Security is our number one priority

We are the security experts so it’s our responsibility – not our customers’ – to keep payments safe and data encrypted. Tyro was the first and only Australian EFTPOS provider who was successfully validated against the Payment Card Industry Data Security Standard (PCI-DSS). These standards define security practices to enhance payment card security. The PCI Council also manage two other major security standards.

PIN Transaction Security Standards

These standards ensure the security of a cardholder’s PIN entered via an EFTPOS terminal.

Payment Application Data Security Standards

These standards define how software vendors write secure applications that handle card data.

How we keep payments secure

At Tyro, we believe it’s our responsibility to ensure payment security. Therefore:

  • All Tyro terminals are PCI-PTS compliant.
  • We never share any cardholder data with the Point of Sale (POS), so the POS is also out of scope for PCI PA-DSS.
  • We never share any cardholder data with the merchant.
  • All cardholder data is encrypted on the Tyro terminal and the merchant has no way of decrypting this data.
  • Tyro terminal PIN pads are protected with a unique key entry shield to increase privacy.

You should also use the current self-assessment form to see how you compare against the PCI-DSS recommendations.

How to protect yourself

In addition to compliance, these are additional precautions to protect your business from security threats.

Data theft prevention

Data theft prevention

Protecting cardholder data is vital. If fraudsters get their hands on the PIN and other authentication data, they can impersonate the cardholder, use the card, and steal the cardholder’s identity.

Use firewalls

Put a wall between you and online hackers with an effective firewall.
Make sure your operations are in line with security best practices by visiting Stay Smart Online.

Antivirus software

Use anti-virus software

Your POS system and any mobile devices that connect to the same network as your EFTPOS terminals should have anti-virus and anti-malware software installed.

Useful security links

Ways to safeguard against fraud

Be aware that fraud can happen. Here are some of the warning signs for potentially fraudulent transactions and some ways to safeguard against the risk.

  • Request for the card security code for MOTO orders
  • Search for customer’s name and contact details online
  • Check if the phone number is registered
  • Call customer for order verification
  • Ask customer to email or fax a copy of their driver’s licence
  • Send goods by courier to be signed for upon receipt
  • Follow guidelines as stated in our Merchant Agreement

Remember – just because the credit card seems legitimate, does not mean that the person providing the card or card number is a legitimate card holder. If you unsure about a transaction, call Tyro’s Fraud Analysis Team on (02) 8907 1610 or email

Types of fraud

The most common type of card fraud is when someone places an order over the phone or via email using one or more stolen card numbers. The actual cardholder is unaware their card details have been compromised until charges from your business appear on their statement.

If suspicious, call Tyro’s Fraud Analysis Team on (02) 8907 1610 before processing the payment. They will ask you a series of questions to help you make an informed decision about the transaction. Note: The risk of all card not present transactions resides with the merchant, not the bank or the cardholder.

This is when someone places an order, then cancels it and asks to be refunded to a different card, via bank transfer or in cash. They aren’t interested in buying your goods, but trying to get you to transfer money to them.

Eg: A customer makes a booking at your hotel. They call a few days later to cancel and request for the refund to be credited to a different card number or to a bank account because they have allegedly lost their card. Later you receive a chargeback for the original transaction.

What to do: Always refund to the card number that the transaction was made on. If the customer states they lost their card, advise them to contact their bank and raise a chargeback.

This is when a customer asks you to debit their card and transfer the funds to a third party. They aren’t interested in buying your goods, but trying to get you to transfer money to them.

Eg: An overseas customer places a large order of heavy items to be shipped overseas and requests shipment be made through their preferred shipping agent. They request you to debit their credit card for the cost of the shipping and transfer the funds to the shipping company via wire or bank transfer. The shipping container doesn’t arrive and you receive chargebacks for all transactions processed to the customer’s card.

What to do: Never process a transaction to pay for external third-party costs (costs not related to your business).

This is when a person tries to use a counterfeit card in store that will not tap or swipe because the information on the card is incomplete.

Eg: A customer is in store and trying to pay for a high-value item. The card they have presented you with isn’t working. The customer tells you this happens all the time and you should manually enter the card number. Later you receive a chargeback for the transaction.

What to do: Always dip, tap or swipe the card for card present transactions. If the card presented does not work, ask the customer for a different card. Never enter the card number manually.

Suspect a transaction is fraudulent?

Call Tyro’s Fraud Analysis Team immediately on (02) 8907 1610.

Want to know more?

Disclaimer: Tyro makes no representations and gives no assurances whatsoever in relation to the credit worthiness of any person presenting a charge card or the performance of any agreement or arrangement between the merchant and any person, body corporate or association conducting a charge card scheme.