The Tyro Blog

12 April 2018 - 5 min read


Staying on the front foot of fraud

Every business needs to be aware of and prepared for fraud. From chargebacks to Funds Transfer Fraud, it’s important to refresh your knowledge. Here are eight ways to stay on the front foot.

1. Understand “Chargebacks”

The chargeback framework provides a process for cardholders to dispute transactions processed by merchants, most commonly because their card was used without their consent or the merchant didn’t provide the goods and services the cardholder expected.

There are two types of chargebacks – fraud chargebacks and non-fraud chargebacks.

Fraud chargebacks occur where the cardholder claims that their card was used without their consent. The merchant must then prove the cardholder, and not another person in possession of the card or card details, initiated and completed the transaction.

Non-fraud chargebacks happen where the cardholder claims that the merchant did not provide goods and services as described. The merchant must prove the goods and services were provided in accordance with the agreement between the two parties.

Chargebacks are managed in accordance with the regulations set by each card scheme, for example Mastercard® and Visa, and they make the ultimate determination of financial liability. Where the regulations permit, Tyro will take steps to defend chargebacks and shift liability from our merchant to the cardholder.

2. Know the meaning of “Authorisation”

The authorisation process undertaken by your payment machine confirms that the card used in the payment transaction has not been blocked by the card issuer and has sufficient funds to cover the transaction value.

Authorisation may return an “approval”, however this does not mean that the card is being used by the genuine cardholder. It is important to consider this when processing Mail Order/Telephone Order (MOTO) transactions as you can’t see the person holding the card. So remember, chargebacks may still be received even when authorisation/approval is provided.

3. Know the risks of Mail Order/Telephone Order (MOTO) hand-keyed transactions

MOTO transactions are riskier than other transactions and are more likely to result in a chargeback because the cardholder is not present when the transaction occurs. In the event of a chargeback, it is your responsibility to prove the actual cardholder (and not a fraudster in possession of the card details) initiated and completed the transaction, meaning that the risk of MOTO transactions resides with you, not Tyro or the cardholder.

MOTO transactions should only be processed when you are prepared to cover the cost of the transaction and should never be processed when the cardholder is present.
If you have MOTO enabled on your merchant facility and would like to have this functionality removed, please contact Tyro Customer Support on 1300 966 639.

4. Never refund to an alternative card or by another payment method

When providing refunds, only refund to the card used in the corresponding payment transaction and never provide a refund for more than the value of the corresponding sale.

If you process a payment on a card and then refund to a different card or by another payment method such as a bank transfer, the different card or other payment destination has immediate access to the funds and a chargeback may be received against the card used in the corresponding payment transaction, leaving you out-of-pocket.

5. Avoid authentication by-pass techniques

Your merchant machine has security features to protect you from fraud. To benefit from these security features, always tap or dip the card and refrain from using MOTO functionality when the cardholder is present.

If a card fails to be read by the machine when tapped or dipped, you should request a different card from the cardholder.

A magnetic stripe transaction should only be processed when directed by the EFTPOS machine. You should check the card looks genuine and is being correctly tapped or dipped into the machine before allowing use of the magnetic stripe, as the cardholder may be seeking to by-pass authentication provided by contactless and dipped transactions.

It’s not wise to split transactions into smaller amounts, especially when this is requested by the cardholder, as this may result in chargebacks.

6. Safeguard your machine

When you dip the card and ask the cardholder to key their PIN, keep focus on your merchant machine at all times and never allow the cardholder to operate the machine unattended. This will prevent the cardholder from cancelling the authenticated chip transaction, engaging the MOTO functionality on the machine, and processing a card not present transaction that leaves you vulnerable to fraud chargebacks.

When unattended, specifically out of business hours, ensure your machine is stored safely to avoid theft and manipulation. You should check the machine daily for any signs of tampering.

7. Never process payments for others

If you process payments on behalf of a third party, you wear the liability for those transactions. This might include chargebacks and financial penalties that result from fraud, non-delivery of goods/services, or compliance breaches relating to the sale of illegal goods or engagement in financial crimes.

8. Avoid Funds Transfer Fraud

Never increase the value of a payment transaction to cover monies owed by a cardholder to an unknown third party, such as a courier service, and never make payments to these third parties via money or bank transfers.

Fraudsters use Funds Transfer Fraud as a way to extract cash from merchants, generally by placing larger value orders over the phone. This often results in monies being transferred to (say) a courier engaged in the fraudulent activity and a fraud chargeback being received because the card used in the payment transaction was stolen.

Mastercard is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated.