What Is A Forced Credit Card Sale?
Credit card fraud opportunities often lie at the intersection between convenience and security, and forced credit card sales are a perfect example of that.
While they do provide a certain convenience to businesses, they have been increasingly subject to fraud in the past few years.
What is a forced credit card sale?
A forced sale is a type of offline transaction that can bypass the authorization tokenization process that accompanies normal transactions.
Forced is a heavy-handed term. This functionality exists in POS systems because sometimes merchants need to accept payments offline, and it wouldn’t be realistic to block offline transactions altogether.
There are also times when an honest customer is having issues with their credit or debit card, and POS systems give merchants the tools to process a transaction without the normal checks and balances.
In a normal transaction, there’s a lot of communication that occurs immediately after someone uses their chip or swipes at your machine. Your terminal sends an encrypted message to the bank that the customer’s card is issued from. The bank looks at the transaction amount, makes sure there is enough credit or funds in the account to allow the transaction, checks for any signs of fraudulent activity, and then sends a “yes” or “no” back to the machine.
In a forced sale, you can essentially bypass that whole “check the account balance” part of the process.
Forced sales are then uploaded and settled once the POS is connected back to its internal network or cloud-based solution, but you may not be aware of a forced sale’s failure until you receive your processing statement at the end of the month.
And here’s the thing: POS systems don’t need a legitimate authorization code when completing a forced sale transaction. Any combination of numbers will work because it is essentially running it as an offline transaction.
What does a forced sale transaction look like?
Here’s how a legitimate forced transaction usually goes:
- The customer walks up with some items and initiates the checkout process.
- The employee asks them to pay, and the customer uses their credit card.
- The transaction is denied, and the customer says it usually works.
- The employee tries again, and this time they receive a prompt or know they can force a transaction.
- The employee or customer calls the cardholding bank and gets an authorization code.
- The employee enters that into the machine and runs the sale as a “forced” transaction with the authorization code provided on the phone.
- The payment is complete and the customer leaves with the items.
Are all transactions that bypass authorization forced?
No. VISA has a price floor, and any transaction below a certain threshold doesn’t need to be authorized. These are usually card-present transactions, and instances of payments where the card isn’t presented in person are always subject to tokenization.
How to know if you’re being targeted by forced sale fraud
The easiest way to know is by checking your monthly statements for errors that mean the authorization token was incorrect or the card is expired. These are errors 72 and 73 in credit card transactions, so check if you have a spike in those on your statements.
The bottom line
Fake authorization codes and forced transactions are a popular scam these days, and retail stores are particularly vulnerable. Your best bet is to make a clear announcement and set up rules for your employees to follow.
This will empower your employees to make smarter decisions around odd transactions and reduce the fraud burden your company currently has.
Have additional questions about forced credit card sales? Want to receive a no-obligation Free Rate Quote for your merchant services?
Visit us online at www.TailoredTransactions.com or call us direct at (888) 669.1686