This is page 2 of:
Duplicate Debit Debacle Hits Best Buy, Macys. Who’s Next?
Indeed, Best Buy refunded Williams for the extra charges. Williams said the retailer also promised it would send him a $75 check to pay for penalties he was accessed by the bank in the days after the incident because several of his checks, including one for a car payment, bounced.
Best Buy Stands By Its Statement
In an interview conducted before Best Buy decided to merely “stand by” its statement, Nezworski said she thought the cashier’s second and third swipes of Williams’ card “were incorrect” as a store practice. However, she also said the transaction wasn’t allowed to go through until after the store contacted Visa and received an authorization.
Orrock said he could envision several explanations for Williams’ experience, and most of those explanations “have to do with error codes being properly translated.” Perhaps the acquirer might have received a code from a system in the middle saying the transaction was taking too long and timed out. He said the message that Williams exceeded his daily limit, an unusual message for a POS to see, could have been caused by a mistranslation of the ‘response code’ as the message is passed back from institution to institution.”
As for the systems designed to watch for and prevent these kinds of duplicate charges, those systems are only as effective as the data they are allowed to access. Orrock said, for example, that payment processing systems rarely check product codes to see if the same product is being paid for multiple times. “I build some big POS systems and we are not checking SKUs,” Orrock said. “We are not checking product codes. Payment switches are not getting down to that level.” He also noted that, if the first attempted transaction was recorded by Best Buy as a denial of some sort, but approved by the issuer, the system would not see a subsequent attempt as being a duplicate because it thought the first one was rejected.
The Best Buy system might have done everything properly but could have been dealing with garbled information from somewhere else in the complex process. “What (codes) the issuer passes back and what ends up at the POS can sometimes be entirely different,” Orrock said. “A lot of things have to right for that to work. My 2-digit codes might not be the same as the next guy in the chain. You’re dependent on everybody making the right translations.”
While not particularly commonplace, Orrock said PIN debit system hiccups are not totally rare, especially when store clerks swipe cards multiple times. “You do see situations like this where, for one reason or another, all the actors involved in the transaction did not discharge their duties properly,” Orrock said. “I could concoct a scenario for you that fits what happened to this guy with absolutely no problems evidenced by Best Buy. Best Buy could be totally in the dark, in a good way, about what happened. They would get something back that indicates the transaction was rejected or denied. They get a response code and throw it on screen. In the meantime, behind the scenes, the issuer authorized the transaction.”
Orrock urged retailer CIOs to “pay attention” to their systems suspense file. “What ends up happening in debit is, you typically provide the gateway with a list of all the transactions you think you consummated during the day and the gateway is going to match those transactions up. If there are any differences between the file you sent and what the gateway processor thinks they processed online, those items are going to fall out and go to the suspense report. You must pay attention to the items on there, the spurious items.”
-Marc
March 19th, 2009 at 5:25 am
When you swipe your swipe your card. Ask for an error message, call your bank before swiping your card again. If you are going to use a debit card, do not write checks.
March 19th, 2009 at 10:05 am
Almost all banks/transaction processors in the world have the inherent flaw that caused the scenario described above. They approve the credit/debit transaction and then pass this message to the POS and then assume they’ve done their part and all is well. There are some additional checks behind the scenes to determine if the message was successfully received, but there is still a small window of opportunity for failure.
HSBC is the only bank I’ve seen whereby they require the POS system to respond with a message stating “Yes, I’ve received your approval message and here is the approval code you just sent me which proves I actually received your message – all is well”. If the bank does not receive this message within a certain time, it will assume all was not well and will reverse the last transaction.
The chance of failure in this scenario is about the same as in the scenario at Best Buy and Macy’s however, the liability is shifted from the consumer to the retailer. Instead of the customer being double/triple charged, it is possible they walk out with free merchandise. This of course, raises the argument is it better to annoy a loyal customer (who will notice being overcharged) or take the hit where it might not be noticed (unless the retailer is diligently monitoring their suspense/settlement files). Most retailers prefer the former since they know they can make amends. If a customer walks away with free merchandise, it may be impossible to ever collect that money.
The bottom line – monitor your bank statements regularly and refute all questionable transactions. The onus is on the retailer to prove you authorized the charges.
March 19th, 2009 at 3:43 pm
Interesting that this double posting issue with debit cards keeps happening. My daughter’s debit card was double billed by AT&T when she bought the iPhone 3G. Apparently only debit cards were affected, according to AT&T, and happened to a lot of people.