Helpful information for merchants
Terminal specs and capabilities
Machine Colour: Black
Display: 70mm colour touchscreen
Size: 162mm Long x 80mm Wide x 56mm High
Weight: 360 grams
Printer: 50mm paper roll
Connectivity: Mobile via 3G & WIFI, IP/Ethernet with Bluetooth to Base*
Machine Colour: White or Black
Display: 128 x 96 pixels, Coloured graphic display, High Contrast
Size: 90mm Long x 61mm Wide x 16.5mm High
Weight: 100 grams
Fraud & Security
Fraud is an increasing threat to businesses that accept electronic payments, particularly merchants that trade over the internet and through mail or telephone order. It is the responsibility of the merchant to verify—to the greatest extent possible—the cardholder’s identity and the validity of the transaction.
Bendigo Bank is here to help you prevent fraud and conduct business securely at point of sale and online. Some basic tips for combating fraud and maintaining data security can be found on this page.
Additional information on cyber-security, including tips and additional resources, are also available in the Staying Safe Online guide, published by Mastercard® and the Centre for Internet Safety (CIS) at the University of Canberra.
Obtain the three or four-digit card verification number from the cardholder (often referred to as CVV). The card verification number is a code printed on all Mastercard, Visa and American Express cards.
- From 1 April 2012, all eCommerce transactions must include the card verification number. An eCommerce transaction is defined as a payment accepted over the internet where the cardholder is entering the card details themselves.
- To maintain the security of the card, it’s important that this number is not stored in your system – therefore it’s optional for mail/telephone orders.
- The purpose of the card verification number is to attempt to verify that the person placing the order has the actual card in his or her possession.
- Requesting the card verification number can add a measure of security to the transaction.
Effectively leverage your own customer history data.
- If you have had a fraud event associated with a customer, the details of that transaction should be added to internal ‘negative lists’. Any subsequent order that shares the same characteristics should be considered suspicious.
Be alert for the following indicators and remember – any of these factors could pose a high risk.
- First-time shopper - criminals are always looking for new merchants to steal from.
- Larger-than-normal orders - because stolen cards or account numbers have a limited life span, criminals need to maximize the size of their purchase.
- Orders that include several varieties of the same item - having multiples of the same item increases a criminal’s profits.
- ‘Rush’ or ‘overnight’ shipping - criminals want their fraudulently obtained items as soon as possible for the quickest possible resale and aren’t concerned about extra delivery charges.
- Multiple transactions on one card over a very short period of time - this could be an attempt to ‘run a card’ until the account is closed.
- Inconsistencies - information in the order details such as a mismatch in the billing and shipping address, telephone area codes that aren’t aligned with postal area codes, email addresses that don’t look legitimate, and orders placed at unusual times of the day.
- Shipping to a single address, but transactions placed on multiple cards - this could involve account numbers generated using special software, or even a batch of stolen cards.
- Multiple transactions on one card or a similar card with a single billing address, but multiple shipping addresses - this could represent organised activity, rather than one individual at work.
- Especially for phone and internet orders - deliver goods to a person in a building and ask for ID.
- Multiple cards used from a single IP address - more than one or two cards could indicate a fraud scheme.
- Orders from internet addresses that make use of free e-mail services - as these e-mail services involve no billing relationships, there is often neither an audit trail nor any means to verify that a legitimate cardholder has opened the account
For internet (eCommerce) transactions, we recommend that you use 3-D Secure services to authenticate the cardholder’s identity, utilising Mastercard SecureCode and Verified by Visa.
By utilising 3-D Secure technology, a cardholder is presented with an authentication page provided by the card issuer as part of the purchase process.
- Verified by Visa and Mastercard SecureCode offer chargeback protection for enrolled merchants on consumer (but not business and pre-paid) card products.
- Transactions are not processed if the cardholder fails the authentication process.
In most instances, the use of 3-D Secure authentication will make the card issuer responsible for the chargeback liability on any fraudulent transactions. However, merchants will still remain liable for chargebacks related to the goods or services provided (e.g. not as specified, goods not received, etc.). It is important that you read through the terms and conditions around chargeback liability – particularly regarding which cards are covered by 3-D Secure (for instance, commercial and pre-paid cards are generally not covered).
3-D Secure should not be considered a substitute for your own risk management practices – you should continue to monitor high risk or suspicious sales. We recommend that you cancel and refund any order that seems suspicious.
Card data ranks amongst an individual’s most important personal information. For this reason, your customers must be certain that their personal card data is secure at all times.
In today’s environment, there are a number of ways that cardholder data is transmitted, processed and stored. On the flipside, there are an equal number of ways for fraudsters to gain access to this information.
Payment account data security is mandated globally by the Payment Card Industry Data Security Standards (PCI DSS, or just “PCI”). This is governed by the PCI Security Standards Council.
It’s your responsibility as a merchant to keep cardholder data secure. Because a united front is the best way to minimise the chances of cardholder data getting into the wrong hands, the team at Bendigo Bank are more than happy to assist you with all matters relating to your PCI compliance.
The easiest way to reduce your responsibilities with PCI is not to transmit, process or store card data through your systems. Most payment gateways will be able to provide you with solutions that transmit card data directly from your customer’s computer to the payment gateway. These solutions may be hosted payment pages or integrated solutions that use an iFrame or a transparent redirect. If you offer recurring billing, your payment gateway can store card details with the gateway and use a token to replace the card numbers in your system.
