A certain type of scam has resurfaced recently – one that has been around for a long time in different iterations. We’ve blogged about this before, but perhaps it’s time for a reminder. What I refer to is a “fake authorization scam” and it works like this.
The fraud suspect is attempting to purchase a big ticket item or conduct a credit card cash advance in a financial institution. The card is declined and they have an excuse such as “it must be a transaction amount limit” or “a daily limit.” They pretend to call the number on the back of their credit card or they have you call it. However, unbeknownst to you, the phone number has been changed on the back of this counterfeit card, and it rings to the cell phone of an accomplice of theirs.
Their accomplice is skilled at sounding like they work for the credit card issuer. They use common terms and professional sounding language. They indicate a reason that the transaction was declined, but that funds are available and they will walk you through a manual authorization.
They have you press certain keys on your credit card terminal and, unbeknownst to you once again, they have taken your terminal offline or into training mode. In this mode, any number entered as an approval code will appear as an approval even though the terminal is not communicating with the card issuer to obtain authorization.
The happy “customer” then goes on their way never to be heard from again. Then you receive a chargeback from the credit card issuer for “no valid authorization.” You call your credit card processor and insist that you spoke with the card issuer and they gave you an authorization code that approved on your terminal. Your credit card processor can only see that the card issuer has reported that the authorization code was not valid. Unless a valid code is provided, you’re going to lose the chargeback as the real cardholder wants their money back from this fraudulent transaction on their account.
You thought you were going to have a big sale and instead you’re sitting with a loss. The chargeback process does not seem fair. You did your best to “do it right” and you still got scammed. There are many frustrating things about this type of scam.
There are a few things you can do to help protect your business from this. First, never (and I mean NEVER), accept a customer’s cell phone if they say they’ve contacted their card issuer. Joint with this, do not call the number on the back of their card since it may have been modified. The phone number on the back of a card is for the cardholder only.
In the very rare event that a cardholder needs to contact their card issuer to get special permission to run a larger transaction, they can do so on their own while you, as the merchant, run the transaction the way it was intended. That is to insert (if it’s a chip card) or swipe the magnetic strip and get an approval.
If the card declines, it’s a sign that something is wrong. Are there other signs present that this customer may not be who they pertain to be? Was the sale too easy? Are they “buying” rather than “shopping?” Is the merchandise something they can easily resell on ebay?
We recommend asking for another form of payment at this point. If, at your discretion, you choose to attempt to run the card again, you’re increasing the chances of not getting paid for the transaction. We do not want this to happen which is why we recommend stopping at a first decline and asking for that second form of payment.
Better safe than sorry…