How can I avoid card fraud?

Finding unauthorised transactions on your card can be very unsettling, which is why we’ve put together a list of things you can do to take control of your card security and make sure you’re as protected as possible.

How to protect yourself from scams and card fraud

1. Freeze your card if you lose it, it’s stolen, or you notice any suspicious activity

This is the best way to make sure no further activity can take place on your card. If you aren’t able to find your card, you can cancel it permanently in your account. See the instructions below on how to do each:

Freeze or Permanently cancel your card

You must permanently cancel your card if:

  1. You’ve been a victim of fraud / a scam. If you bought something and later found that it was a scam, you have unauthorised transactions on your account that can’t be explained, or have been a victim of fraud in any way, you must cancel your card permanently. Your card details are now in the hands of someone else and are no longer safe to use. Please cancel it permanently in your account. This prevents anyone from accidentally unfreezing the card in the future and your business from sustaining further unauthorised transactions. 
  2. You confirm your card has been lost/stolen. If you’ve searched and you’re unable to locate your card, you’ll need to cancel it permanently. This is the best security measure you can take against any unauthorised payments.

2. Increase your security

  1. Avoid accessing card information on a public computer
  2. Never write down your card details or PIN on a notepad, sticky note or even into a document on your computer. The only place you should be able to find those card details is by logging into your 2FA-protected Airwallex account
  3. Make sure your computer’s security software is up to date and scan for viruses regularly
  4. Check that your WIFI networks are password-protected
  5. Avoid accessing your card information via hotspots or on public networks

If multiple people within your business have access to your virtual card details, make sure that the above applies to them too. With more flexible work arrangements becoming the norm, consider the following risky scenarios:

  • Hotspotting or logging into a public WIFI network to access the card whilst working on the train home / at an airport
  • Accessing card details off home computers, rather than work computers
  • Accessing card details using non-password protected WIFI at home

If you've recently experienced fraud, questions to ask yourself and colleagues are:

  • Is my WIFI network password protected?
  • Are other employees' home WIFI networks password protected?
  • Has anyone been logging into public networks (at train stations, etc)?
  • Has anyone written down the card details?
  • Has anyone noted down the card details on their computer (Google Document, Notes, etc)?
  • Has anyone written their card details in an email? This applies, even if the email is to a colleague (email inboxes are not a secure place to share details!)
  • Is the security software on all work laptops adequate and up to date?
  • Has anyone been logging into you Airwallex account from their unsecured home computer?

3. Make sure the merchant's website is secure

You can make sure that the website you’re adding your card details to is secure by checking for the security certificates. Look out for a padlock icon in your browser bar (where your website address is listed) to show that the website is secure.

If you've recently experienced fraud, questions to ask yourself and your colleagues are:

  • Have you input your card on any new website recently?

4. Pay securely

Websites can become compromised and card details taken when inputting or storing your card details on them. Two ways you can protect against this is:

  1. Third party apps (such as Paypal). Paying using a third party provider, such as Paypal allows you to store your card details securely with them, so that you don’t have input your card details onto other websites directly.
  2. Payment gateways. Check that a payment gateway is being used before saving your card details on a website. The use of a trustworthy payment gateway means that your card details won’t be stored on the merchant’s website, but instead will be stored within the payment gateway, which will have extra, dedicated security measures in place specifically to protect your financial details.

5. Keep your personal information protected

Make sure you have a strong password on all your devices and accounts that include upper and lower case letters, numbers and symbols. Don’t use the same password for every account / device, don’t share them with others and never write them down.

This also includes shredding anything that contains sensitive information.

If you've recently experienced fraud, questions to ask yourself and your colleagues are:

  • What is our procedure for disposing of sensitive documents? Do we shred them?
  • Does everyone have a strong, unique password or use a secure password manager on their work computer?
  • Does everyone have a strong, unique password or use a secure password manager for their Airwallex login?
  • Has anyone shared their passwords, written them down, or noted them on their computer (Notes, etc)?

6. Never give anyone access to your computer

If anyone contacts you wanting to install something on your computer, no matter how legitimate it sounds, do not let them. If it’s a scam, they’ll likely be planting a virus which will give them access to all your passwords and personal information. Hang up immediately.

If you've recently experienced fraud, questions to ask yourself and your colleagues are:

  • Has anyone recently had someone request access to their computer?

7. Never give your card details to anyone you don't trust

Be wary of anyone asking you for your card details. This can be via email, SMS, or phone call. You should always be provided with a secure option, such as Paypal or a secure payment gateway.

