Duplicate Debit Debacle Hits Best Buy, Macys. Who’s Next?
Written by Evan Schuman and Fred J. AunFollowing a December glitch at Macys that saw 8,000 customers double- and tripled charged for debit transactions comes word of an eerily similar triple charge glitch at Best Buy this month.
In both cases, the retailers initially painted the problems as isolated incidents. In both cases, the retailers thought initial debit card swipes didn’t work and asked the customer to try again, sometimes twice more. And in both cases, the banks removed money from the consumer’s bank account equivalent to two and three times the price of the product.
Could these be coincidences? Might they indeed be isolated debit card incidents? Absolutely. But this also might be an initial heads up that the debit card system relied on by major retailers today has inherent flaws. What happened, with both Macys and Best Buy, with software specifically designed to look for and prevent these kinds of multiple identical charges? What about the systems at the card processors and the banks?
The most frightening part about debit card transactions today is that they subject retailers to a debit double whammy. Debit transactions are exponentially more delicate—and more prone to glitching—than their credit card counterparts. At the same time, an error with a debit transaction can deliver an order of magnitude more damage, potentially cleaning out a customer’s bank account and causing them to unknowingly bounce checks to everyone they’re trying to pay. Few IT glitches has the potential to get a loyal customer in trouble with the police, but debit card glitches have that distinction.
How frightening is it that the transaction type that can inflict the most damage has the weakest failsafe? How weak in fact are those safeguards?
“Everything has to go perfectly on a PIN debit in order for it to work and all the actors have to do their job correctly, from the issuer to the acquirer and any stations in the middle,” said payment systems specialist Andy Orrock, COO of On-Line Strategies. “You’ve got gateways and a regional debit processor. So, for a transaction to go from Best Buy, there were most probably four institutions involved, the acquirer, the acquirer’s gateway, the regional debit network and the issuer. All the message exchanges have to happen properly.”
Mississippi Debit Burning
It’s not clear how many customers were impacted by the Best Buy debit situation, but one Mississippi man provided documentation of a $300 microwave oven that was charged three times, wiping out his bank account and causing quite a few bounced checks and related problems. Best Buy has acknowledged “errors” that caused Jackson, MS, resident Myreon Williams’ checking account to slip nearly $1,000 in the red, said Best Buy Spokesperson Jill Nezworski, but the retailer has been unwilling to provide specific details explaining why its payment system allowed the triple charges to take place.
When Williams’ debit card was first swiped, the system said he’d exceeded his daily limit but the transaction was apparently approved anyway. The message, which was unrecognized by the cashier, seemed to be little more than an FYI note. One problem was that no receipt was printed, which is what prompted the cashier to conclude the mysterious message meant the transaction had been rejected. According to the customer’s bank statement—a copy of which was provided to StorefrontBacktalk–that transaction was sufficiently accepted so that the bank account was debited.
Williams was then asked to re-enter his PIN and to re-swipe his card. The POS then spit out a piece of paper which the cashier kept, Williams said, and the cashier wouldn’t let Williams see what it said. He said the cashier told him he needed to call for authorization. Apparently getting the authorization, the cashier asked Williams to swipe the card a third time, according to Williams, who said he was then given a receipt and allowed to leave with the microwave.
The next day, Williams logged onto his online banking page and was shocked to see three charges from Best Buy for $299.59—the exact price of the microwave oven–plus a charge of $300 listed as “931240 POS PRE AUTH CREDIT CARD MERCHANT UNKNOWN US.”
“We stand by our original statement and don’t want to speculate further,” said Best Buy’s Nezworski via E-mail. Unfortunately, that original statement doesn’t say much: “Best Buy regrets that we inconvenienced our customer with the authorizations on his account. We have systems in place to prevent this from occurring but it does appear that an error occurred. It is very rare that we see this type of difficulty, and you can be assured that we will work with our customer to make this right.”
-Marc
March 19th, 2009 at 5:25 am
When you swipe your swipe your card. Ask for an error message, call your bank before swiping your card again. If you are going to use a debit card, do not write checks.
March 19th, 2009 at 10:05 am
Almost all banks/transaction processors in the world have the inherent flaw that caused the scenario described above. They approve the credit/debit transaction and then pass this message to the POS and then assume they’ve done their part and all is well. There are some additional checks behind the scenes to determine if the message was successfully received, but there is still a small window of opportunity for failure.
HSBC is the only bank I’ve seen whereby they require the POS system to respond with a message stating “Yes, I’ve received your approval message and here is the approval code you just sent me which proves I actually received your message – all is well”. If the bank does not receive this message within a certain time, it will assume all was not well and will reverse the last transaction.
The chance of failure in this scenario is about the same as in the scenario at Best Buy and Macy’s however, the liability is shifted from the consumer to the retailer. Instead of the customer being double/triple charged, it is possible they walk out with free merchandise. This of course, raises the argument is it better to annoy a loyal customer (who will notice being overcharged) or take the hit where it might not be noticed (unless the retailer is diligently monitoring their suspense/settlement files). Most retailers prefer the former since they know they can make amends. If a customer walks away with free merchandise, it may be impossible to ever collect that money.
The bottom line – monitor your bank statements regularly and refute all questionable transactions. The onus is on the retailer to prove you authorized the charges.
March 19th, 2009 at 3:43 pm
Interesting that this double posting issue with debit cards keeps happening. My daughter’s debit card was double billed by AT&T when she bought the iPhone 3G. Apparently only debit cards were affected, according to AT&T, and happened to a lot of people.