Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

YOUR GUIDE TO CARD SKIMMING

Help protect your business against card skimming with these top tips.

What is card skimming?

Card skimming is a crime. Criminals use sophisticated skimming techniques to steal or skim data from a customer’s card when it’s processed through an EFPOS terminal. A more experienced criminal will try to get a customer’s PIN at the same time. Once they have this information, criminals use the stolen data to create fake cards and withdraw funds at ATMs. 


How are cards skimmed? 

An EFTPOS terminal does not save a customer’s card or PIN. To skim cards in your store, a criminal would need to steal your terminal, make changes to it, and put it back, or swap your terminal with one they have already modified. Either way, they need access to your terminal, so it’s important to guard it like you would cash.  


How do I safeguard against skimming? 

You can reduce the risk of skimming by checking your EFTPOS terminal daily to ensure it: 

  • Looks the same as before and has no damage 
  • Has the same type and number of cables 
  • Has the correct serial number 
  • Prints receipts with the right business name and address 
  • Is clear of any hidden camera. 

 

How can I report card skimming? 

If you suspect card skimming, you must report it immediately to the Merchant Helpdesk on 1800 029 749 (24 hours a day, 7 days a week) or contact your Relationship Manager directly.

What is card testing?

Card Testing happens when third parties try to use your business website to determine if stolen credit card details are valid. Criminals will test small value payments using stolen credit card details to determine if a transaction will be approved using those details. The approved cards are then used to defraud another merchant for a larger amount.  


How can I prevent card testing attacks? 

There are programs on the market that can help to prevent card testing attacks on your website. 

  • Captcha1. Captcha is a type of challenge or response test used to check if the user is human. Contact your Online Payment Gateway provide and ask them to add Captcha to your payment or checkout page.  
  • Fraud Guard1. Fraud Guard helps to detect and block fraud for your business. Contact your Online Payment Gateway to see if Fraud Guard is available. 
  • 3D Secure1. 3D Secure is a protocol that provides extra protection for merchants and customers for online payments. 3D Secure is used to authenticate the cardholder during payment processing, like entering a PIN for an ATM or EFTPOS transaction. Contact our Merchant Helpdesk on 1800 029 749 to see if you can use 3D Secure 


How else can I protect my business from card testing? 

Talk to your Online Payment Gateway Administrator for help with: 

  • Identifying and blocking IP addresses from fraudsters  
  • Deleting and blocking member accounts that fraudsters are using 
  • Refunding any approved fraud sales back onto the original card.  

For more information, call your Online Payment Gateway provider or contact our Merchant Helpdesk on 1800 029 749

Things you should know

1. These are products and services offered by third parties.  Westpac does not guarantee or endorse these products or services.