Two customers to a Gold Coast cafe have brazenly scammed the business out of $2500 in a sophisticated scam using the merchant’s own EFTPOS machine.
The two men came to the counter after finishing their meals, one of them taking the EFTPOS terminal off the staff member to pay while the other patiently waited.
How did they do it?
The price of their meal was $25 and the price was entered into the machine by the staff member. Unbeknownst to the staff member, after she handed the machine to the customer, he cancelled the transaction by removing the card which happened to be a stolen credit card.
Then, he started a new transaction by entering in numbers from the stolen credit card, according to the owner of the business.
He entered a new price for the transaction of $2500.
After the payment cleared, the perpetrator told the server he’d been overcharged and wanted a refund.
He then used one of his own credit cards to receive the $2500 refund. Afterwards, they went to a nearby ATM to withdraw the stolen cash.
A scam that exploits a little-known loophole
After being informed of the scam from his bank, the cafe owner was advised that his business was at fault by processing a stolen credit card even though they were unaware it was stolen.
This latest scam has renewed calls for the need of a merchant pin to be entered into an EFTPOS machine before payment is processed.
What do I need to look out for?
If your business receives a high number of EFTPOS transactions, you can minimize your risk of being scammed by being mindful of how long a customer is using the machine and by asking customers to try contactless payment first before considering other options.