Security

Never leave terminals unattended or allow anyone to tamper with or remove your payment devices. If a terminal looks damaged, stop using it immediately, put it in a secure location and report it by raising a ticket via your Software company or emailing support@clearaccept.com. Additionally, when terminals aren’t in use, ensure they’re securely stored away 

Watch for unusual customer behaviour, such as attempts to distract staff or interfere with equipment. Never leave your payment terminals unattended! 

Always shield the terminal screen when entering your supervisor passcode to prevent it being observed.

Change supervisor passcodes regularly, particularly when staff leave the business and keep a log of all staff who know the passcode for easy reference.

If you need help with how to change the Terminal supervisor password, please contact us via support@clearaccept.com or phone: 020 7186 2186

Our team are here to support you & are available:

• Mon–Fri: 08.00–18.00
• Sat: 09.00–18.00
• Sun: 10.00–17.00
• Bank Holidays (excl. Christmas and New Years Day): 10.00–17.00

Ensure your team understands how to recognise potential scams, suspicious behaviour, and security risks.

Resources you might find helpful are:

• UK Finance – run fraud prevention and cyber security awareness programmes.
• National Cyber Security Centre (NCSC) – accessible guidance and training modules, especially around phishing and cyber hygiene.
• Take Five to Stop Fraud (UK Finance campaign) – Consumer and business-friendly fraud awareness resources.

Remind employees never to share terminal passcodes, login details, or security codes with anyone.

Create a culture where staff feel confident to report anything unusual straight away, no matter how minor it may seem.

It can be difficult to know how to manage and recognise suspicious behaviour. Create clear guidance for employees on when to decline

transactions and how to escalate concerns. As a starting point, you may wish to consider:

POS

1. Check Devices Daily

• Inspect card terminals and PIN pads for tampering (loose parts, extra wires, broken seals).
• If something looks unusual, do not use the terminal and escalate immediately.

2. Protect Terminals

• Keep terminals in secure, visible areas.
• Lock them away when not in use.
• Restrict who can access or move terminals.

3. Spot Suspicious Transactions

• Be wary of multiple small purchases followed by a larger one.
• Watch for customers trying to distract staff during a transaction.
• Escalate if a card is repeatedly declined.

4. Respond Quickly

• Decline any transaction you believe to be suspicious.
• Escalate concerns to a manager or your fraud team immediately.
• Report suspected fraud or terminal tampering to your acquirer or payments provider.

5. Train Staff Regularly

• Teach employees how to inspect devices, recognise suspicious customer behaviour, and follow escalation steps.
• Refresh training often — fraud tactics evolve quickly.

ECOM

1. Secure Your Website

• Always use HTTPS/TLS encryption on every page (not just checkout).
• Keep shopping cart software, CMS, and plugins up to date.
• Remove unused plugins/extensions to reduce risk.

2. Use Strong Authentication

• Require multi-factor authentication (MFA) for admin and hosting logins.
• Enforce strong, unique passwords across your team.
• Restrict admin access to only those who need it.

3. Protect Cardholder Data

• Never store full card numbers, CVVs, or sensitive authentication data.
• Use reputable, secure payment gateways or hosted payment pages to process transactions safely.
• Use tokenisation or hosted payment pages to avoid handling raw card data.

4. Detect Suspicious Behaviour

• Flag multiple failed checkout attempts or repeated small transactions.
• Watch for mismatched billing/shipping addresses or unusual IP/geolocation activity.

5. Respond & Escalate Quickly

• Decline orders that fail fraud checks or seem high-risk.
• Escalate suspicious activity to your fraud prevention team or acquirer.
• Keep clear procedures for refund/chargeback disputes.

Disclaimer: These tips are designed to give you a useful framework, but every business is different. Your own processes and procedures should always be shaped around your organisation’s way of working, risk appetite, and operating model. If in doubt, seek guidance that’s specific to your business. ClearAccept Ltd makes no warranties as to the completeness or accuracy of the information and accepts no liability for any loss arising from reliance on it

Only use authorised service providers for maintenance or upgrades and always check the credentials of anyone who comes to service your equipment

If the terminal defaults to signature cancel the transaction and try again to see if Chip-and- Pin is requested or ask the customer for an alternative payment method. You don’t want to accuse the customer of anything, but you do want to protect your business. We recommend you say along the lines of "For your security and ours, we require PIN verification for chip card transactions when possible. This card is prompting for signature instead ,  do you happen to have another card that uses PIN?" or "Because of the value of this purchase, we require chip-and-PIN verification. This card isn’t prompting for a PIN, could you try another card?"

For high-ticket items, consider declining the transaction if PIN is not used. Have a policy to require PIN above a certain threshold.

Always compare the signature on the receipt with the signature on the card and request a valid government ID to check this matches the name on the card and the person making the transaction. If the customer refuses or the signature doesn’t match, do not proceed with the sale.

Retain signed receipts and customer information in case of chargebacks, for example: “UK driving licence seen:  name matched, signature matched ”. Use CCTV or store surveillance to further validate customer presence, where possible.

(these don’t necessarily mean the transaction is fraudulent but indicate further due diligence is required ) . Red flags include:

Customers who:

• Rush the transaction
• Buy expensive, re-sellable items (e.g. electronics, luxury goods)
• Struggle to sign consistently
• Refuse ID or get defensive
• Teach staff to escalate or decline if they see red flags.