Protecting your business against credit card fraud

The best prevention against credit card fraud is knowing what signs to look for, and educating yourself. There are a number of steps that you can take to protect your site against credit card fraud. From managing the security patches and updates on your own website effectively, to checking online order details, and verifying card holder information. 

Secure your website

Always ensure that your website is up to date and is using the latest version of your shopping cart software. Most shopping cart providers will notify their users via email, on their website, and via social media platforms like Twitter when a new patch or version of their software is coming out.


Some types of fraud can see a hacker, or scammer, gaining access to the back-end of your website. This is particularly easy if you aren't using a strong password as an admin user on your website. Always use a strong password, or passphrase, and make sure you change them on a regular basis. Your password needs to be unique, and should not be shared with other online accounts or users. If you have trouble remembering your passwords, there are a range of available products out there that will manage your passwords for you like LastPass. Just Google 'Password manager' to get started. 

Check the transaction details

Paystation users have access to transaction reporting, settlement reports, and can view transaction details in our admin portal on the 'Transactions' page. This means that you can ensure that the card holder details are correct and you're happy with the order details before sending any goods or delivering any services.

Check the card verification value (CVV or CSC) code 

Ecommerce and some MOTO transactions require a card holder to enter the 3 digit pin found on the back of a credit card. This is called the CVV or CSC code. Sometimes overseas card issuers will approve a transaction even though the card CVV code is not correct. Paystation provide reporting details on whether or not the CVV/CSC code is matched in a transaction giving you the ability to spot potential fraud before it affects your business.

BIN numbers

Paystation provide information on a card's issuer and country of origin. Use this feature to double check suspicious payments.

Things to look out for

Certain transactions might seem a bit off, and it's always a good idea to trust your intuition and make sure you're happy before finalising an order. Most often a fraudster will illegally obtain credit card data to either test out a card to see if it has funds on it, or purchase an item for resale on another site. Often these cards are stolen from a card holder and sold by fraudsters to other criminals online. They then use these cards to purchase goods on other websites. Often these cards are international, and if you see a spike in international card transactions for no good reason, then you may be the victim of credit card fraud. 

Country of origin

All cards have a BIN or IIN (issue number) which tells you what country and issuer a card comes from. This is the first six digits of a credit card. If you have a business that only provides a service to New Zealanders or Australians then it might seem a bit funny if you suddenly get an order from the US, UK, or another country. You can search a card's BIN in Paystation admin, or use a website like Binlist to verify a card's country and bank of origin. 

Delivery address

Check the delivery address and ask for proof of identity if the request seems illegitimate. Is the delivery address different from what you would expect? Has your customer asked you to send their goods to an address that has nothing to do with their location? For example, why would someone in the US buy an iMac or laptop from your store if they can get one cheaper with lower shipping costs in their same country. Asking simple questions like this can keep you and your business safe.

Phishing attacks

A phishing attack is most likely to come in the form of a counterfeit email purporting to be from one of the services you subscribe to like your bank, or even a social media site. Most often this email will tell you that you need to reset your password for some reason, but the email address or website you are directed to is likely to be a domain registered to a criminal enterprise. Some fraudsters use what's called phishing attacks to gain personal information and access your online accounts. Always be wary if you receive an email to reset one of your passwords if you haven't requested a password reset yourself. One tip is to check for common spelling or grammatical errors.

Set a maximum transaction limit

By setting your maximum transaction limit you can limit the amount that you would be liable for in the event of a charge back. If your store doesn't sell goods or services over a certain amount then there won't be a need for an excessively high limit.

We can help you

If you suspect you're being targeted then get in touch straight away. We can often put temporary BIN blocks, block IP addresses and block cards on your account at little notice, and have a range of tools we can implement.

Contact your bank

Contact your bank immediately if you've been the victim of credit card fraud. Tell them that you're using Paystation as your payment gateway and that we have been advised of the activity on your site or account.

Useful links



American Express

Association of Certified Fraud Examiners NZ 

Microsoft Safety and Security (Phishing Prevention Guidelines)

The State of Security (Phishing Prevention Guidelines)


Back to Top