Q&A with Suncorp Bank’s Financial Crimes team

Alex Cherniakov from Suncorp Financial Crimes tells us about the latest fraud trends and ways you can help fight Fraud.


How do businesses lose money through EFTPOS fraud?

There are two main ways fraudsters continue to impact our merchant customers:

1. Fraudsters pick up an item from your store, walk up to the register, insert their card into the EFTPOS terminal but their transaction gets declined. They quickly laugh it off as ‘it happens all the time’ and ask you to key the card number in to the terminal, instead of inserting the card. Transaction then gets approved and fraudster walks away with the goods.

The trick is the physical card they have in their hand is just a dummy card with stolen card number credentials printed on it.

It’s important to remember, if you key a stolen card number into the EFTPOS terminal and the transaction is later disputed, you are liable to pay it back. You can help protect yourself by only ever inserting or tapping the card on your terminal.

2. Involves businesses accepting an online or email orders from fraudsters, value of orders tend to be for large sums. There are few red flags such as:

  • An order is larger than your usual sale or from a new customer;
  • An order comes from a free email service that does not generally require billing relationship or identification validation;
  • A rushed order or where you are pushed to quickly come back with a quote and send out the goods;
  • You are requested to either ship goods to an international address or organise payment for shipping;


One red flag is an indicator for you to be careful, but be suspicious if several of these indicators have been met.  As a quick rule of thumb ask yourself – Can my business sustain the loss if this transaction was to be fraudulent?

Remember, an approved transaction confirms the card number is valid and the funds are available, it is not necessarily authorised by the genuine cardholder.


Who is likely to be a target of merchant fraud?

If you have any online presence (a website or a social media page), you are a target. We see both new businesses and very well established businesses turned into victims. ‘This won’t happen to me’ attitude unfortunately catches people every day.

Businesses currently targeted by fraudsters are hairdressers and beauty salons; restaurants and take-aways; towing companies and auto-mechanics; but we’ve also seen increases in motels and retailers that sell ‘easy to resell’ items such as computers and camera equipment, in the last 6 months.


Fraudsters can be people you know.

Many of our customers that were defrauded by their own staff.

It is not uncommon for customers to disclose their merchant facility refund password to all staff and never change it, even when staff leave their business.

We had a case recently where an ex-staff member came in and refunded as much as he could to his card for 4 days in a row. While the staff member was no longer employed by the business, he was friendly with everyone at the store so had easy access to the terminal and of course he knew the refund password.

It is very important to only disclose refund password to senior staff or managers and change it on a regular basis. Never make your password easy to guess – 0000 or 1234 is unacceptable.


What’s your number one tip for our customers this festive season?

If something sounds too good to be true – it is.

Whether someone approaches your business with an extremely large order that sounds too good or someone calls you offering you a great deal, don’t jump at the opportunity – make sure it’s legitimate first.