Force Authorization Scam

From the Santa Barbara Police Department

Information Bulletin
Santa Barbara, CA – 08/21/19
Force Authorization Scam
An authorization code is an alphanumeric password that authorizes a purchase. A force authorization may be required for times when a merchant’s payment terminal cannot connect to the network or the amount of the sale is above a predetermined amount. The authorization code allows a merchant to bypass the process by manually entering a previously obtained authorization code.
Recently, two Santa Barbara downtown businesses fell victim to a credit card authorization fraud scheme. Based on the recent events, we would like to inform businesses of the scheme presented and ways in which to defend your business from such incidents.
Common scams include both over the phone and in person transactions.
Example 1: The suspect/customer enters the store and attempts to make an expensive purchase. When their credit card is denied, he or she will likely pretend to be upset and act as if he or she is contacting the bank. The suspect(s) will hand you their personal phone and have you speak with the (fake) bank representative, who will provide you a force authorization code. A later chargeback will result and the merchant will be at a loss.
Example 2: The suspect/customer will arrange for a transaction and provide the credit card number and an alias. The customer will provide the authorization code once the card declines to force the fraudulent transaction through. A rapport is usually generated prior to the actual transaction to cause the employee to further believe the transaction is legitimate.
Best Practices:
* Never enter an authorization code given by a cardholder to force a transaction. Always contact the cardholder’s issuing bank yourself to obtain the valid code.
*  Ask for identification, especially for expensive transactions made over the phone to verify the identity of the caller. This can be sent to you (the merchant) via fax, email, or text.
* Do not hand your payment terminal to the customer as the customer may enter the fraudulent authorization code themselves without your knowledge.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.