You wouldn’t think it would be easy to use a debit card on a closed account to scam an Apple Store out of around $7200’s worth of kit, but that’s what a 24-year-old fraudster is alleged to have done not just once but a total of 42 times – netting a total haul worth $309,768.

The Tampa Bay Times reports that the East Tampa resident Sharron Parrish used an absurdly simple method to persuade Apple Store staff to override payment terminals after his transactions were declined … 

When a card transaction is declined by a bank, sales clerks have the option of phoning the bank to see whether they will authorize the transaction. If the bank agrees, they issue the clerk with an override code they can tap into the terminal to allow the transaction to go through.

The problem is: the system doesn’t check this code – only the number of digits. This crazily lax-sounding security shouldn’t normally matter, as the clerk should only ever override a declined transaction after speaking with the bank on the phone. But what Parrish did was to pretend to call his bank, then tell the clerk they’d okayed it and asked them to tap in the code – which Parrish simply made up.

Some Apple Store staff refused to do it, and Parrish left other stores without any goods when staff grew suspicious, but on 42 occasions the clerks did as asked and forced the transaction through.

A Secret Service criminal complaint charges Parrish with wire fraud, alleging that he tricked Apple clerks in 16 states into accepting meaningless override codes. He is accused of hitting the Brandon store twice, along with stores in Orlando, Wellington and Boca Raton […]

The Tampa charge was filed by Secret Service Special Agent Bryan Halliwell, with assistance from investigators for Apple and Chase Bank. John Joyce, special agent in charge of the Secret Service in Tampa, said the solution is for merchants to not permit hand-keyed overrides.

Unfortunately for Apple, because they broke bank rules by forcing through the transaction without speaking to the bank, the company will have to bear the losses.

Apple declined to comment, but we would expect that store staff have been reminded of the correct procedure for following-up on declined transactions. Parrish has been held in custody

(via ComputerWorld)