Eftpos loophole used by alleged scammers
AUSSIE business owners are being warned to watch out for a sneaky new eftpos scam that has already seen multiple stores ripped off by thousands of dollars.
A group of alleged scammers, dubbed the "Eftpos Bandits" have been exploiting a security loophole to target at least two camera stores in Perth.
CCTV at Camera House caught the sophisticated rort in action, showing two women appearing to buy two cameras for $15,000.
It looks just like any other transaction, with one of the women chatting to the cashier while the other pulls out her credit card ready to put it into the machine - but this is where the con begins.
Just before she inserts the card the woman glances at her phone for a few seconds. To the shop worker this is nothing out of the ordinary but in those few moments she is allegedly memorising the details of a stolen credit card.
"She got her own credit card, she put it into the terminal, but didn't push it all the way through, so it didn't register," shop owner Liddio told A Current Affair.
"She cancelled our transaction and went in manually and typed in a stolen credit card number."
While the woman quickly types in the details her accomplice distracts the staff member.
It is over in a matter of seconds and the women walk out of the store with thousands of dollars worth of cameras charged to an allegedly stolen credit card.
Liddio said he was "absolutely gutted" when he realised what had happened.
The two women were joined by a third when they were also caught on film allegedly pulling the same scam at a different camera place across town.
VO Camera store owner Russell said the women walked away with three cameras worth $21,000.
This time the women were faced with a touchscreen eftpos machine, but it seemed that even newer machine models can be used in the trick.
"She takes her card and she inserts it into the machine, then she does a double swipe down from the top," Russell said.
"Manual card entry, manually keys in the details of the stolen credit card, 16 digits, expiry date, then approve."
When Russell contacted Commonwealth Bank he was reportedly told the machines cannot be protected from this type of fraud and it is on the employer to make sure they are being used correctly.
"I don't think it's a good enough response. It borders on an admission of liability from the Commonwealth Bank," he said.
"These machines have a security loophole, in my opinion, and the Commonwealth Bank knows about it."
In a statement, the Commonwealth Bank said the manual payment option is available in case a card is damaged or the other options on the machine are not working.
"As part of the merchant agreement, the merchant agrees to take on liability for misuse of the terminal, including fraudulent activity," the statement read.
"Given the rise in fraudulent use of the manual function across the industry, and the prevalent acceptance of contactless transactions, CBA is currently reviewing how it can further assist merchants mitigate exploitation of the manual function."