Fraud Using the Refund Functionality on Payment Terminals

Evertec Trends

In recent months, there has been a concerning increase in fraud schemes exploiting the refund functionality on point-of-sale (POS) terminals. These tactics can severely impact merchants’ financial security and customer trust.

How do these frauds work?

Fraudsters use several techniques to manipulate payment terminals and issue unauthorized refunds:

Fraudulent or tampered terminals
- Unauthorized devices are installed on the merchant’s network, disguised to look legitimate
- These terminals can process unauthorized transactions and refunds, diverting funds to fraudulent accounts
Impersonation of technical staff
- Criminals pose as authorized technicians and claim they need to update the terminal. They install malicious software that enables fake refunds.
Internal fraud
- In some cases, employees manipulate the terminal to issue unauthorized refunds to their own accounts or those of accomplices.
Fake suppliers
- Fraudsters call merchants pretending to be suppliers or government officials. They request refunds to personal cards under the guise of settling invoices or permits, and instruct staff to withdraw the money and transfer it electronically.
Malware on terminals
- Malicious software is installed via fake updates, disabling contactless payments and forcing chip usage—allowing card cloning and refund manipulation.

How to prevent becoming a target?

Verify terminal authenticity: Ensure your devices are registered and monitored by your official provider.
Block unvalidated updates: Always confirm with your financial institution before granting access to technicians.
Monitor refunds: Set up alerts for suspicious patterns, such as repeated refunds to the same card.
Train your staff: Educate employees to recognize fraud attempts and follow security protocols.
Conduct frequent audits: Review transaction and refund logs to detect inconsistencies.