October 29th, 2012


APB: Attention Anyone With A Store, Read This!

Courtesy of Rich Johnston at Bleeding Cool....

A couple of comic stores are falling victim to a "Visa check card" scam.  And this will work with anyone, not just comic shops.

The dirt:

One retailer reports, "We recently were the victims of credit card fraud.  What happened was someone came into the store on a Sat. when we were very busy and picked out several high dollar books.  There were 2 people working  the registers and a line of customers.  He waited until there were several people in line behind him and gave the clerk a Visa gift card.  It did not work on the first swipe and he said that happens sometimes so you have to enter a code to make it work.  The clerk did that and it went through.  What he did not realize was that the code authorized an offline transaction.  He got the books and left.

There were many mistakes made during this theft:
1.  The guy was in the store a short time and specifically asked for expensive books.
2.  He asked for a discount but the employee said he would have to contact the manager.  The thief immediately said don’t bother.
3.  You never enter a code supplied by a customer to make a transaction go through.
4.  The clerk did not check ID or write down identity information for a large purchase.
5.  The clerk did not have his coworker check the transaction."

Another retailer reports, "A customer came in a purchased one of the more expensive back issues in the case, several hundred dollars.  The card he presented was a Vanilla Visa Gift card.

The Clerk ran the card but was not given an authorization code by the customer.  However, the receipt printed with the words FORCED SALE at the top of the receipt.  (According to Visa, a forced sale is what you would do if your machine was offline, storing the card for later verification).  Honestly, it did not seem unusual at the time and I did not notice even when I photocopied the receipt for the chargeback dispute.

He also bought a second back issue after that went through.

After a week or so we got a chargeback from the bank and disputed it because the receipt did have an authorization code.  However, the bank said it was a false authorization code.  I am still pursuing it as they have not been able to tell me who generated the authorization code.

But it seems the card somehow took the machine offline.

It may be unrelated but as a point of warning, we had gotten a call in the weeks before this happened asking what kind of machine we had.  At the time it did not seem odd since we were getting many calls from our processor to upgrade the machine.

What we have instituted as policy:

-Gift cards tend to have limits of a couple hundred dollars.  Be suspicious of gift cards for larger transactions.

-Collect customer information on large purchases

-Review the credit card receipt for anything unusual

-Never complete a sale that says Forced Sale or Offline

-Never answer questions on the phone about our credit processing, types of hardware or software we use, etc."

Further reports as developments warrant.

Spread the word.

We must look out for each other.