Merchant Fraud
and Chargeback
Prevention Guide
INTRODUCTION
At Smartpay, protecting our customers against Chargebacks and Fraud is of the utmost importance to us.
Fraud can cost your business significant amounts of money, and certain types of merchants – based on the types of goods or services sold – are more at risk of fraudulent transactions than others. We believe it is essential for you to have a sound understanding of credit card fraud, how it can be detected and how it can be prevented. We have prepared this guide to give you a range of precautions and advice you can take to minimise these risks and continue to do business confidently and prosperously.
You can print off a copy of this guide in PDF format here.
What is a Chargeback?
A Chargeback is a reversal of a card transaction and usually occurs when a cardholder raises a dispute with their financial institution (also known as the Issuer) in relation to a purchase made with their credit or debit card.
The processing and investigation of Chargebacks are governed by the Schemes (i.e. Visa, MasterCard or American Express). This includes time-frames, transaction processing requirements and the acceptable documentation that banks and acquirers (such as Smartpay) must submit.
A Chargeback may result in the amount of the original sale and a Chargeback fee to be deducted from the merchant’s account. The reasons why Chargebacks occur may vary, however, they are generally the result of customer dissatisfaction with their purchase or because of unauthorised or fraudulent use of their card.
Most common reasons for Chargebacks
Chargeback Reason | Why this has happened? |
Unauthorised / Fraudulent Transaction | Cardholder did not authorise the transaction, the transaction is fraudulent |
The cardholder does not recognise the transaction |
This can occur when a cardholder does not recognise your trading name on your credit card statement. Tip: you should always trade under the same name you have provided for your merchant facility and ensure it appears on your transaction receipts. |
Processing Error |
Cardholder / Issue believes the transaction has been processed incorrectly. Common scenarios include:
|
Duplicate/Multiple processing | Cardholder claims transaction for same goods/services was processed more than once. |
Non-receipt of goods/services | Cardholder claims goods/services for the transaction has not been received/rendered to the agreed-upon location or by the expected delivery date. |
How does Smartpay notify me when a Chargeback has been filed against me?
When Smartpay is notified that a cardholder has filed a Chargeback against you, we send an email to the address that you nominated for financial notifications. It’s important that you check this email address on a regular basis.
What is the Chargeback/ Dispute process?

Email us at
merchant.services@smartpay.com.au
Mail us at
Smartpay Pty Limited, Level 2, 117 York Street, Sydney, NSW 2000. Attn: Merchant Services
What evidence can I provide to support my Chargeback dispute?
Evidence required to refute the Chargeback | You may be liable for Chargebacks if: |
Receipts for all card-present transactions by the required timeframes and all surrounding information including one or more of the following:
|
|
Transaction receipt and all other related documentation to provide the transaction was processed:
|
No legible transaction receipt and documentation is provided to prove the transactions were processed accurately |
Two separate transactions receipts or other records to validate separate transactions Documentation to show that a refund was processed to offset the disputed transaction through the same payment channels the cardholder used to make the original payment
|
You are unable to provide evidence to support separate transactions You accidently processed the same transaction twice or more for the same purchased goods and/or services You did not process a refund via the same payment channel as the disputed transaction |
Signed documentation to prove that the cardholder or cardholder authorised recipient received the merchandise/service by the expected delivery date and at the agreed location |
Goods and/or services were not received by the appropriate recipient at the agreed location by the expected delivery date You are unwilling or unable to provide the goods/services and have not refunded the cardholder via the same payment channel as the disputed transaction |
Best practices for avoiding Chargebacks
Being Identifiable
Use a clear trading name on your receipts that the customer will recognise.
Keeping Records
Keep records about the transaction and your customer, including email or other correspondence.
Clear Documentation
Provide legible documentation when responding to retrieval requests, ensuring you can see the truncated card number, transaction date and transaction amount
Keeping your customer informed
Make sure your customer is aware of a cancellation or refund policy in writing and have your refund / cancellation policy clearly printed on the transaction receipt.
