Start accepting credit cards on your phone, iPad or desktop.
Virtual Point of Sale allow you to process credit card payments from your office desktop, laptop or tablet…
Are you paying a monthly fee and only processing a few payments per month?
OR do you need subscription based transactions?
Call us today for the solution or use the Contact us form.
SQID Payments provides an array of standard and customised merchant solutions for the acceptance of credit card payments from your customers.
- no software to install
- no monthly rental fees
- no expensive hardware
- simple to use, and funds settled direct to any Australian bank.
- send receipts via email or text message.
Learn more about Merchant Business Solutions
Protect your business
Merchants face various risks when accepting credit card transactions. This content has been developed to assist you to understand the types of risks you face and actions that should be taken to reduce the risk of loss.
One of the greatest risks to merchants is that of fraudulent transactions. If you are not careful, fraud can cost your business significant amounts of money. Certain types of merchants – based on the type of goods sold – are more prone to fraudulent transactions than others. Merchants should understand their likelihood of being targeted by fraud.
It is essential for merchants to have a sound understanding of credit card fraud, how it can be detected and how it can be prevented. These concepts are discussed below for the three broad types of credit card transactions:
- Card present (face-to-face) merchants;
- Internet merchants; and
- Mail Order/Telephone Order (MOTO) merchants.
Internet and MOTO merchants are commonly referred to as “Card Not Present” merchants where the credit card and purchaser are not physically present in the merchant’s shop at the time of purchase.
Examples include purchases where your customer provides their credit card details over the Internet, by fax, phone, or through the mail.
Note: Under no circumstances should you request that a customer provide credit card details via email for payment of the provision of goods and/or services, as noted in the Terms and Conditions of your Merchant Agreement.
Many fraudsters prefer to make Card Not Present purchases due to the anonymity afforded by these payment methods. Also, Card Not Present situations enable fraudsters to place orders over the Internet or via MOTO all over the world.
If they reside overseas, the chance of criminal prosecution is much lower, which is an added incentive to this type of fraudulent behaviour. A large amount of credit card fraud is committed in Card Not Present situations and the volume of this type of fraud is increasing at a rapid rate.
It is essential that you understand the term ‘authorisation’ – what it means, and what it does not mean.
What authorisation does mean:
- The account number is valid;
- The card has not been reported lost or stolen (although it may in fact be lost, stolen or compromised [card details improperly obtained or copied] and the card owner is unaware);
- There are sufficient funds available to cover the transaction.
What authorisation does not mean:
An authorisation does NOT confirm that the person providing the card number is the legitimate cardholder. The risk remains that the person providing the credit card number has either stolen or improperly obtained the card;
There is also the risk that the purchaser has compromised (improperly obtained) the card number, without being in possession of the card.
Although it is important to obtain an authorisation for each transaction, it does not protect you from the risk of fraud or chargeback. Risk of fraud remains even though authorisation has been obtained.
As a merchant, you face the prospect of receiving chargebacks. A chargeback occurs where the cardholder (or their bank) raises a dispute in connection with a transaction made through your business. If the dispute is resolved in favour of the cardholder, the transaction is charged back (debited) to your account. In other words, you lose the full sale proceeds.
Common reasons for chargebacks are as follows:
- Cardholder did not make the transaction (frequently an indication of fraud);
- Cancelled subscription transaction;
- Goods not as described;
- Goods faulty or defective;
- Failure to respond to voucher requests.
Chargebacks may also be made for a number of other reasons, including, but not limited to:
- Goods/services not received;
- Exceeding merchant floor limit without obtaining authorisation.
