Fraudulent opportunities often lie at the intersection between convenience and security, and forced sale transactions are a perfect example of that. While they do provide a certain convenience to merchants, they have been increasingly subject to fraud in the past few years.
We’re going to tell you exactly what you need to know about forced sale transactions.
A forced sale is a type of offline transaction that can bypass the authorization tokenization process that accompanies normal transactions.
Forced is a heavy-handed term. This functionality exists in POS systems because sometimes merchants need to accept payments offline, and it wouldn’t be realistic to block offline transactions altogether. There are also times when an honest customer is having issues with their card, and POS systems give merchants the tools to process a transaction without the normal checks and balances.
In a normal transaction, there’s a lot of communication that occurs immediately after someone uses their chip or swipes at your machine. Your terminal sends an encrypted message to the bank that the customer’s card is from (these banks are called issuing banks). The bank looks at the transaction amount, makes sure there is enough credit or funds in the account to allow the transaction, checks for any signs of fraudulent activity, and then sends a “yes” or “no” back to the machine.
In a forced sale, you can essentially bypass that whole “check the account balance” part of the process. Forced sales are then uploaded and settled once the POS is connected back to its internal network or cloud-based solution, but you may not be aware of a forced sale’s failure until you receive your processing statement at the end of the month.
And here’s the thing: POS systems don’t need a legitimate authorization code when completing a forced sale transaction. Any combination of numbers will work because it is essentially running it as an offline transaction.
Here’s how a legitimate forced transaction usually goes:
No. VISA has a price floor, and any transaction below a certain threshold doesn’t need to be authorized. These are usually card-present transactions, and instances of payments where the card isn’t presented in person are always subject to tokenization.
The easiest way to know is by checking your statements for errors that mean the authorization token was incorrect or the card is expired. These are errors 72 and 73 in credit card transactions, so check if you have a spike in those on your statements.
Fake authorization codes and forced transactions are a popular scam these days, and retail stores are particularly vulnerable. Your best bet is to make a clear announcement and set up rules for your employees to follow. This will empower your employees to make smarter decisions around odd transactions and reduce the fraud burden your company currently has.
Subscribe to our newsletter and get payment processing news & insights sent to your inbox.
You can unsubscribe at anytime.