Undercharged

njs030

Gebgbegb wrote: »

I don't think anyone is refuting the idea of being physically ' able' to do it.
The discussion is about whether you have ' the right' to take multiple deductions from a person's account...

Many people were surprised to hear it was physically possible actually, have you read the thread?

The post you quoted to argue with was an explanation that merchant copies have full card details. If you bothered to read that person's other posts (one or two above) you'd see they were in agreement with you that it's wrong.....

Quackster

The OP needs to clarify whether they were issued with a receipt to the value of €90 or 90c.

If (as is likely) the receipt is for €90 but it was then incorrectly inputted into the card terminal as 90c, the OP can have no arguement over the merchant taking the full €90 (although the method used is questionable).

If the item scanned incorrectly at 90c and the transaction was concluded at that price with a receipt issued to the value of 90c, then what the merchant did was entirely wrong and the OP would have a right to have the second transaction refunded.

jimmycrackcorm

Quackster wrote:

If the item scanned incorrectly at 90c and the transaction was concluded at that price with a receipt issued to the value of 90c, then what the merchant did was entirely wrong and the OP would have a right to have the second transaction refunded.

The OP could simply request a chargeback and take his chances. Somehow I don't think that will get far.

NeverTheLess

Interesting

Conservative

Re: pilly. On app and cannot quote?

I am looking at a merchant copy from a Spar store which my family run. It is for a chip and pin transaction and processed through Elavon. It contains the start and expiry date but only last 4 digits from the card number. It would be INSANE to have everything bar the cvv number for many thousands of customers that large retailers deal with.

The shop staff tell me that if they have an issue with a transaction they have a contact number to call, a merchant id and use the authorisation code that is printed on the merchant copy.

They must be retained by the retailer in case a dispute in a transaction arises.

I doubt large electrical retailers are giving their staff access to that kind of information either.

That sounds nuts in 2017!

pilly

Conservative wrote:

Re: pilly. On app and cannot quote?

I currently work in a business and have those details on receipts all the time. I'm not telling lies here.

Granted it's not retail I'm in now but it's been less than a year since I was in retail and the details were also on the receipts.

Other posters have said the same.

njs030

Conservative wrote: »

Re: pilly. On app and cannot quote?

I am looking at a merchant copy from a Spar store which my family run. It is for a chip and pin transaction and processed through Elavon. It contains the start and expiry date but only last 4 digits from the card number.

It's been suppressed for your business, either at the request of the company or because the bank has decided to do so. Perhaps there has been issues or spar themselves insist franchises don't have access to these details as any fraud reports would reflect on them rather than the franchisee.

I mean this politely but considering multiple posters have said its true, it happened in the op and another poster said they have done it how can you insist it isn't true??

Just to end this once and for all its in the very first paragraph of this link-
https://sysnetgs.com/2016/04/merchant-receipts-are-your-customers-storing-more-payment-card-data-than-they-need/

Sysnet the company I linked from are a global security and fraud protection company....they definitely aren't lying

cms88

Homer wrote: »

Are you asking is it legal for them to make two transactions on your card or trying to weasel out of paying for what you got?

I think it's pretty obvious what they're trying to do

BoatMad

as far as I understand , and I have been involved in payment software systems. If the transaction was carried out in store as a chip and Pin, there is no way the retailer could legally generate another transaction

if the shop applied a second transaction are a "cardholder not present " , it would require the CCS number. if it applied that transaction it would need to have gained sight of the CCS number and to perform that second transaction without the consent of the card holder would be illegal and contary to the merchant conditions

The shop is of course entitled to ask the OP for the balance, it is not in my opinion entitled to process any credit card payments unless the OP has given specific permission to do so

BoatMad

Kenna Ugly Barnyard wrote: »

The card number and expiry date are printed on the merchant copy of the slip which is kept or returned to the bank.

Happened me before that I undercharged someone and found out when cashing up. I just took the payment and dropped them a note to that effect. I never heard any more.