If you are using an integrated API (Application Programming Interface) to submit transactions to your payment gateway, your systems are still within scope of the PCI standards. The reason for this is that an API connects with your web server, not the web page directly, so card data is decrypted and re-encrypted by your server as it is transmitted to the payment gateway. You will be required to validate that no residual card data is retained in your system’s memory or log files.
PCI DSS protects cardholders and minimises the risk to your business. Among the many benefits of adhering to the PCI DSS requirements are:
- Protect customer data.
- Provide a complete ‘health check’ for any business that stores or transmits customer information.
- Lower exposure to financial losses and remediation costs.
- Maintain customer trust and safeguard the reputation of their brand.
In addition , we have also put together some tips to help minimise the risk of fraud at point of sale. The best course of action is awareness and prevention.
- Check that the person presenting is the card holder.
- Confirm the card number matches the abbreviated number printed on an EFTPOS receipt.
- Keep the card until you check the signature.
- Be wary of unusual shopping behaviour and multiple declines.
- Be wary when splitting a transaction over multiple cards.
- When the card is present, insert or swipe the card – never hand-key the card number.
- Check the holograms and validity dates.
- Don’t process transactions on unsigned cards or cards with “See ID” in the signature panel.
- If the goods are paid for over the phone, when the goods are collected ask for the card and arrange for the customer to sign the sales receipt.
- Authorisation is not proof of identity or guarantee of payment. It simply confirms funds are available and the card hasn’t been reported lost or stolen.
- Never process transactions for someone else. You will be liable in a dispute situation.
- Never fulfill requests for goods that you don’t normally trade in or sell.
- Keep your terminal secure at all times and minimise the number of people who know your refund password.
- Protect your customer’s PIN – never point cameras at terminals.
- Securely store transaction receipts containing full card details.
- For terminal service or exchange, ask for bank identification.
- If you’re not comfortable accepting card payment and the customer won’t provide another form of payment, don’t proceed with the transaction.
- Your safety is paramount – never put yourself in danger.
In the event of a dispute, the onus is on you to prove the goods or services were provided to the rightful owner. Failure to prove this will result in the full value of the transaction being debited from your account, plus any dispute fee.
[!!!] The fraud prevention examples provided are not a complete list of measures to minimise fraudulent behaviour or risks associated with merchant facilities. Bendigo Bank is not liable for any loss or damage suffered by you in reliance on this list of examples.
The latest updates in technology and banking reform.
The Reserve Bank of Australia (RBA) recently made reforms to surcharging laws, with the Australian Competition and Consumer Commission (ACCC) banning excessive surcharging by merchants on card transactions.
Since 1 September 20161, large merchants were required to ensure that any surcharge applied for accepting credit, debit and prepaid card payments did not exceed the cost that the merchant incurs for accepting these types of payment. These costs are known as the merchants’ cost of acceptance1. This requirement will now apply to all merchants from 1 September 2017.
The RBA’s reforms have a number of key benefits to merchants:
- New surcharging rules emphasise that a merchant is entitled to apply a surcharge to cover, but not exceed, the costs that they incur for accepting certain card types.
- Cards with attached rewards programs are typically more expensive for merchants. Surcharging allows merchants to pass on the cost of accepting these more expensive payment methods back to the customers who use those methods. This may encourage customers to use less expensive payment methods, thereby minimising merchant’s payment costs and the price of goods and services charged to all consumers.
- From 1 July 2017, merchant statements contain a breakdown of costs incurred for the different types of cards accepted. This will assist merchants in deciding whether to accept higher-cost payment methods, as well as ensure excessive surcharges are not applied.
- Merchants can ask their acquirers for information to assist with identifying different card types when presented at point of purchase. If you require this, we can arrange for you to receive a list of VISA and Mastercard BINs by emailing our Merchant operations.
From 1 July 2017, smaller merchants gained a greater understanding of their card payment costs and therefore reforms will apply to these merchants after 1 September 2017.
For more information about the new reforms for merchant surcharging, please visit the Q&A on the RBA website.
1 Merchants will be able to surcharge any of the cards covered by the RBA's standard up to the average percentage cost of acceptance in their annual statement for that card type. However, some merchants may have other costs of accepting a particular type of card that they would like to include in their surcharge. For more information on this, refer to the RBA’s questions and answers.
The National Broadband Network (NBN) is a new telecommunications network that will deliver high speed broadband and telephone services to all Australians.
The NBN is being rolled out to communities across Australia in a staged approach. You can check if your street address is in the rollout area on the NBN websiteThis external link will open in a new window.
Residents and businesses using landline telephone and ADSL internet services need to move their services over to the NBN if they wish to continue using them, as the current services that utilise existing infrastructure will be disconnected on the cut-off date in your area.
Your EFTPOS terminal provided by Bendigo Bank relies on either a telephone or internet connection to operate. All Bendigo EFTPOS terminals have been successfully tested on the NBN, so once you have connected to the NBN the terminals should continue to operate in the same manner as before.
Where to go for further information:
|For further information on the NBN and how it affects you||Visit the NBN website|
|For any questions relating to your telephone or internet service||Contact your telecommunications service provider|
|For questions relating to your EFTPOS terminal||Contact Bendigo Bank on 1800 334 702|
Can't find what you were looking for?
We can help