Safely accept in-store card payments.
Keep your EFTPOS terminal secure when accepting in-store card payments to help protect your business against credit and debit card fraud.
What is an in-store payment?
In-store payments are also known as 'card present' payments. These types of payments are made in a face-to-face environment where the customer inserts, swipes or taps their credit or debit card on your EFTPOS terminal to complete the transaction.
Where can I get an EFTPOS terminal?
Westpac supports all major terminal providers in New Zealand, so the choice of terminal is up to you. Terminals are provided by a third-party vendor so you will pay them directly for the lease of your EFTPOS terminal.
How do I connect my terminal to Westpac?
As a Westpac merchant, you can choose between two EFTPOS network providers - Worldline and Verifone. Each provider has different options available for transacting reporting, support teams and monthly pricing.
Once you've chosen your preferred network, please provide the details to our Merchant Onboarding team. The team will need these details so they know which network to contact to connect your terminal.
Can I get a mobile terminal?
If you're already a Westpac merchant, you can apply for Westpac Get Paid®. It's a contactless-enabled card reader and mobile app that allows you to take payments, create and send quotes, invoices and receipts from wherever you need to do business. Find out more about Westpac Get Paid and apply for this facility. Alternatively, you can request a mobile terminal from your preferred EFTPOS provider.
Tips to help keep your EFTPOS terminal secure.
Take the following steps to help protect your EFTPOS terminal and reduce the risk of an account data compromise.
What to do |
When to do it |
Who is responsible? |
Use a PCI DSS compliant terminal that is within its lifecycle (don't use an outdated terminal) |
At set up, and annually thereafter |
Merchant / terminal provider |
Ensure your EFTPOS terminal is up to date with the latest software and firmware |
When notification is received or within a month of release |
Terminal provider |
Change default password of your EFTPOS terminal |
At set up |
Merchant |
Keep your terminal secure outside of normal business hours by switching it off and locking it away in a safe place |
Daily |
Merchant |
Ensure only authorised people within your business know how to operate the terminal and have access to it |
Daily |
Merchant |
Create a plan for when you detect unauthorised access |
At set up, and annually thereafter |
Merchant |
Inspect your terminal for signs of damage or tampering. Check cabling hasn't been tampered with, stickers haven't been removed or replaced and that there are no additional/unknown items or electronic equipment connected to the terminal |
Daily |
Merchant |
Establish an inventory control of your terminals. Keep a record of how many terminals are used by your business, their physical locations, software and firmware versions, serial numbers, model numbers and the details of your terminal provider |
Annually |
Merchant |
Establish staff security awareness training |
At the start of employment, and annually thereafter |
Merchant |
Conduct staff background check |
At the start of employment |
Merchant |
Develop an Incident Response Plan |
Annually |
Merchant |
Tips to help prevent card fraud.
- When a card is swiped or inserted ensure the cardholder authorises the card transaction by using a PIN
- Only accept physical cards from your customers - don't key in card numbers that have been provided to you in any other way
- Don't exceed authorisation limits
- If you apply for a refund function on your terminal, ensure that only authorised people within the business know how to use it
- If you are issued with a refund card keep this in a secure place
- Ensure refunds are processed to the original card used for the transaction.
What's the difference between an account data compromise (ADC) and card fraud?
An ADC is when an unauthorised person gains access to your business environment or payment facility to steal valuable information (like card payment data) with the intention to commit fraud. Card fraud is when stolen card payment data is used to make a fraudulent transaction.
Get help.
New customers
Call the Westpac Merchant Onboarding team on 0800 888 066, option 3 weekdays between 8:30am - 5pm.
Existing customers
Contact your Westpac Relationship Manager or Merchant Assist on 0800 888 066, option 4 weekdays between 8:30am - 5pm.
Ways of accepting payments.
Things you should know.
The information on this page is intended as a guide only. We make no warranty or representation, express or implied, regarding the accuracy of any information, statement or advice contained on this page. We recommend you seek independent advice before acting or relying on any of the information on this page. All opinions, statements and analysis expressed are based on information current at the time of writing from sources which Westpac believes to be authentic and reliable. Westpac issues no invitation to anyone to rely on this material.
Links to other sites are provided for convenience only and Westpac accepts no responsibility for the availability or content of such websites.