I regularly take EFT machines at restaurants and elsewhere and complete the transaction myself, in many cases handing the merchant his credit card copy

The card number is NOT shown in full in any machine I have ever seen, The transaction number is all merchant needs to extract all the information

Furthermore, you cannot process a credit card in modern systems with out the CCS number ( for a cardholder not present , i.e. you dont have the physical card) and to attempt to do is credit card fraud ( and the retailer must be enabled for CNP transactions )

The OP can quite legitimately ask the card company to refund that transaction, the issue over the real cost of the item , is an issue that has nothing to do with the CC company

njs030

BoatMad wrote: »

I regularly take EFT machines at restaurants and elsewhere and complete the transaction myself, in many cases handing the merchant his credit card copy

The card number is NOT shown in full in any machine I have ever seen, The transaction number is all merchant needs to extract all the information

Furthermore, you cannot process a credit card in modern systems with out the CCS number ( for a cardholder not present , i.e. you dont have the physical card) and to attempt to do is credit card fraud

You can actually. I won't explain how as it's the internet and telling people how to commit fraud seems a little stupid.

To your first point please read my above post on which a global security firm explains that yes it is true.

BoatMad

notjustsweet wrote: »

You can actually. I won't explain how as it's the internet and telling people how to commit fraud seems a little stupid.

To your first point please read my above post on which a global security firm explains that yes it is true.

sorry , I meant to say that you cannot legally perform a credit card CNP without a CCS number , I am aware that in certain cases it can be done, but its actually credit card fraud and the store has committed a crime of far greater magnitude then the 90 euros

The OP has serious grounds for concern and in my view should immediately contact his card company and say that a transaction was processed without his knowledge and consent and that in his opinion was done fraudulently

The CC company will block the payment to the retailer instantly

BoatMad

To your first point please read my above post on which a global security firm explains that yes it is true.

I see no evidence that modern PCI compliant systems provide the retailer with the complete card number. I have handed dozens of EFT merchants recipes to merchants and only the last 4 digits are revealed

Nor would there be ANY requirement for a merchant that have that data in the first place where a card was present. ( as it was in this transaction )

NOTE: This is different to CNP transactions ( and this is where I think people are getting confused )

njs030

BoatMad wrote: »

I see no evidence that modern PCI compliant systems provide the retailer with the complete card number. I have handed dozens of EFT merchants recipes to merchants and only the last 4 digits are revealed

Nor would there be ANY requirement for a merchant that have that data in the first place where a card was present. ( as it was in this transaction )

NOTE: This is different to CNP transactions ( and this is where I think people are getting confused )

In the very first paragraph it explains that the merchant receipt holds the card number.

Honestly why this has to keep being explained when multiple people have said its true I just don't know.

Books4you

Yes i work in a shop and just double checked our Visa receipts and it's only the last 4 digits displayed. Although the last crowd we were with were Elavon and we definitely had the full number displayed on that. We never set them up thinking about this issue, it's just the way the came in programmed tbh!

I really think though if we undercharged someone we would not do a second transaction, even if we could. It could easily happen that you could type in the wrong amount in the terminal although never has thank god. I would like to think that most people would come back and say i was undercharged but that's probably too naive of me, but i think they would. Rural area so that's probably why i think that.

Op seems to be hoping to pay 90c for the €90 headphones. Lovely customer.

runawaybishop

Conservative wrote: »

Re: pilly. On app and cannot quote?

I am looking at a merchant copy from a Spar store which my family run. It is for a chip and pin transaction and processed through Elavon. It contains the start and expiry date but only last 4 digits from the card number. It would be INSANE to have everything bar the cvv number for many thousands of customers that large retailers deal with.

The shop staff tell me that if they have an issue with a transaction they have a contact number to call, a merchant id and use the authorisation code that is printed on the merchant copy.

They must be retained by the retailer in case a dispute in a transaction arises.

I doubt large electrical retailers are giving their staff access to that kind of information either.

That sounds nuts in 2017!

As of a few years ago a lot of retailers in ireland (spar, mace, musgraves etc) used one companys tills and office software. The full CC details were stored on the office pc designated to batch off the auth, in plaintext.

