Security
at NAB
Protecting you from
the risk of fraud
and scams
V1.10
�Protect your business online
Secure ways to bank
Customers expect a secure, quick and convenient experience when they shop online. To help merchants
face the growing threat of e-commerce fraud, NAB provides a secure channel that keeps your business
and customers safe.
Free fraud prevention tools that protect For more information about EMV 3-D Secure or how
your business. to register, speak to your Transactional Specialist.
reCAPTCHA EMV 3-D Secure
When a fraudster wants to use stolen card information Working with Visa Secure and Mastercard® Identity
for purchases, they look for vulnerable websites to ‘test’ Check, our EMV 3-D Secure service provides a secure
with automated scripts or ‘bots’. This is also known as a channel to process online card payments for your
Bank Identification Number (BIN) attack. business.
reCAPTCHA, a free tool from Google, can tell humans and Additional layers of verification authenticate the
bots apart to help make your site less vulnerable to these cardholder, to make the process secure, effective
kinds of BIN attacks. and seamless for stakeholders and customers.
And for added security, it also aims to reduce fraudulent
NAB Transact risk management
transactions and chargebacks.
Our free tool provides you with the opportunity to
identify potentially fraudulent e-commerce transactions
EMV 3-D Secure benefits
before they occur to help minimise chargebacks and
write-offs. • Reduce fraudulent disruptions that affect your
business and cardholder’s experiences
• You set up your own risk scoring rules from within the • Improve cardholder engagement and loyalty
NAB Transact management portal
• Create good customer experience and repeat
• The system automatically detects high risk shoppers
transactions based on your scoring rules and can be
set to decline those transactions • Drive revenue by reducing shopping cart
abandonment
• Transaction patterns are analysed in real-time to
provide immediate protection • Improve sales with better transaction completion
rates and higher approvals rates
• You can view risk score results in the NAB Transact
Management Portal to streamline your Risk How EMV 3-D Secure works
Management rules
1. Cardholders make an online purchase.
• You can choose to be notified by email if a transaction
2. To confirm the purchase is being made by the actual
is flagged as high risk
cardholder, EMV 3-D Secure sends the issuer data
about the transaction including, payment method and
device information.
3. The issuer reviews the data, provides the
authentication and processes the transaction.
4. The issuer can also choose to authenticate
cardholders with a one-time passcode (OTP),
knowledge-based questions, biometrics or
other methods.
2
�Terminal security
Safeguard your business from payment scams
One of the best ways to protect your business is to be hyper aware of payment fraud. Learning about
common terminal scams and card fraud can help you reduce the risk of costly chargebacks.
Terminal takeover Terminal security tips
Having physical possession and control of a merchant • Educate front-line staff about fraud, payment scams
terminal is also known as ‘terminal takeover’. In situations and the risks associated with your terminal.
where the manual key function is enabled, scammers can • Keep terminals behind the counter or on the person of
re-key transaction amounts or pay for goods and services your employees.
using a stolen card number.
• Don’t allow customers to edit or manually enter
The fraudster can benefit by: transactions and disable the manual key entry
1. Entering or ‘hand-keying’ the details of a stolen card feature on your terminal, if you don’t require it.
into the terminal to make a significant purchase and • Set a strong terminal password and activate the
leave with the goods lock feature when the terminal is unattended.
2. Entering or ‘hand-keying’ the details of a stolen card • Keep a list of your terminals, including their make,
into the terminal for an amount significantly larger model and serial number. Check these daily.
than the original amount and then demanding an
• Inspect your terminals for any changes or evidence
immediate refund onto another card
of tampering.
Terminal theft • Ensure you change the default PIN on your terminal for
This is when criminals steal the physical terminal, refunds, and keep the PIN function enabled.
by switching it with a fake identical terminal.
