Retail associates are trained to be helpful, cooperative and flexible to try and bring in sales. Payment security folk might want to remind them “Not when it comes to payment.”
That’s the lesson learned by Apple store—as well as car rental and hotel—employees in 16 states and the District of Columbia, when the Secret Service said a clever conman talked his way into getting them to accept debit cards tied to shutdown bank accounts—at a cost of $309,768.41 in 42 bogus transactions.
The tactic that the accused thief–Sharron Laverne Parrish Jr. of Tampa, Florida—used was getting employees to manually force post the transaction. This relied on a security hole, which is that any six-digits will enable the transaction if it’s forced by the store associate. The intent is that the store is supposed to only use that technique if it has directly confirmed that the card is indeed valid and that the funds are available, presumably by talking with the bank directly.
What happened in these cases, though, was this. Parrish tried to pay and when the transactions were declined, Parrish faked a phone call with his bank and then said that the bank wanted the associate to use a special authorization code of 000738. Had the associates followed procedure and called the bank themselves, the fraud wouldn’t have worked. Indeed, the federal indictment said that Apple associates halted an additional seven transactions—worth $50,931.76—by presumably following store procedures.
Enterprise Rent-a-Car and Westin hotels were also victimized in the attacks in Florida, Georgia, Washington, D.C., Pennsylvania, Washington, Utah, Nevada, Missouri, Colorado, Kentucky, New York, Connecticut, Oregon, Virginia, Ohio, Louisiana and North Carolina.
Want more reason to incentive retailers to retrain their associates to avoid this con? From the indictment: “Because Apple employees overrode the initial declination against the instructions of Chase Bank, Apple, not the financial institution, suffered the loss as a result of this fraudulent transaction.”
There’s nothing like dollars-based responsibility to get a retailer’s attention.
“What’s Hot” is aggregated content. PYMNTS.com claims no responsibility for the accuracy of the content published by the original source.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More