works hand-in-hand with advanced tools to successfully identify and act on suspicious activity. In the event that a chargeback does occur, our payment disputes team is here to support you. We will deal with the bank to help save you hours on the phone, and we will not charge you a fee. Plus, if you’re ever unsure, you can contact our support team from 9AM to 1AM, Australian Eastern Time, and you can read more about how Zeller keeps your business safe here.