Fraud Prevention: Simple Steps to Keep Your Healthcare Payments Secure

As someone working in healthcare, you already know how important payment security is for your practice. While fraud is uncommon, even isolated incidents can cause stress for your team and patients. 

Whether you’re using Tyro Health EFTPOS, Tyro Health Online, or both together, keeping systems secure helps reduce risk. Each solution has its own protections, and when used side by side, they create an even stronger safeguard for your practice.  

At Tyro Health, payment security is built in. And with a few simple steps from your team, you can strengthen your defences, and you can make your practice even safer. 

Lock down your Tyro Health and PMS logins  

Your Tyro Health account and your practice management system (PMS) are the digital front doors of your practice. Protect them thoughtfully.

• Never share your credentials: each team member should have their own login for Tyro Health.
• Avoid writing down logins where others could see them. 
• Choose strong, unique passwords: use a combination of letters, numbers and special characters. Use a password manager to safely create and store secure passwords. 
• Update your password quickly if you suspect it’s been shared. Here’s how →

Turn on two-factor authentication (2FA) for extra protection 

Two-factor authentication (2FA) adds a second layer of security to your Tyro Health login. Even if someone has your password, they can’t access your account without the code sent to your phone. 

It’s one of the most effective steps you can take to protect your account. 

• You can easily set up 2FA in your account settings. Find out how → 
• Business Administrators can also make 2FA mandatory for all staff who use Tyro Health Online. If you are an Admin and would like to enable 2FA for all accounts associated with your business, follow the steps here → 

Manage staff access carefully 

Not everyone in your practice needs the same level of access in Tyro Health. 

• Give each staff member their own login. 
• Review who has access regularly, and remove old accounts when staff leave. 
• Limit admin permissions to only those who truly need them. 

Protect your EFTPOS terminal PIN 

This is key. Keeping your EFTPOS terminal PIN safe is just as important as your bank PIN. If someone else has it, they could misuse your terminal. 

Here’s how to keep it safe: 

• Keep it private: Only share your PIN with staff who truly need it. 
• Don’t write it down: Never write it on notes, post-its, or the terminal itself. 
• Make it unique: Avoid using your practice postcode, phone digits, or simple number sequences. 
• Update when needed: Change your PIN straight away if you think it’s been compromised, or when staff leave your practice. 

Here’s how to change your terminal PIN → 

Same-card refunds reduce your risk

Refunds are a normal part of practice life but how they are processed can affect your level of risk.

• Refund to the same card: Tyro Health EFTPOS terminals can be configured to only refund back to the same card used for the original payment. This reduces fraud risk and helps protect you in the case of disputes. Learn more in Tyro’s Chargeback and Disputes guide → 
• Refund onto a different card: If required by your practice, this feature can be enabled but it carries added risk. Our team can walk you through the implications before turning it on. If active, it is even more important to keep your EFTPOS terminal PIN strong and secure to help limit the risk of misuse. 

Secure your EFTPOS terminal and devices  

Just like you’d lock away cash, securing your devices helps protect payments and patient data. 

• Log out when finished: Always log out of Tyro Health Online when you’re done, especially on shared devices. 
• Update regularly: Keep devices, software, and browsers up to date 
• Check EFTPOS terminals daily for signs of tampering. 
• Store securely: Lock EFTPOS terminals away after hours and don’t leave them unattended. 
• Act fast: If a terminal is lost or stolen, contact us immediately. We can disable it remotely 24/7. 

Protect cardholder data

Just like patient data, payment data needs to be safeguarded. Securing it helps protect your practice and reduces the risk of fraud. 

• Only store card details in secure, compliant systems. Never record card details in patient notes, spreadsheets, or paper files. If you need to keep card details for billing, use Tyro Health Online or another provider than meets Payment Card Industry (PCI DSS) standards. 
• Keep systems updated. Make sure your devices, browsers, and software are kept updated, patched, and secure. 

This helps reduce the risk of account data compromise (ADC), where stolen card data can be used for fraud. 

A little effort goes a long way 

Fraudsters are always looking for new ways in, but you’re not on your own. Tyro Health actively monitors for suspicious activity and strengthens protections every day. 

With Tyro Health, security is built in, and by combining our protections with a few simple steps from your team, you can greatly reduce your risk and make your practice safer. 

Need help setting up 2FA or changing your terminal PIN? Visit our Help Centre for easy step-by-step guides. 

Disclaimers 

Tyro Health provides this article for general information and educational purposes and does not take into account the financial situation or need of any reader. The information provided must not be relied upon as legal, tax or financial advice.