|
Topic
|
Description
|
Downloads and
Links
|
|
First steps in protecting your
business
|
Your
merchant facility is an excellent way to increase your business turnover,
not only providing you with additional payment channels without taking on
your client’s credit risk, but also providing new revenue models such as
subscriptions and standing orders.
There
are technologies, regulations and procedures that come with these services
which you need to be aware of and work into your daily business operations.
The
Merchant Agreement provides you with a description of the rules that have
been established to protect you as a merchant and your clients as
cardholders.
The
Procedures Guide provides information on merchant ‘best practices’ to use
in your daily business operations.
|
Merchant
Agreement (PDF 1MB)
Procedures
Guide (PDF 390KB)
|
|
Merchant
Data
Protection Program
PCI DSS
Payment Card Industry
Data Security Standard
AIS
Account
Information Security
SDP
Site Data
Protection
|
There
are numerous ways for criminals to access cardholder details. And there are
just as many ways card details could be used in criminal activities,
including re-selling items in an underground market or aiding terrorism.
This
program provides a minimum standard in securing card details during
transaction processing and storage.
CyberTrust
is the Commonwealth Bank’s key partner in providing the Merchant Data Protection
Program. CyberTrust is a world leader in card data security compliance
certification and advisory.
Other
excellent resources for obtaining information about IT security are
Standards Australia, providing the following and many other related standards:
o
HB 171-2003: Guidelines for the management of IT
evidence
o
HB 231:2004: Information security risk
management guidelines
o
AS/NZS ISO/IEC 17799 :2001: Information
technology - code of practice for information security management
Australian
High Tech Crime Centre provides a national co-ordinated approach to
combating high tech crimes and supports efforts to protect the National
Information Infrastructure.
Australian
Computer Emergency Response Team (AusCERT) provides strategies to members
for computer incident prevention, response and mitigation, as well as a
national alerting service and an incident reporting scheme.
|
PCI DSS
Pamphlet (PDF Size 56KB)
PCI
DSS Standard [PCI Security Standards Council]
Steps for staying PCI DSS compliant- released by VISA
MasterCard Merchants Security Resource Centre
Visa Account Information Security Centre
Cyber Trust
Standards Australia
Australian High Tech Crime Centre
Australian Computer Emergency Response Team
|
|
Business Risk and Mitigation
Program
Reputation
Brand Protection
Community
|
An
initiative where compliance is mandatory for all merchants.
The
program disallows transactions that include:
o
processing for other businesses
o
sales of counterfeit goods
o
sales of gambling services
o
non face to face sales of prescription
pharmaceuticals
o
non face to face sales of tobacco products
o
sales of extreme adult content, goods and services.
|
BRAM Pamphlet (PDF Size 94KB)
|
|
Reducing
exposure to fraud & chargebacks
Zero floor limit for Card Not Present
transactions
VbV
Verified By Visa
MCSC
MasterCard Secure
Code
CVC2
Card Validation
Code 2
CVV2
Card Verification
Value 2
|
There are many
opportunities to grow your
business using
mail, telephone, IVR and Internet payment channels. We have solutions
available for all of these.
When considering
these channels, however, you will need to be aware of some risks. There is
a disproportionate amount of fraudulent activity and customer disputes for
payments received through these channels.
As the merchant,
you are liable for
this risk.
Therefore, it is important that you
understand the
extent of these risks and
ways you can
minimise them.
VbV,
MCSC, CVC2 and CVV2 are card security mechanisms that can help your
business reduce your exposure to fraud.
The
Bank’s CommWeb service has VbV, MCSC, CVC2 and CVV2 capability.
|
Frequently Asked
Questions Chargebacks (PDF Size 37KB)
Reducing
Chargebacks and Fraud Booklet (PDF Size 855KB)
Zero
Floor Limit for Card Not Present (PDF Size 56KB)
Verified By Visa
MasterCard Secure Code
CommWeb
|
|
Other card related
issues
Skimming
Phishing
Identity
theft
|
We
have listed some further materials in relation to issues confronting
consumers and merchants alike.
Skimming
is the making of an illegal copy of a credit card or a bank card, while the
original card was being used. Typical methods of skimming involve the use
of a modified reader that reads and stores all the information on the
magnetic stripe of the original card.
Phishing is a form of Internet fraud where a dummy
website is created resembling that of a legitimate organisation, typically
a financial institution such as a bank or insurance company. An email is
sent requesting that the recipient logs on to the dummy website by clicking
a link or image. If the user clicks-through from the email, they are
presented with a replica of a website they trust. The aim of this type of
fraud is to obtain access codes to online transaction services or credit
cards.
Identity theft occurs when somebody steals your name
and other personal information for fraudulent purposes. Identity theft is a
form of identity crime, where somebody uses another’s identity to commit a
crime.
|
Some
facts about Skimming (PDF Size 57KB)
Some
facts about Phishing (PDF Size 58KB)
Some facts about Identity Theft (PDF Size 48KB)
|
|
Chip Cards
and EMV
|
The
Commonwealth Bank is currently planning the upgrade process for its EFTPOS
terminals to meet the EMV standards. This upgrade will allow chip cards to
be processed using the chip instead of the magnetic stripe.
|
Chip Cards & EMV – What you need to know
(PDF Size 128KB)
MasterCard
Visa
EMVCo
EMV Video for Merchants
|
|
Other
banking services
Telephone Banking
Cheques
Passbooks
ATMs
|
Security
aspects need to be considered with all of your other banking services.
A
summary of key points to look out for are listed on the Commonwealth Bank
web site Fraud and Security page.
|
Fraud and Security General Information
|