Customer Service
Respond promptly to requests for Eftpos receipts and Chargebacks
Do not accept declined transactions.
Note: Do not split a declined transaction into smaller amounts to avoid authorisation, as this may result in a Chargeback.
Use your best sense of judgement
Verify the details of customers placing large or suspicious orders
Getting proof for deliveries
If you have a delivery component to your business. Always get signed proof of delivery and for delayed delivery make sure you get a signature from the cardholder at the point of delivery.
Card Present Transactions
Insert / tap the customer’s credit card through your terminal and ensure you obtain a signature from the cardholder for transactions.
Card Not Present Transactions (MOTO)
Obtain as much information about the cardholder as This can include full name, address, phone numbers, email address, credit card number, name of bank, expiry date, CCV, company name etc.
Card Present Fraud
What to check | What you’re looking for |
Before you start a transaction, check that: |
|
Check on the front of the card that: |
|
Check the embossing is: |
|
Be alert for customers acting suspicious or who: |
|
Chip card processing
Chip Cards are MasterCard® and Visa (credit and debit) cards that are embedded with a security microchip that provides further protection to help lower the risk of fraudulent transactions and Chargeback disputes. Look at the card and if there is a Chip, always insert the card into the chip reader at the first instance.
As with any other transaction, a degree of caution must also be exhibited when processing chip card transactions. If:
- The terminal displays “Insert Chip” when the card is swiped through the terminal and the card in question does not have a chip on it, do not proceed with the transaction
- The terminal displays “Insert Chip” and the chip – when inserted – cannot be read by the terminal, do not proceed with the transaction
If you’re suspicious of a transaction:
- Ask for photo identification (e.g. a driver’s licence or passport) and check that the details match the Cardholder’s name appearing on the card
- Record the details on your copy of the printed Transaction Voucher
Don’t risk it: If you remain suspicious about the transactions, refund the credit transaction and ask your customer for a direct deposit or some other form of payment (particularly for large value sales).
Card-not-present Credit Card Fraud (MOTO)
Any credit card transaction where the card and/or cardholder is not present (Mail Order / Telephone Order – MOTO) poses a higher risk to your business. Being vigilant about unusual spending or behaviour can help you identify early warning signals that something may not be right with an order. While the following situations or scenarios may occur during a valid transaction, combinations of these may be cause for alarm. Common sense and instincts should be your guide. Follow these security checks to minimise the risk of fraud and Chargebacks when processing card-not-present transactions involving mail, telephone or Internet (eCommerce) orders.
Common indicators of fraud:
- Payments to a third party: When your customer requests a payment be made to a third party from the card payment to you, usually by Western Union Transfer, often disguised as a freight or logistics cost
- Multiple card details: When multiple card details are presented or multiple declines occur within a short period of time
- Split transactions: When you are requested to split transactions over a number of cards
- Large or unusual orders: When items are ordered in unusual quantities and combinations and/or greatly exceed your average order value
- Email addresses: Be wary of customers using a free email service (i.e. yahoo, hotmail, g-mail) This is a potential risk as they do not require a billing relationship or verification that a legitimate cardholder opened the account
- Delivery addresses: Exhibit caution with orders that are being shipped to international destinations you may not normally deal Delivery to Post Office Boxes can also indicate potential fraud
- Freight: orders requesting express freight can be a fraud indicator as they want to obtain the goods as quickly as possible
- IP addresses: Record and check the IP address of your online customers – you may find their IP address is not in the same location they claim to However, it is important to note that sophisticated fraudsters often hide their IP address
- Unlikely orders: Orders are received from locations where the goods or services would be readily available locally, or you receive an order for additional products that you do not normally see (i.e. Mobile Phones)
- Refund requests: Specifically, when orders are cancelled and refunds are requested via telegraphic transfer, Western Union Transfer, or to an account other than the card used to make the purchase
- Numerous orders: A small value order followed by a large order a few days later can indicate possible Often, fraudsters will place a very small order to begin with, hoping this will not be questioned and go undetected. Once they know the first small fraud transaction has gone through, they will place orders for larger value goods hoping this still won’t be questioned as they are now an established customer
- Lack of customer details: g. no phone numbers, no residential address, etc.
