WDW CM Jailed for Skimming Credit Card Info

[CujoSR]

Your company checks ID with credit cards? I know that it is against the credit card company TOS to force an ID check so I would think most criminals would just refuse to show ID.

I do check ID on any transaction over $100. As for the TOS, The credit card company doesn't dictate how the company is run. I'm not sure they have that power. Do you have a link to the TOS? I'm curious now.

[dawn]

I do check ID on any transaction over $100. As for the TOS, The credit card company doesn't dictate how the company is run. I'm not sure they have that power. Do you have a link to the TOS? I'm curious now.

Here's the website for Mastercard to report the violation of "The merchant required identification"
http://www.mastercard.com/us/personal/e ... tions.html


For "unique" transactions, (cash or quasi-cash, effectively) you're required by the merchant agreement to check state-issued, non-expired ID, regardless of the value. That includes gift cards, disney dollars, precious metals, wiring money, pre-loaded credit cards, etc. And for some of those transactions you need to record information off their ID.

For normal transactions, regardless of dollar value MasterCard/Visa/American Express take the position is that you can ask for ID, but you can't condition the sale on it. If the customer refuses, you have to complete the sale.

MC: http://www.mastercard.com/us/merchant/p ... Manual.pdf
Visa: http://usa.visa.com/download/merchants/ ... ations.pdf
Amex: https://www209.americanexpress.com/merc ... hantPolicy

That said - Cast Members work for Disney. Their job is to enforce Disney policies, not credit card policies. If Disney choses to intentionally violate the terms of their merchant accounts, Disney can do that. Visa, MasterCard, American Express, etc aren't going to help you keep your job if you're written up for not requesting ID.

There are situations in which I've made a minor fuss about someone requiring ID. It's usually in a situation where the CSR is suggesting to people that they write "See ID" or something else stupid on their card. I feel obliged to point out that technically cards that say "See ID" are void, and invalid for approval and in the course of that point out that requesting ID violates the merchant agreement and puts the business's fraud protection at risk. This is particularly likely when they haven't checked the signature, but ask for ID.

I have once in a great while made a major fuss about "Can I see your ID?" but that's invariably with a store manager, not a front-line clerk. It usually means that the store has irritated me already with policies that I consider objectionable.

Generally I just say "Oh, has the signature worn off the stripe? Because that's how my cardholder tells me my identification should be verified..." and if they can come up with some reasonable reason for wanting a second verification "No, but these don't really look the same." or "Its kind of hard to read on your card" or "Yes, it's wearing off" the I fish out my ID and let them see it.

The whole exchange might add about 10 seconds to a transaction, which seems reasonable to me, since a "good enough" fake ID with my picture and whatever name I want on it takes about 5 minutes with easily available equipment. Either way, I'm inclined to keep the whole thing pleasant, whether I complete the transaction or not, because I'm not dealing with the person who created the policy - just the one who has to enforce it.

[Mayonnaise]

Wow... they actually say that in their TOS? As a cardholder I think that's horrible. I'd much rather show my ID to folk along with my card, than have my card used by someone who's not me.

I find it appalling that credit card companies would in fact try to PREVENT a Point of Sale person from stopping fraudulent use of their cards, by telling them they are not allowed to require ID.

8^(

[Rex]

The joys of micro electronics.

With the recent work on the 7 atom transistors, these will only get smaller. 1 atom would be about the same size as 1/1,000,000th of a single hair. It's only a matter of time before skimmers will also be "atomized" and made so small that they cannot even be detected. http://www.dailytech.com/Researchers+Cr ... e18476.htm (Scary)

The good news, however, is that people are becoming more and more careful with their money, making it more and more difficult to steal from.

[PatchOBlack]

Wow... they actually say that in their TOS? As a cardholder I think that's horrible. I'd much rather show my ID to folk along with my card, than have my card used by someone who's not me.

I find it appalling that credit card companies would in fact try to PREVENT a Point of Sale person from stopping fraudulent use of their cards, by telling them they are not allowed to require ID.

8^(

The thing about credit card companies having a clause in their TOS that says that an ID should not be required has been the subject of many long discussions on other boards I visit. I would have to check if this is the result of customers complaining to the credit card companies about having to show ID, or if there is some privacy laws that come into play.

[CujoSR]

Here's the website for Mastercard to report the violation of "The merchant required identification"
http://www.mastercard.com/us/personal/e ... tions.html


For "unique" transactions, (cash or quasi-cash, effectively) you're required by the merchant agreement to check state-issued, non-expired ID, regardless of the value. That includes gift cards, disney dollars, precious metals, wiring money, pre-loaded credit cards, etc. And for some of those transactions you need to record information off their ID.

For normal transactions, regardless of dollar value MasterCard/Visa/American Express take the position is that you can ask for ID, but you can't condition the sale on it. If the customer refuses, you have to complete the sale.

MC: http://www.mastercard.com/us/merchant/p ... Manual.pdf
Visa: http://usa.visa.com/download/merchants/ ... ations.pdf
Amex: https://www209.americanexpress.com/merc ... hantPolicy

That said - Cast Members work for Disney. Their job is to enforce Disney policies, not credit card policies. If Disney choses to intentionally violate the terms of their merchant accounts, Disney can do that. Visa, MasterCard, American Express, etc aren't going to help you keep your job if you're written up for not requesting ID.

There are situations in which I've made a minor fuss about someone requiring ID. It's usually in a situation where the CSR is suggesting to people that they write "See ID" or something else stupid on their card. I feel obliged to point out that technically cards that say "See ID" are void, and invalid for approval and in the course of that point out that requesting ID violates the merchant agreement and puts the business's fraud protection at risk. This is particularly likely when they haven't checked the signature, but ask for ID.

