With Christmas just around the corner, it’s important to stay vigilant as scams and fraud can happen to any business that accepts debit and credit card payments, and can have a significant financial and reputational impact at this time of year. 

Research suggests that global online payment fraud merchants stand to lose $206 billion between 2021 and 2025¹, and in 2021 overall card fraud increased by 5.7 per cent, to $495 million in Australia². 

You and your employees could be considered the first line of defence to detect fraudulent activity and prevent fraud before it happens.

Help protect your business and limit the impact of scams and fraud this Christmas by remembering these tips.

1. Watch out for warning signs. It’s important to pay special attention if one or more of these things happen:

• Large unusual transactions from unknown buyers. If they’re in your store you could ask for additional identification to make sure they are the true cardholder.
  • Tools like 3DSecure can help with these additional security processes.

Payment with many credit cards with similar or sequential numbers.

• Rush orders that need overnight or express shipping.
• High volume of transactions on a card over short periods of time.
• Transfer of funds to a transaction account or money transfer agency.

2. Be aware of refund fraud.

• Closely monitor all refunds to ensure they have a legitimate corresponding sale.
• Establish processes for only a small group of staff to process high-value refunds.
• Be alert to changes in staff behaviour or a sudden increase in their spending habits or wealth.
• Never refund a card transaction if: The customer asks you to refund the transaction in cash, to a bank account, through online international transfer services or different card. Credit cards can accept refunds even if the card is reported as lost or stolen.

3. Be careful of business email compromises & watch out for payroll scams:

In payroll scams, cybercriminals impersonate employees in an attempt to trick staff into redirecting funds to the scammer. Staff working in HR, payroll or finance are most at risk.

• The emails they receive might look official or even appear to come from a legitimate employee email address. 
• They may send ‘phishing scams’ in the form of fraudulent emails or SMS to your employees, usually containing a clickable link or an attachment to lure your employees in providing information about themselves, or your business. 
• They might ask for an urgent update of bank account details to a scammer account instead.
• In other cases, the first email will seem harmless, simply asking what the process for updating payment details is. The idea is to later make contact with a more targeted follow-up.

Educating staff on how to spot these fraudulent emails will mean your business isn’t compromised and money and customer trust aren’t lost. Here’s how to keep your business safe, as recommended by the Australian Cyber Security Centre.

1. If an email appears suspicious, don’t reply or click on any links. Instead, look up the person’s email address and create a new email to verify the request being made. If your company’s database lists phone numbers, give them a call to quickly check the email’s validity.
2. Always set a strong, unique, two-factor authentication password with your email. If you receive a notification about a bank account update you didn’t authorise, contact payroll immediately.
3. Frequently check your bank accounts for any unusual activity.
4. Avoid clicking on links or attachments sent in emails and make sure to report or check any suspicious-looking emails.

Gear up with extra security

Enrol your facility with 3Dsecure to protect your business from ‘friendly fraud’ and educate your staff on how to spot fraud in preparation for the Christmas period. For more information on protecting your business, read more on tips to prevent card chargebacks for your business, or visit commbank.com.au/business/security

We’re here to help

If you’re a CommBank customer and need immediate support, call us anytime: 

• 1800 230 177 for Australian-based support 24/7.
• 1800 022 966 if someone tampers with, removes or tries to remove your EFTPOS terminal.

CommBank is dedicated to supporting Australian retailers, to find out how we can help you search CommBank for Retail.

¹ Online Payment Fraud Losses to Exceed $206 billion Over the Next Five Years; Driven by Identity Fraud”; Juniper Research; July 2021; https://www.juniperresearch.com/pressreleases/online-payment-fraud-losse…

² Australian Payment Fraud 2022 Report; https://www.auspaynet.com.au/sites/default/files/2022-08/Fraud_Report_2022.pdf

Things you should know

This article is intended to provide general information of an educational nature only. It does not have regard to the financial situation or needs of any reader and must not be relied upon as financial product advice. You should consider seeking independent financial advice before making any decision based on this information. The information in this article and any opinions, conclusions or recommendations are reasonably held or made, based on the information available at the time of its publication but no representation or warranty, either expressed or implied, is made or provided as to the accuracy, reliability or completeness of any statement made in this article.

Commonwealth Bank of Australia ABN 48 123 123 124. AFSL and Australian Credit Licence 234945.