What is the Force or Offline Transaction scam?
A scammer with a stolen or fake card attempts a transaction. The merchant receives a decline, but the scammer pretends to contact their issuing bank and tells the merchant they received an authentication code. The scammer instructs the merchant, per their bank, to use the code and force or create an “offline” transaction. The merchant enters the code, completing the false transaction. The scammer walks away with stolen goods/services, and the merchant doesn’t discover the scam until the batch processes, or it is identified when a chargeback or dispute is received.
Is this real?
Yes. Recently a merchant processed two transactions on a card, received a decline and then the scammer provided a phony authentication code to the merchant for an offline transaction. The merchant manually keyed in the code and the scammer walked away with the goods.
At the end of the day, when the merchant attempted to settle their batches they received an error message due to the invalid authorization number. Unfortunately, the authorization that was used with the force or offline transaction wasn’t valid, and it was too late. The scammer was gone and had successfully defrauded the business, taking the goods and the merchant received a chargeback.
What steps can you take to combat this type of fraud?
- When you receive a “decline” ask for another form of payment
- Never accept a cardholder-provided Authorization Code
- Only use a Valid Authorization Code by calling your
- Voice Authorization phone number provided by TSYS
- The safest transaction is to “dip” or insert an EMV® card into an
- EMV-capable terminal
- Forcing transactions have a high risk of chargebacks