Card payment tips
Criminals will then attempt to process refunds to their • For contactless transactions, ask the cardholder to tap
own card with the potential added risk of: the card against the contactless card reader and, if
1. Processing compromised cards, exposing merchants prompted, enter the PIN.
to chargebacks and, • Always swipe or insert the card through your terminal
2. Refunding the unauthorised settlements from yourself and only have the cardholder enter their
the compromised cards to their own card PIN when prompted.
3
�Merchant chargebacks
Save yourself from costly chargebacks
A chargeback is when a cardholder disputes a card transaction. To reduce costly chargebacks,
it’s important to understand the process and each party’s involvement.
Merchant chargeback rights Security tips
When a cardholder disputes a transaction, the merchant • It’s important to keep all documentation about your
must provide evidence of the transaction. This includes transactions. This makes it easier to respond to any
the process of authentication and authorisation of the ‘retrieval requests’ if a transaction is disputed.
cardholder and transaction. • Visa and MasterCard rules request that a PIN or
If the merchant can’t provide legitimate evidence of the signature be obtained during a transaction, except for
transaction and cardholder, then a chargeback is made contactless transactions. That means, Card Not
against the merchant for the funds. Present transactions like online payments, are always
liable for a chargeback.
Common reasons for chargebacks are:
• Never accept payments on behalf of third parties or for
• The cardholder did not make the transaction (usually services you don’t provide.
because of fraud)
• Don’t agree to forward payments or funds to other
• Cancelled recurring transaction businesses or people.
• Goods not as described, faulty or defective • Watch out for customers who say they can’t be
• Failure to respond to voucher requests contacted or unable to view the goods being
purchased.
How we handle chargebacks • Reduce your liability with EMV 3-D Secure for
When we’re notified of a chargeback, NAB will request e-commerce transactions.
some information from you. If you want to defend the
cardholder’s dispute, it’s your responsibility to respond Electronic chargeback reporting
with a valid answer. Registering for reports of chargebacks and information
requests keep you informed and reduces processing
This may include:
times.
• A signed copy of the receipt;
The report gives you:
• A copy of the order or invoice;
• Requests for information or evidence of transaction
• A copy of any correspondence received by you from
the cardholder • Urgent or outstanding requests for information
• Acknowledgement of information received
• Chargeback pending notifications
• Chargeback debit advice
Speak to your Transactional Specialist about this free
reporting service
For more information
Learn how to reduce chargebacks and protect
your business from fraud:
nab.com.au/business/payments-and-merchants/
merchant-support-centre/avoiding-chargebacks
4
�Cybercrime
Protect yourself from cyber threats
More businesses are being targeted by sophisticated cybercrimes. NAB’s large Security team is dedicated
to protecting your business by helping you to spot suspicious activity online.
Business email compromise/invoice scams Signs of awareness
Business email compromise is when criminals take over All businesses face the threat of cybercrime. Look out
an organisation’s email account with the aim of sending for the following signs of a suspicious message or call:
fake invoices, requesting updates to bank account
details, or intercepting and altering payment details. • A request to change payment details
Because the invoice looks legitimate, the recipient might • Asking for your personal or banking information
not question the payment details, and send the payment • Sender is unavailable to verbally confirm the request
to the account controlled by the criminal.
• The sender’s email address doesn’t match the
To prevent this, you’ll need a process that requires the organisation the email is pretending to come from
receiver to check the requester’s email address carefully, • It’s generically addressed (e.g., Dear Customer), and
before calling them to confirm the request using the there’s no sign off
contact’s most current details.
• There’s a sense of urgency (e.g., provide your
Phishing information or we’ll restrict access to your accounts)
Phishing emails, SMS and phone calls are designed to • The tone differs from previous requests
trick you into providing personal information like: • Incorrect spelling and improper grammar
• Usernames and passwords
• Credit card details or bank details Security tips
• Create safe payment processes. It’s important to
• Your name, date of birth, etc.
verbally verify payment requests or changes to
Criminals use these contact methods for the same payment details.
reason legitimate businesses do, it’s a cheap and easy • Your employees are the first line of defence against
way to get to a lot of people. cyber-attacks. Teach them to recognise and handle
Phishing emails often pretend to be from legitimate suspicious emails, text messages and phone calls.
companies such as banks, courier companies, or If your business gets a fake invoice, share it around
government departments and contain links to fake so your employees know what to look out for in the
websites which trick people in to entering their bank future.
details or personal information. • Keep software up to date, including your anti-virus
software.
