(no title)

See, in 2008 one of my projects had a client that had a lot of venues around continental US and Mexico and those venues were having sparse internet connection (think sky resort venue, remote and internet delivered by antennas that weather could affect it). Meaning when internet was not available any card transaction was a no go. This was a problem to be solved so my client asked if there is a way to make offline credit payments. So here is my implementation: -read credit card details and deliver the goods -> store card details in a local database, encrypted -> check online connectivity -> when internet was a go try to charge the card. If it was good then all was done, details were erased from local storage, everybody happy. If it failed then retry, 5 times per day, for 5 different days. After 25 tries, blacklist the credit card. Forward the information to legal department and mark that credit card as not acceptable from now on. So if you screwed the client with a bad credit card, you screw it only for 5 days maximum. And you also had a legal department on your ass. Meaning you got a fake card, good for you, keep it up cause now you are also on Secret Service radar (most people don't know but Secret Service, not FBI, gets involved in this). In the years I got involved in this project, 8 years, the number of times this was an issue raised to legal department was like under 5. So most folks actually pay and the few that got retried had probably a temporary problem with their funds and eventually they got it back on track. For those under 5 I think all of them eventually cut a deal with legal without raising the issue further up. Sorry guys, no juicy story involving Secret Service here.

Probably this worked because the goods were kinda under $50 as price. So maximum you'd screw the company I worked for like $500. And most likely this would not work with a big retailer like Amazon where you can purchase for thousand of $ in a single transaction. But it had the advantage that it worked with all credit cards, debit or otherwise, Visa/MasterCard or whatever. If I would be on the implementation side nowadays from the Sweden bank in this article, I would probably do it like somebody else already proposed here in comments. Get the card to also contain an electronic signature which means a lot more scrutiny to get it released, which means yeah!, your privacy is fucked to Alpha Centauri and back if you try anything shady.