Chargebacks can generally be made by either the cardholder or their bank up to a maximum of 12 months from the transaction date, or from the date the goods or services should have been provided, where delivery was expected subsequent to payment. Card Not Present merchants face additional chargeback risks that do not apply to merchants transacting in a card present environment. Specifically, due to the purchaser not signing a sales voucher or entering their PIN at the Point of Sale. If the cardholder subsequently denies having made the transaction, you will generally be liable for the chargeback. This follows from the fact that you are unable to prove that the cardholder made the purchase. For this reason, it is essential that Card Not Present merchants take steps to identify the purchaser, and ensure that the transaction is legitimate. The ways in which you can do this are discussed over.
Verification of the purchaser
At all times, the onus is on you to verify the purchaser is the genuine cardholder. This applies to all merchants irrespective of the method by which credit card payments are accepted.
It is particularly important for Internet and MOTO merchants to identify the purchaser; however, Westpac recommends that merchants accepting credit card payment in a card present environment also take steps to verify the purchaser, especially for large purchases.
If you sell goods to a purchaser who is not the genuine cardholder, you may be liable for the chargeback.
It is emphasised that authorisation does NOT constitute verification of the purchaser – the transaction may be fraudulent even though authorisation is obtained.
All merchants using an Internet Merchant Facility must comply with SQID’s website standards. SQID reserves the right to decline, deactivate access or terminate merchants who do not comply with these requirements for the duration of the facility.
Your website must satisfy all of the following criteria:
- The trading name and the URL must not have any substantial differences in wording. This will maintain consistency and reduce any potential cardholder confusion;
- A clear description of the goods and services offered for sale;
- Contact information – trading name, Australian Business Number (where required), address;
- Telephone number and fax number where available;
- A clear explanation of shipping practices and delivery policy/timeframe;
- Transaction currency: SQID merchants can process AUD amounts only and may settle into AUD accounts only;
- Total cost of the goods or services purchased, inclusive of all shipping charges;
- Card Scheme brand marks are displayed wherever payment options are presented; Export restrictions (if any) – countries to which the merchant does not ship;
- A clear refund/return policy;
- Each merchant domain name must utilise separate payment pages. It is necessary to check that website links do not go to another domain name from which payments can be made in relation to goods or services offered through the first website;
- All information must be accurate in all respects.
Your website must not:
- Contain anything that constitutes or encourages a violation of any applicable law or regulations, including but not limited to the sale of illegal goods or the violation of export controls, obscenity laws or gambling laws;
- Contain any adult or pornographic content;
- Offer for sale goods or services, or use to display materials, that may be considered by a reasonable person to be obscene, vulgar, offensive, dangerous, or are otherwise inappropriate;
- Use unaccredited payment pages;
- Fail to use digital certificates (at least SHA-256) to establish a secure browser session (SSL).
Payment pages must be accredited by SQID or a SQID accredited service provider and must adhere to our security requirements.
You must use digital certificates (at least SHA-256) to establish a secure browser session between you and your customer (SSL).
You should not change the types of goods or services sold through your merchant facility without first providing SQID with written notice, and then receiving written consent from SQID confirming the change has been approved.
Securing your customer data
At SQID we are committed to providing our merchants with every assistance to help protect their business, and their customers, from the growing threat posed by high-tech criminals. Without a doubt this is one of the biggest challenges faced by business today. If you are a merchant who has access to, or stores credit card details in any format, or if you use a service provider who does, it is your responsibility to ensure that your customers’ payment details remain secure. It is important that you understand the measures which need to be taken to ensure the security of highly sensitive personal financial information.
SQID is dedicated to assisting you to make it as easy, convenient and secure as possible for you to do so. That is why we have provided a booklet entitled ‘Your Guide to the Payment Card Industry Data Security Standards (PCIDSS)’. It is designed to provide you with the information which will assist in protecting your business against potential financial liability, investigative costs and the risk of unwanted media attention. A copy of this booklet was provided when your enrolled as merchant, and if you want additional copies, please telephone our Merchant Business Solutions Help Desk on 1800 69 77 29. Alternatively, you may wish to request a copy by lodging a support ticket here with the subject heading of ‘PCIDSS Enquiry’.