- Phone order to be picked up: Be wary of customers wishing to pay for an item with credit card over the phone, but pick up the goods from your store, which lets them make the purchase without providing personal information (i.e. shipping, billing address), and the same card-not-present risks apply
When taking an order, as well as obtaining the credit card number, expiry date and full name, we recommend you also obtain the following:
- Cardholder’s physical address
- Cardholder’s contact phone numbers including landline contacts
- The name of the Card Issuing Bank and the country the card was issued in
Trust your instincts!
If a sale seems too good to be true, it probably is. All too often what a merchant might think is a great sale will turn out to involve some type of fraud. Take the time to properly investigate overseas orders from customers with whom you have never done business. That bit of extra work may well prevent you from becoming the victim of a fraud scheme and having to bear any associated Chargebacks.
Refund Fraud
Unfortunately, refund fraud through a merchant terminal can be quite common. Refund fraud involves employees processing refunds (credits) to their own credit or debit card via your EFTPOS terminal. Essentially, this is removing funds from your business’ bank account and placing those funds into the employee’s account.
Smartpay has put measures in place to help protect your business from this type of fraud.
Ways to safeguard against refund fraud include:
- Strictly controlling access to your EFTPOS terminal for authorised staff only
- Printing and checking your daily summary from the terminal to help identify large/unusual refunds
- Ensuring you change your Refund password regularly and limit who has access to the password
- Always balancing EFTPOS settlement and refunds
A merchant’s website responsibilities
Offer accurate descriptions on the goods or services you’re selling.
Give clear explanations of shipping practices and delivery policy / timeframe.
Relevant refund / return policy ensure it complies with the relevant consumer law.
Displays total cost of the goods or services purchased (including shipping charges).
Avoids cardholder confusion by making sure the URL and trading name are not significantly different or confusing.
Contains the security capabilities and policy for transmitting payment card details.
Clearly explains your consumer data privacy policy, e. – what you do with any customer information you collect.
Contains all required contact details – trading name, address and Australian Business Number (ABN) where applicable.
Securing Your EFTPOS Terminal
Your Smartpay EFTPOS terminal is equipped with a number of built-in security features designed to protect your customers’ information. By implementing the recommended best practices below, you can help protect your business, your customers and your reputation from credit and debit card fraud or mis-use.
Notify Smartpay Merchant Services on 1800 433 876.
- Your Eftpos terminal is missing
- You, or any member of your staff, is approached to perform maintenance, swap or remove your Eftpos terminal without prior notification from Smartpay and/or Security Identification is not provided
- Your Eftpos terminal prints incorrect receipts or has incorrect details
- Your Eftpos terminal is damaged or appears to be tampered with
Recommended best practices – Always ensure
Terminals are secure and under supervision during operating hours (including any spare or replacement Eftpos terminals you have)
Only authorised employees have access to your Eftpos terminals and are fully trained on their use
Your Eftpos terminals are securely locked and not exposed to unauthorised access when closing your store
Only authorised Smartpay personnel are permitted to maintain, swap or remove your Eftpos terminal, and always ensure that security identification is provided
Your Eftpos terminal is never maintained, swapped or removed without notice from Smartpay. Be aware of unannounced terminal service visits
You inspect your Eftpos terminals on a regular basis and check that the terminal casing is whole with external security stickers remaining unbroken and of a high print quality
There are no additional cables running from your Eftpos terminal
Your software is updated to the latest version
Any CCTV or other security cameras located near your Eftpos terminal(s) cannot observe Cardholders entering details
Money Laundering
Money laundering is a serious breach of your Merchant Agreement and exposes your business to major financial loss. Put simply, laundering involves a merchant processing transactions on behalf of another merchant. Laundering is to be avoided at all costs – even if you’re offered an attractive inducement such as a percentage of the transaction.