(no title)

Approx 15 years ago I was installing POS system to one second hand store. It was just a beginning of online authorizations and there were few issues with reliability of those that time. As testing was hard, I usually tested operations by trying to make 10kEUR transaction with my expired Visa Electron card. If it worked correctly, I got "denied" response back. It was some time in November when the installation happened. I tested transactions and those went through as approved. I canceled the transaction and cancel went through also. After few tests we found out that payment terminal had some weird demo credentials and finally we got that fixed.

Then, shop finally opened on January. Shop owner called me that their bank account has now negative balance. I joked something about the issue that why he calls me about that and I forgot the thong for few days. Then, after few days he called me again and said they have started police investigation about that fraud. On same evening, I was paying my personal bills and noticed that I had about 65kEUR too much money on my account. Sent immediately message to store owner that I probably have his money but I do not know why.

Well, next day I was suspect of fraud. I started to move money back to customer, but it was not possible for some reason on one tx, it was limited to 10kEUR/day. So it took like a week until customer had their money back.

So what happened: Normally payment terminal transactions expired after three months. Meaning that bank would reject if batch includes older. That was not case here, as there was exception that if same transaction has cancel transaction on same batch, then it is accepted. But, on some later process, they rejected all the normal transactions but accepted the cancels.

So there was real bug on some bank system and bank tried to force me to sign NDA that I would not tell about this issue. I did not see any reason to sign that but most probably they fixed that very soon.