We are the security experts so it’s our responsibility – not our customers’ – to keep payments safe and data encrypted. Tyro was the first and only Australian EFTPOS provider who was successfully validated against the Payment Card Industry Data Security Standard (PCI-DSS). These standards define security practices to enhance payment card security. The PCI Council also manage two other major security standards.
PIN Transaction Security Standards
These standards ensure the security of a cardholder’s PIN entered via an EFTPOS terminal.
Payment Application Data Security Standards
These standards define how software vendors write secure applications that handle card data.
How we keep payments secure
At Tyro, we believe it’s our responsibility to ensure payment security. Therefore:
- All Tyro terminals are PCI-PTS compliant.
- We never share any cardholder data with the Point of Sale (POS), so the POS is also out of scope for PCI PA-DSS.
- We never share any cardholder data with the merchant.
- All cardholder data is encrypted on the Tyro terminal and the merchant has no way of decrypting this data.
- Tyro terminal PIN pads are protected with a unique key entry shield to increase privacy.
You should also use the current self-assessment form to see how you compare against the PCI-DSS recommendations.
How to protect yourself
In addition to compliance, these are additional precautions to protect your business from security threats.
Data theft prevention
Protecting cardholder data is vital. If fraudsters get their hands on the PIN and other authentication data, they can impersonate the cardholder, use the card, and steal the cardholder’s identity.
Use firewalls
Put a wall between you and online hackers with an effective firewall.
Make sure your operations are in line with security best practices by visiting Stay Smart Online.
Use anti-virus software
Your POS system and any mobile devices that connect to the same network as your EFTPOS terminals should have anti-virus and anti-malware software installed.
Useful security links
Ways to safeguard against fraud
Be aware that fraud can happen. Here are some of the warning signs for potentially fraudulent transactions and some ways to safeguard against the risk.
- Request for the card security code for MOTO orders
- Search for customer’s name and contact details online
- Check if the phone number is registered
- Call customer for order verification
- Ask customer to email or fax a copy of their driver’s licence
- Send goods by courier to be signed for upon receipt
- Follow guidelines as stated in our Merchant Agreement
Remember – just because the credit card seems legitimate, does not mean that the person providing the card or card number is a legitimate card holder. If you unsure about a transaction, call Tyro’s Fraud Analysis Team on (02) 8907 1610 or email merchant-compliance@tyro.com.
Types of fraud
Mail Order/Telephone Order (MOTO) fraud
The most common type of card fraud is when someone places an order over the phone or via email using one or more stolen card numbers. The actual cardholder is unaware their card details have been compromised until charges from your business appear on their statement.
If suspicious, call Tyro’s Fraud Analysis Team on (02) 8907 1610 before processing the payment. They will ask you a series of questions to help you make an informed decision about the transaction. Note: The risk of all card not present transactions resides with the merchant, not the bank or the cardholder.
Order refund fraud
This is when someone places an order, then cancels it and asks to be refunded to a different card, via bank transfer or in cash. They aren’t interested in buying your goods, but trying to get you to transfer money to them.
Eg: A customer makes a booking at your hotel. They call a few days later to cancel and request for the refund to be credited to a different card number or to a bank account because they have allegedly lost their card. Later you receive a chargeback for the original transaction.
What to do: Always refund to the card number that the transaction was made on. If the customer states they lost their card, advise them to contact their bank and raise a chargeback.
Third party payments fraud
This is when a customer asks you to debit their card and transfer the funds to a third party. They aren’t interested in buying your goods, but trying to get you to transfer money to them.
Eg: An overseas customer places a large order of heavy items to be shipped overseas and requests shipment be made through their preferred shipping agent. They request you to debit their credit card for the cost of the shipping and transfer the funds to the shipping company via wire or bank transfer. The shipping container doesn’t arrive and you receive chargebacks for all transactions processed to the customer’s card.
What to do: Never process a transaction to pay for external third-party costs (costs not related to your business).
Counterfeit card fraud
This is when a person tries to use a counterfeit card in store that will not tap or swipe because the information on the card is incomplete.
Eg: A customer is in store and trying to pay for a high-value item. The card they have presented you with isn’t working. The customer tells you this happens all the time and you should manually enter the card number. Later you receive a chargeback for the transaction.
What to do: Always dip, tap or swipe the card for card present transactions. If the card presented does not work, ask the customer for a different card. Never enter the card number manually.
The most common type of card fraud is when someone places an order over the phone or via email using one or more stolen card numbers. The actual cardholder is unaware their card details have been compromised until charges from your business appear on their statement.
If suspicious, call Tyro’s Fraud Analysis Team on (02) 8907 1610 before processing the payment. They will ask you a series of questions to help you make an informed decision about the transaction. Note: The risk of all card not present transactions resides with the merchant, not the bank or the cardholder.
This is when someone places an order, then cancels it and asks to be refunded to a different card, via bank transfer or in cash. They aren’t interested in buying your goods, but trying to get you to transfer money to them.
Eg: A customer makes a booking at your hotel. They call a few days later to cancel and request for the refund to be credited to a different card number or to a bank account because they have allegedly lost their card. Later you receive a chargeback for the original transaction.
What to do: Always refund to the card number that the transaction was made on. If the customer states they lost their card, advise them to contact their bank and raise a chargeback.
This is when a customer asks you to debit their card and transfer the funds to a third party. They aren’t interested in buying your goods, but trying to get you to transfer money to them.
Eg: An overseas customer places a large order of heavy items to be shipped overseas and requests shipment be made through their preferred shipping agent. They request you to debit their credit card for the cost of the shipping and transfer the funds to the shipping company via wire or bank transfer. The shipping container doesn’t arrive and you receive chargebacks for all transactions processed to the customer’s card.
What to do: Never process a transaction to pay for external third-party costs (costs not related to your business).
This is when a person tries to use a counterfeit card in store that will not tap or swipe because the information on the card is incomplete.
Eg: A customer is in store and trying to pay for a high-value item. The card they have presented you with isn’t working. The customer tells you this happens all the time and you should manually enter the card number. Later you receive a chargeback for the transaction.
What to do: Always dip, tap or swipe the card for card present transactions. If the card presented does not work, ask the customer for a different card. Never enter the card number manually.
Suspect a transaction is fraudulent?
Call Tyro’s Fraud Analysis Team immediately on (02) 8907 1610.
Want to know more?
Disclaimer: Tyro makes no representations and gives no assurances whatsoever in relation to the credit worthiness of any person presenting a charge card or the performance of any agreement or arrangement between the merchant and any person, body corporate or association conducting a charge card scheme.