BoatMad

runawaybishop wrote: »

As of a few years ago a lot of retailers in ireland (spar, mace, musgraves etc) used one companys tills and office software. The full CC details were stored on the office pc designated to batch off the auth, in plaintext.

then that was an (potentially ) illegal and non compliant system ( I'm very familiar with the original musgraves MUMPS system !)

the situation today with both data protection and PCI compliance is that without specific customer agreement , you cannot store credit card details nor can the retailer access such details

I should add that PCI compliance is not a legal issue . There are many systems that store credit card details in a unsecured manner and there is no rules to force a change at present

runawaybishop

BoatMad wrote: »

then that was an (potentially ) illegal and non compliant system

Yeah, it was very unsecure. Wouldn't be surprised if smaller retailers still have it in operation.

BoatMad

runawaybishop wrote: »

Yeah, it was very unsecure. Wouldn't be surprised if smaller retailers still have it in operation.

Its unfortunately not uncommon, and in recent years actually more prevalent in the back office systems of web sites that store your card details many of which are not PCI compliant and in some cases are truly appalling

however the card holder is totally protected in CNP transactions unlike in chip and pin ones

Collie D

What about in restaurants where you can add a tip to your card bill after it's processed? How does that work?

pilly

BoatMad wrote: »

I regularly take EFT machines at restaurants and elsewhere and complete the transaction myself, in many cases handing the merchant his credit card copy

The card number is NOT shown in full in any machine I have ever seen, The transaction number is all merchant needs to extract all the information

Furthermore, you cannot process a credit card in modern systems with out the CCS number ( for a cardholder not present , i.e. you dont have the physical card) and to attempt to do is credit card fraud ( and the retailer must be enabled for CNP transactions )

The OP can quite legitimately ask the card company to refund that transaction, the issue over the real cost of the item , is an issue that has nothing to do with the CC company

You're absolutely determined not to believe something that numerous posters are telling you is true. Why?

I would post copies of receipts with the full details on but of course that's against data protection rules.

You will just have to take mine and others word for it.

njs030

pilly wrote: »

You're absolutely determined not to believe something that numerous posters are telling you is true. Why?

I would post copies of receipts with the full details on but of course that's against data protection rules.

You will just have to take mine and others word for it.

When he won't accept the word of sysnet I gave up.

BoatMad

pilly wrote: »

You're absolutely determined not to believe something that numerous posters are telling you is true. Why?

I would post copies of receipts with the full details on but of course that's against data protection rules.

You will just have to take mine and others word for it.

I will not go into the finer points of PCI compliance

but the overriding principle is

"A: PCI DSS requirement 3.3 states “Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed)."

source :https://www.pcicomplianceguide.org/pci-faqs-2/


Any system that can direct connection to a banking terminal must be PCI compliant

Thats not to say that there are not legacy systems out there that are problematic , no bank supplied card machine , should print the full numbers in the case where the card is presented ( it further goes on where otherwise required to by law etc )

anyone that is doing so is also potentially in breach of the data protection act

Note this is different where credit cards are scanned into store system first . its a sad fact that far too many of these are not fully PCI compliant, because they get around it by transferring the data to a compliant EFT terminal

in any respect, reapplying a cardholder present transaction as a CNP transaction is fraud

I am not disputing there are not PCI compliant systems out there. certainly to my knowledge all the major banks have fully PCI compliant EFT machines

Noet PCI is not law

pilly

BoatMad wrote: »

I will not go into the finer points of PCI compliance

but the overriding principle is

"A: PCI DSS requirement 3.3 states “Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed)."

source :https://www.pcicomplianceguide.org/pci-faqs-2/


Any system that can direct connection to a banking terminal must be PCI compliant

Thats not to say that there are not legacy systems out there that are problematic , no bank supplied card machine , should print the full numbers in the case where the card is presented ( it further goes on where otherwise required to by law etc )

anyone that is doing so is also potentially in breach of the data protection act

Note this is different where credit cards are scanned into store system first . its a sad fact that far too many of these are not fully PCI compliant, because they get around it by transferring the data to a compliant EFT terminal

in any respect, reapplying a cardholder present transaction as a CNP transaction is fraud

Agreed. We've already said that. And also said what's happening on the ground. Didn't need the PCI lecture thanks.