In late 2022, Sarasota, Fla.-based Floors4Pros received an order for materials. The sale was made over the phone, a DocuSign was sent and signed and two young men arrived to pick up the order with their truck, paying for it by credit card.
Approximately 10 days later, Scott Perron, president, discovered the credit card used for that sale was fraudulent. By that point, the materials were gone and his company was out about $7,000. “The purchase was made out of our stock, so we lost the inventory,” Perron said. “And then, of course, we got back charges on the credit card because it was fraudulent, so the money was not recoverable.”
Although Perron had photos and some video of the two individuals who perpetuated the scam, they were never found. However, the situation prompted him to change store policy. “Customers now have to provide an ID,” he said. “They had to show the credit card at the time of pick-up. We had to take pictures of the vehicle they were loading it into. Along with the license plate. So, we changed our technique on that particular type of sale. New security measures.”
This type of “cash-and-carry” credit card scam has been going on for a couple of years, experts say. Just ask Chad Ogden, president, QFloors, a user-friendly flooring software designed to streamline operations for small, mid-size and large flooring stores. “I get calls from dealers about one or two times per month who have been victimized, so it is not going away,” he told FCNews. “The thing that makes the scam so effective is that it often takes time before you find out it was a stolen credit card. And I’m surprised at the number of dealers who do not realize if you take a stolen credit card and release the product, you are liable for the charge back. Even though you’re the victim, the credit card company holds you responsible.”
Unfortunately for Perron, the scam happened again. Five weeks later, a man came into Floors4Pros with a rental truck. He didn’t appear “suspicious” at first, Perron said, and the person was in the store browsing quite a while. “He made the purchase. We had his ID. We had his credit card with his name on it. Processed the sale, no problem,” Perron explained. “But then my warehouse manager said, ‘You know, this one just doesn’t feel right. It feels off.’”
Perron decided to call his credit card processor, providing all the information on the purchaser and also detailing what had happened five weeks earlier. “The processor said, ‘Everything sounds good. You have the ID. The card doesn’t seem to have any kind of issue. I think you’re good to go with the sale,’” Perron said. So his team loaded the product into the truck, took pictures of the truck, got the plate number and rental truck number and the guy took off.
Seven days later, the sheriff’s office informed Perron that the credit card number used for the purchase was tied to an elderly woman’s bank account, which the purchaser systematically emptied over a weekend. The lost sale cost Perron about $9,000.
This time, however, Perron had a lot of information to share with the sheriff’s office, including detailed photos and videos. Three weeks later, the sheriff brought in a book of mugshots, and Perron and his staff spotted the thief. “The sheriff took a look at the mugshot and said, ‘Well, he won’t be doing that again.’ I said, ‘Good, you guys caught him?’ The sheriff said, ‘No, we found him dead,’” Perron said, adding that the man had been involved in a shooting.
With this second incident in such a short time, Perron knew he had to take additional security measures. First on the list was changing his credit card processor—the one who had assured him the sale had been legit. “For about a 60-day period, we went with check, cash, ACH purchases only on our pro side,” he said as the processing change was made and new systems were implemented. “There’s no guarantee this won’t happen again. But we’re coming up with every measure possible to verify address against the card, against the purchase, DocuSign, a Florida ID. We’re not taking any IDs from out of state anymore—unless they pay with cash or ACH, and unless we have the money beforehand.”
Perron noted that he has taken more ACH payments in the last two years than he had in the 10 years prior.
An industry-wide problem
About All Floors, a flooring retailer with two locations in Pennsylvania, also had to deal with a scamming incident—albeit one of a different nature. In 2023, a fraudster got ahold of one of About All Floors’s company checks after it had been deposited by the payee, according to Tom Heffner, president. “They washed it and wrote another check out with my signature on it for a completely different amount,” he said.
Luckily, when the check was presented in an out-of-state bank, a diligent bank teller thought the check looked “odd” when the scammer tried to cash it. So the teller called Heffner’s cell phone to question it. “He noticed that the check number had already cleared the bank,” Heffner recalled. “Since then, we’ve taken steps to prevent this in the future.First, we’ve worked hard to pay every possible bill with ACH transactions. For those that we can’t, we log online every day and verify our checks before they are allowed to clear the bank.”
According to QFloors’ Ogden, if floor covering dealers do any sort of cash-and-carry sale, it is crucial their security measures start with knowing who their customer is. They can do this by:
- Insisting the customer come into the store in person and make sure their ID matches the name on the credit card. If they have an excuse as to why they can’t come to you, offer to go to them. “For a $10K deal, you should be willing to do this,” Ogden said. “If the customer is resistant to meeting up, watch out.”
- Meeting with the customer over Zoom, FaceTime or some sort of video call. “During the call, have them show you their credit card and ID,” Ogden said.
- Making sure the ZIP code tied to the credit card is within your general area or tied to the customer or the jobsite.
The advent of sales processing technology, retailers agree, is providing a buffer. “The process of electronic fund transfers has greatly improved,” noted Rahim (Ray) Daya, principal/general manager, The Westvalley Group of Companies, Calgary, Alberta. “When we are faced with a cash and carry on a short timeline, we always request that the client come into the store to physically use their form of payment within our machines. Should this not be convenient, which does happen in our case given our large trading area, we request an EFT to a central payment processing email.”
Daya recommended that flooring store owners assign an email address for a member of staff with access to the company’s banking platform. “Scams regarding fake payment remittances are becoming more common, and using an assigned member of staff’s email address that has access to banking allows for the funds to be double-checked prior to both processing and releasing the order,” he explained.
Checklist to prevent cyberattacks
Chad Ogden, president, QFloors, suggested the following security measures be taken to help thwart would-be cyberattacks in your store:
1. Conduct preventative training.
Retailers must make sure every employee in their company knows how to spot the warning signs. “The majority of ransomware attacks happen because an employee clicks on a dangerous link,” Ogden said. “So, you need to train employees to be extremely cautious about emails and attachments they click on as well as websites they browse. You can also set up filters to prevent people from accessing dangerous websites.”
2. Fortify your firewalls.
Ensure firewalls are up to date and in compliance with PCI (payment card industry) recommendations. “You may need to get your IT person involved to oversee this,” Ogden stated. “And if you don’t have an IT person, you need one.”
3. Back up frequently.
Even with doing due diligence, no one is completely immune from risk of a cyberattack. When you add in outages caused by hardware failures, power outages, natural disasters, theft, fire, third-party system failures, etc., you are guaranteed to be affected at some time or another. The key, according to Ogden, is to get through these things with minimal impact on operations. “The best way to do that is to plan ahead,” he said. “Having data backups—daily and automated—is one of the best ways you can prepare for any sort of failure. Companies that have frequent, verified, secure backups will most likely recover from these types of events relatively quickly.” These disconnected backups require setup and implementation by an IT professional.
The post Are you being scammed? appeared first on Floor Covering News.