For tips how to identify a scammer and what to do if you think you’re talking to one, continue scrolling down.

If you've recently experienced fraud, questions to ask yourself and your colleagues are:

  • Has anyone given their card details to someone over the phone, in an email or an SMS?

8. Be wary of unauthentic emails and pop-ups

Treat any pop-up window or notification that you’ve won something as highly suspicious. This is called “phishing”. Successful scams make their communication look very official, so it can be very difficult to identify, and often pretend to be reputable companies such as Telstra, Australia Post, Microsoft, or the Australia Tax Office.

For tips how to identify a phishing scam, scroll down to "How will I know if I'm being contacted by a scammer?"

If you've recently experienced fraud, questions to ask yourself and your colleagues are:

  • Has anyone in your company recently clicked a link in an email that might not have been genuine? (eg. a vague email from the CEO of your company)
  • Has anyone clicked a pop-up recently saying they've won something?

9. If someone leaves your company, remove access immediately and cancel cards they had access to

If someone leaves your company and they had access to your Airwallex account or card(s) held by your Airwallex account, make sure to do the following immediately:

  1. Remove them from your Airwallex account (head to the User Management section to do this)
  2. Cancel their employee card, if they had one
  3. If they had access to any other business cards (company cards), you must cancel them too. They may have written down the details or saved them to one of their personal devices and inadvertently use it at a later date)
  4. Lastly, don't forget to remove their access to all company accounts, including their email, internal messaging system and anywhere else they could continue to gather sensitive information.

If you don't remove access for your ex-employees immediately, they may continue to gather sensitive information and make purchases using company money.

If you've recently experienced fraud, check through your list of users under User Management in your account to make sure you've removed all ex-employees.

10. Read our extra tips on account security

Read section 10 of our Payment and FX terms, entitled “Safety And Security”, for further tips on keeping your account safe.

https://www.airwallex.com/terms/payment-and-fx-au 

11. Keep up to date with the latest scams

Scamming comes in all shapes and sizes. You can keep up to date with the latest alerts by checking the ACCC’s Scamwatch website, and can even subscribe to receive alerts!

https://www.scamwatch.gov.au/news-alerts/browse-news-alerts 

What if I've had fraud on multiple cards?

Seeing unauthorised transactions on multiple of your cards indicates that the person responsible has access to your Airwallex account.

Do the following immediately:

1. Check that no one has access they shouldn't.

Check your list of users in User Management and remove anyone who shouldn't be there, for eg. ex-employees.

2. Ask every user to immediately change their Airwallex password.

They must change it to a strong password, which includes upper case, lower case, numbers and special characters. They should not have used this password anywhere else and they must not write it down.

3. Think about other ways your account could be accessed.

Do you have a bookkeeper or contractor? How do they keep your details safe?

How will I know if I’m being contacted by a scammer?

Red flags that you’re talking to a scammer:

  1. They get agitated that you’re going to call the company’s general support line
  2. They ask you for your card details
  3. They’re contacting you at an unusual time (outside of business hours / on the weekend)
  4. They aren’t able to give you a succinct explanation of what they’re calling / emailing about
  5. They refuse to send you an email confirming the details of the call and their request
  6. They’re pushing you to make payment now
  7. They ask for remote access to your computer
  8. They’re emailing from an Outlook, Hotmail or Gmail email address
  9. The email address is different (even just slightly) from the email address on other emails you’ve received from this company

What to do if you think you’re talking to a scammer.

  1. Don’t click any links (if by email / SMS)
  2. Verify who they are:
    • Ask for the name and job title of the person who’s contacted you
    • Find an official phone number for the company (for eg. from Google)
    • Call their official* support line and ask for them
  3. Type the phone number / email address that contacted you into Google. You might find that “scam!” is the top hit.
  4. Hang up on them (if you’re on the phone)

*DO NOT use any contact details they give you. Always find the company’s contact information via an independent source, such as Google or their official website.

Never call the number given to you by the person on the phone, or on SMS.

If the person you’re talking to gets agitated when you say you’ll call their office back and pushes you to give them your details then and there (for example, saying that you’ll lose the prize if you don’t enter them now), do not do it. This is most likely a scam.

If you think your card details have become compromised.

If you’ve noticed unauthorised transactions on your account, please freeze your card immediately and follow the steps in the following article: How do I dispute a transaction?