If you are a business owner, NEVER accept an override code offered by a customer.
A 24-Year-Old Allegedly Used A Simple But Brilliant Scam To Cheat Apple Out Of $300,000
Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, according to Tampa Bay Times’ Patty Ryan.
According to a Secret Service criminal complaint, filed by special agent Bryan Halliwell and investigators associated with Apple and Chase Bank, Parrish allegedly tricked Apple Store employees in 16 states starting around December 2012 into accepting fake authorization codes to purchase $309,768 worth of Apple goods.
Parrish, who is a resident of River Grove in east Tampa, Florida, is also accused of hitting several stores in his home state, including Orlando, Boca Raton, Wellington, and the Brandon location twice.
The authorization code scam is breathtakingly simple.
Here’s how it works: Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn’t really calling his bank.
So, the complaint says, he would offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override. (Business Insider, like the Tampa Bay Times, refuses to publish the number of digits “so as not to inspire anyone.”)
But that’s the problem with this system: as long as the number of digits is correct, the override code itself doesn’t matter.
“It does not actually matter what code the merchant types into the terminal,” the U.S. Attorney’s Office in New Jersey said publicly after a similar case occurred there in February. “Any combination of digits will override the denial.”
In the New Jersey case, 29-year-old Temeshia McDonald was sentenced to three years in prison after defrauding Victoria’s Secret, Banana Republic, and several other retailers out of $557,690 in the same manner, which is known as a “forced sale” or “forced code.”
Though this action is technically a form of wire fraud, merchants can be liable for charges if they override a credit or debit card denial in this fashion. Citing court records, The Tampa Bay Times said Parrish initially forced a transaction at the Apple Store in Brandon, in which he used a fake authorization code to make a purchase of $7,753.22.
“Because Apple employees overrode the initial declination against the instructions of Chase Bank, Apple — not the financial institution — suffered the loss as a result of this fraudulent transaction,” Halliwell wrote in the criminal complaint.
Parrish has also been accused of “trying to defraud a car rental company and a hotel in Seattle,” The Tampa Bay Times says. He is currently being held without bail in the Pinellas County Jail.
Tampa’s Secret Service field office would not comment on our story or the loophole as the case is ongoing, but we’ve also reached out to Apple to learn if the company plans to change its policies with regards to overriding credit or debit card denials. We plan to update this story as we learn more.