Forced Credit Card Sale: What it Means and How to Stop Forced Sale Fraud

Forced Credit Card Sale: What it Means and How to Stop Forced Sale Fraud

Fraudulent opportunities often lie at the intersection between convenience and security, and forced sale transactions are a perfect example of that. While they do provide a certain convenience to merchants, they have been increasingly subject to fraud in the past few years.

We’re going to tell you exactly what you need to know about forced sale transactions and outline the steps you need to take to avoid getting burned.

Let’s go!

What is a forced sale credit card transaction?

A forced sale is a type of offline transaction that can bypass the authorization tokenization process that accompanies normal transactions.

Forced is a heavy-handed term. This functionality exists in POS systems because sometimes merchants need to accept payments offline, and it wouldn’t be realistic to block offline transactions altogether. There are also times when an honest customer is having issues with their card, and POS systems give merchants the tools to process a transaction without the normal checks and balances.

In a normal transaction, there’s a lot of communication that occurs immediately after someone uses their chip or swipes at your machine. Your terminal sends an encrypted message to the bank that the customer’s card is from (these banks are called issuing banks). The bank looks at the transaction amount, makes sure there is enough credit or funds in the account to allow the transaction, checks for any signs of fraudulent activity, and then sends a “yes” or “no” back to the machine.

In a forced sale, you can essentially bypass that whole “check the account balance” part of the process. Forced sales are then uploaded and settled once the POS is connected back to its internal network or cloud-based solution, but you may not be aware of a forced sale’s failure until you receive your processing statement at the end of the month.

And here’s the thing: POS systems don’t need a legitimate authorization code when completing a forced sale transaction. Any combination of numbers will work because it is essentially running it as an offline transaction.

What does a forced sale transaction look like?

Here’s how a legitimate forced transaction usually goes:

  • The customer walks up with some items and initiates the checkout process.
  • The employee asks them to pay, and the customer uses their credit card.
  • The transaction is denied, and the customer says it usually works.
  • The employee tries again, and this time they receive a prompt or know they can force a transaction.
  • The employee or customer calls the cardholding bank and gets an authorization code.
  • The employee enters that into the machine and runs the sale as a “forced” transaction with the authorization code provided on the phone.
  • The payment is complete and the customer leaves with the items.

Are all transactions that bypass authorization forced?

No. VISA has a price floor, and any transaction below a certain threshold doesn’t need to be authorized. These are usually card-present transactions, and instances of payments where the card isn’t presented in person are always subject to tokenization.

What to watch out for: the most common way criminals use forced transactions to scam businesses

While there are different ways to convince employees to force a transaction, the most common scheme goes like this:

  • The fraudster walks up with a lot of items and starts checking out.
  • The employee asks them to pay, and the fraudster uses their credit card.
  • The transaction is denied, and the fraudster says it usually works, but they can call their bank for a code.
  • The customer (not the employee!) calls “the cardholding bank” and gets an authorization code.
  • The fraudster tells or types in the code for the employee.
  • The fraudster leaves with the merchandise.
  • The merchant doesn’t find out they were scammed until they get their next statement.

That’s how it usually goes! If a fraudster is sophisticated enough, they may even have a network of people who can act as a bank if the employee requests to call as well.

How to know if you’re being targeted by forced sale fraud

The easiest way to know is by checking your statements for errors that mean the authorization token was incorrect or the card is expired. These are errors 72 and 73 in credit card transactions, so check if you have a spike in those on your statements.

How to prevent forced sale transaction fraud

You can fight back against fraud by having specific strategies in place. Here are a few steps you can take to reduce forced sale fraud:

Step #1: Know what to look for

There are a variety of ways fraudsters approach forced sale fraud, but it always ends with convincing an employee to enter an authorization code at the machine. Here are some red flags to be aware of:

  • First-time customers have bank documents readily available when a large order is denied. Always call the bank to confirm.
  • Some fraudsters complete one legitimate transaction for a real authorization code and then use that over and over again for subsequent forced sale transactions. If you notice one order from a country go through and then see a series of smaller transaction requests from countries not normally found in your sales report, take a close look at those transactions.
  • They specifically ask you to force the transaction. Most B2C customers will not be aware of this functionality.

Step #2: Set up rules for your employees

Your best bet for fighting fraud is to specifically and consistently remind your employees what they need to be looking for, and you can accomplish this by setting up a few ground rules.

Here are a series of rules you can give your employees to prevent forced sale fraud:

  • Always run the card twice.
  • See if they have an alternative payment method before considering a forced transaction.
  • Always be the one on the phone with the bank. Do not let the customer tell you the authorization code.
  • If it feels off, ask them to come back and offer a discount for the inconvenience.
  • Do not accept any forced transaction over a certain price. For example, if the cart value is over $100, then all employees should require a normal transaction.

The bottom line

Fake authorization codes and forced transactions are a popular scam these days, and retail stores are particularly vulnerable. Your best bet is to make a clear announcement and set up rules for your employees to follow. This will empower your employees to make smarter decisions around odd transactions and reduce the fraud burden your company currently has.

See why merchants and banks of all kinds love Tidal Commerce

Join the club.

Subscribe to our newsletter and get payment processing news & insights sent to your inbox.

You can unsubscribe at anytime.