If you receive this type of communication, don’t
provide any information, and please forward to • Protect your business data by regularly backing up,
phish@nab.com.au. If you’re unsure, you can always storing offsite and test your backups regularly.
call NAB or your banker. • Be vigilant on passwords and access management
for all staff.
• Put appropriate transaction controls in place, such as
separate duties or dual authorisation.
• Use strong passwords and multi-factor authentication
to protect your email account. Two-factor
authentication adds security by using an extra
authentication method, such as a code sent to your
mobile phone via SMS.
5
�Our security commitment
Banking securely
NAB is committed to keeping you safe and wants to work with you to reduce the risks to your business.
We provide informative resources and tools, information on product features for enhanced security,
and keep you updated on industry insights. By being aware of fraud and cybercrime threats, you can
help reduce the risk of costly chargebacks, or harm to the business’ reputation.
Security Hub
Our Security Hub (nab.com.au/securityforbusiness)
provides up-to-date tools and the latest information
For more information
and advice on security to minimise the risk of fraud • Australian Cyber Security Centre – ACSC
and scams. (cyber.gov.au)
Within this Hub you will find: • Report a cyber incident
(cyber.gov.au/report)
• Security alerts
(nab.com.au/securityalerts) • Become an ACSC partner (cyber.gov.au/
partner-hub/acsc-partnership-program)
• NAB’s security podcast
(nab.com.au/securitypodcast)
• Monthly webinar series
(nab.com.au/cyberandfraudsessions)
• A cyber security toolkit for businesses
(nab.com.au/cybersecuritytoolkit)
• Cyber safety training
(nab.com.au/cybersafetytraining)
And a whole range of articles and videos, including:
• How to identify and avoid fraud and scams;
• How to protect your personal information;
• How to protect your business data; and
• How to manage security and running a business
6
�NAB support teams
Our team Assistance capabilities Contact & availabilities
NAB Connect Support • Technical support • PH: 1300 888 413
• Training • Monday to Friday 7:30AM–8:00PM (AEST)
• Password resets • Saturday 9:00AM–2:00PM (AEST)
• Traces
NAB Transact Support • Technical support • PH: 1300 852 950
• Integration • Email: support@transact.nab.com.au
• Password resets • Monday to Friday 8:00AM–8:00PM (AEST)
NAB Merchant Fraud • For queries about • PH: 1300 622 372 (Option 3)
preventing credit • Email: merchant.fraud@nab.com.au
card fraud
• Monday to Friday 8:00AM–5:00PM (AEST)
For Chargebacks:
• 1300 781 935
• Email: merchantchargebacks@nab.com.au
• Monday to Friday 8:30AM–5:00PM (AEST)
NAB Cards Fraud Team • For queries about credit • PH: 1300 622 372 (Option 1) or if calling from
card transactions overseas +61 3 8903 9952 (Option 3)
• Email: card.fraud.prevention@nab.com.au
• Available 24/7
NAB Emergency Cards Team • For queries about lost • PH: 1800 033 103 or if calling from overseas
or stolen cards +61 3 8641 9121
• Available 24/7
Received a suspicious message?
• Forward suspicious emails to phish@nab.com.au and then delete it
• Forward suspicious text messages to 0476 220 003 and then delete it
• You will not receive a personal response from the above contacts
• If you responded to a suspicious email or text message, please call NAB on 13 22 65 immediately or visit
your local branch
7
�©2025 National Australia Bank Limited ABN 12 004 044 937 AFSL and Australian Credit Licence 230686 A167727-0425
