14 June 2023
Terminal Fraud – are you a soft target?
5 min read
Your payment terminals are an absolutely crucial piece of business equipment. But they also create a point of vulnerability that criminals are increasingly keen to exploit. In the event your business is hit by terminal fraud and you haven’t followed security practices, or there was negligence in how your terminals were stored, the liability falls on you, the merchant.
This blog looks at 4 different forms of terminal fraud, along with a list of 5 steps you can take to make sure your business is not a soft target.
4 kinds of terminal fraud to look out for
Here are four types of terminal fraud to be on guard against. All of them can cost significant financial losses for any business.
Terminal theft is a growing problem as more and more thieves target small businesses.
It is important to keep your terminals secure to prevent theft, which can lead to fraudulent transactions. If a terminal is stolen, it can be used by criminals to process refunds to their own cards and withdraw money from your account, resulting in significant financial losses for your business.
Instead of physically stealing the terminal, this scam relies on making multiple refunds in-store while staff members are distracted.
Just as the first scammer is about to insert their card into the terminal, a second scammer lures the staff member away using various distraction techniques. Free from staff oversight, the first scammer cancels the transaction and processes several refunds to their card.
Before the staff member can check the original sale, the first scammer will ‘change their mind’ and make a rapid exit. At the end of the day, the business will end up with several unusual refunds that don't match purchases.
Imagine losing a whole day's takings to scammers.
Like terminal theft and refund scams, terminal swaps rely on one scammer distracting your staff. Another scammer then swaps your payment terminal with a compromised machine. Payments to your business are then diverted to the scammer's account. As with other Terminal Fraud, businesses usually don't notice anything wrong until they do their returns at the end of the day.
We want to be able to trust our employees 100%. But sadly, sometimes, this trust may be misplaced. Refund scams are often committed by employees crediting fraudulent refunds to their own accounts or their family or friends.
As we can see, scammers can use many ways to target your terminals. But at the same time, there are many things you can do to lessen the risk.
5 ways to protect your business from terminal fraud:
1. Secure terminals wherever possible
Terminal theft, refund fraud and terminal swaps can happen during busy periods, so vigilance is recommended, and terminals should never be left unattended.
Physical payment terminals should be stored securely during and outside trading hours, with at least one staff member monitoring terminals at all times.
Ensure terminals are always visible while issuing refunds and are never solely left with the customer.
2. Be vigilant for attempts to distract your staff during payments
Tell your team to report suspicious behaviour to management immediately and keep any CCTV recordings.
3. Use PIN access for refunds
Change to PIN access for refunds on all card terminals – this will help prevent refunds from stolen terminals or while staff members are distracted.
4. Limit PIN access for refunds
Limit the number of staff who can authorise refunds.
5. Update refund PINs regularly
This can help to reduce the temptation and incidence of employee fraud.
Don’t be a soft target
Finally, it’s important to remember that liability falls on the merchant if steps are not taken to follow security advice or if terminals are negligently stored. Payment terminals are gateways to financial payments – so make sure yours are not a soft target.
Adopting a defensive mindset and introducing best practices dramatically reduces your risk of falling victim to terminal fraud.
If you'd like to discuss anything covered in this blog or speak to someone about how to secure terminals or set up PIN access for refunds, please reach out to our support team via email.