Fraudulent opportunities often lie at the intersection between convenience and security, and forced sale transactions are a perfect example of that. While they do provide a certain convenience to merchants, they have been increasingly subject to fraud in the past few years.
We’re going to tell you exactly what you need to know about forced sale transactions and outline the steps you need to take to avoid getting burned.
Forced is a heavy-handed term. This functionality exists in POS systems because sometimes merchants need to accept payments offline, and it wouldn’t be realistic to block offline transactions altogether. There are also times when an honest customer is having issues with their card, and POS systems give merchants the tools to process a transaction without the normal checks and balances.
In a normal transaction, there’s a lot of communication that occurs immediately after someone uses their chip or swipes at your machine. Your terminal sends an encrypted message to the bank that the customer’s card is from (these banks are called issuing banks). The bank looks at the transaction amount, makes sure there is enough credit or funds in the account to allow the transaction, checks for any signs of fraudulent activity, and then sends a “yes” or “no” back to the machine.
In a forced sale, you can essentially bypass that whole “check the account balance” part of the process. Forced sales are then uploaded and settled once the POS is connected back to its internal network or cloud-based solution, but you may not be aware of a forced sale’s failure until you receive your processing statement at the end of the month.
And here’s the thing: POS systems don’t need a legitimate authorization code when completing a forced sale transaction. Any combination of numbers will work because it is essentially running it as an offline transaction.
Here’s how a legitimate forced transaction usually goes:
No. VISA has a price floor, and any transaction below a certain threshold doesn’t need to be authorized. These are usually card-present transactions, and instances of payments where the card isn’t presented in person are always subject to tokenization.
While there are different ways to convince employees to force a transaction, the most common scheme goes like this:
That’s how it usually goes! If a fraudster is sophisticated enough, they may even have a network of people who can act as a bank if the employee requests to call as well.
The easiest way to know is by checking your statements for errors that mean the authorization token was incorrect or the card is expired. These are errors 72 and 73 in credit card transactions, so check if you have a spike in those on your statements.
You can fight back against fraud by having specific strategies in place. Here are a few steps you can take to reduce forced sale fraud:
There are a variety of ways fraudsters approach forced sale fraud, but it always ends with convincing an employee to enter an authorization code at the machine. Here are some red flags to be aware of:
Your best bet for fighting fraud is to specifically and consistently remind your employees what they need to be looking for, and you can accomplish this by setting up a few ground rules.
Here are a series of rules you can give your employees to prevent forced sale fraud:
Fake authorization codes and forced transactions are a popular scam these days, and retail stores are particularly vulnerable. Your best bet is to make a clear announcement and set up rules for your employees to follow. This will empower your employees to make smarter decisions around odd transactions and reduce the fraud burden your company currently has.
Subscribe to our newsletter and get payment processing news & insights sent to your inbox.
You can unsubscribe at anytime.