I have once in a great while made a major fuss about "Can I see your ID?" but that's invariably with a store manager, not a front-line clerk. It usually means that the store has irritated me already with policies that I consider objectionable.

Generally I just say "Oh, has the signature worn off the stripe? Because that's how my cardholder tells me my identification should be verified..." and if they can come up with some reasonable reason for wanting a second verification "No, but these don't really look the same." or "Its kind of hard to read on your card" or "Yes, it's wearing off" the I fish out my ID and let them see it.

The whole exchange might add about 10 seconds to a transaction, which seems reasonable to me, since a "good enough" fake ID with my picture and whatever name I want on it takes about 5 minutes with easily available equipment. Either way, I'm inclined to keep the whole thing pleasant, whether I complete the transaction or not, because I'm not dealing with the person who created the policy - just the one who has to enforce it.

Two very valid points there. Regardless of the merchant agreement, if you refuse to show ID, our Loss Prevention office will be very interested in talking to you. That's after running the transaction through just so the police can file felony charges if it is fraudulent.

BTW this is NOT Disney.

[ktulu]

This is the standard TOS, I'm willing to bet that Disney's lawyers didn't sign off on the standard TOS. I'm willing to bet that most major corporations with a staff of lawyers did the same.

[dawn]

This is the standard TOS, I'm willing to bet that Disney's lawyers didn't sign off on the standard TOS. I'm willing to bet that most major corporations with a staff of lawyers did the same.

Obviously no one is privy to any particular individual agreement. However, Disney has no -reason- to object to that clause. If the charge is fraudulent, and a brick and mortar merchant has followed the credit card authorization steps (not including, but not prohibiting checking ID), there will be no chargeback to the merchant.

The rules are different for card-not-present transactions, but that's not what we're discussing here. And what most larger corporations are negotiating for is the signature-not-required/card-not-present to receive the same protections that POS transactions have. That's usually done as an add-on insurance product (with reduced or waived fees, depending on how badly both sides want the account).

[dawn]

Two very valid points there. Regardless of the merchant agreement, if you refuse to show ID, our Loss Prevention office will be very interested in talking to you. That's after running the transaction through just so the police can file felony charges if it is fraudulent.

BTW this is NOT Disney.

My job is working with payment gateways. I deal with credit card transactions every day. Back end, front end, reconciliations, fraud, credits, out of band transactions, recurrences... I've touched all of it. I've read the contracts, I've merchant account shopped and I've been involved in the negotiations. I recognize that not everyone has the knowledge base I do, and I'm usually pretty cheerful and easygoing about it.

I have no argument with a merchant if they refuse to run my transaction without me showing ID. Take it without ID, or don't take it. It's no skin off my nose either way and I can decide based on the day if I'd rather forgo the transaction or show ID.

Complete the transaction, give me my merchandise and then detain me? Merchant irrelevant, that's pretty close to the only way to get me to make a scene over credit card processing. I suppose that they could make a citizen's arrest, but given that no felony has actually been committed, I think they'd be hard pressed to make the case for probable cause. Either way, I can't see any course of action for the customer other than calling 911 and requesting that an officer of the law come and settle things.

At that point, you have an angry customer, an irritated cop (who had better things to do), Loss Prevention realizing that someone's going to lose face over this... it goes nowhere good and it's really, really hard to deescalate. Especially if you start touching people. It seems like a good idea to guide them out of public into the office... Bad, bad idea.

Everyone who takes credit cards ought to be trained in what to do if they suspect a fraudulent transaction. Like say.. a group of people coming in and with orders right under $100 (where they know you check ID) or a transaction where the name on the card doesn't match the gender. You retain the potentially fraudulent card, call your processing center, say you think you have a Code 10 and let them tell you what to do.

I've had a Code 10 called on me (although I didn't know what it was at the time). It was very polite, very civil. I talked to my credit card company and verified that they were who they said they were and I was who I said I was, handed the phone back to the clerk at the hotel and signed the slip. No cops, no scene, no fuss.

[dawn]

Wow... they actually say that in their TOS? As a cardholder I think that's horrible. I'd much rather show my ID to folk along with my card, than have my card used by someone who's not me.

I find it appalling that credit card companies would in fact try to PREVENT a Point of Sale person from stopping fraudulent use of their cards, by telling them they are not allowed to require ID.

8^(

It's much, much, much harder to properly fake a credit card than it is to fake an out of state ID (they'll pick an out of state ID because unfamiliarity makes it harder to verify). There's a long list of stuff you can check on a credit card to make sure it matches the mag stripe, and it's stuff that's hard to duplicate. There are a lot of places and ways that codes appear (embossed, printed with chemical sensitive ink, raised print, stamped, indented print, holographs, etc). False ID good enough to pass almost anything other than the issuing database takes maybe 5 minutes. Less if all you need to do is change the name and reprint. I've seen the demos.

And as a customer, it's bloody convenient. When I lose my wallet (or get it stolen) on vacation - I can have a new Amex in hand in 24 hours. I can't have a new ID until I'm back from vacation. I have no cash, no bank card (they'll only mail my ATM card to my house), no ID. And my life doesn't have to stop. I can leave my ID safely locked in the hotel (so that I still have it for the plane flight home when my wallet is stolen) and still be able to use my card...

However, the reason that credit card companies don't want people to ask for ID is that it makes you sloppy. POS registers move fast. And it's easy, really easy to compare the name on the ID with the name on the card and move on. Not checking the name on the computer, not checking that the numbers match, etc. Sloppy verifications make fraud easier.