There is a very strong possibility that Google Checkout was hacked today. The reasons I believe this to be true are; a repeat customer (for us and Google Checkout) tried to checkout and Google placed a $1 charge on his CC twice, before they attempted to place the charge for our product. Google sent us a product checkout notice, for us to ship the product. He said Google rejected his card the first time, so he tried again and the process repeated. The repeat customer's bank contacted him immediately about a potential fraud and placed a hold on his CC. Google then sent us an email that they had cancelled the transaction...AND our account. The customer contacted us after Google had sent us the transaction notice and cancelled our account. The customer informed us of what transpired with Google and with the information from his bank.
Most likely they do a $1 authorization and then a separate authorization and settle for the total amount. If there is an error in the initial authorization, it would attempt to do the $1 again. We see this fairly frequently with payment gateways when there is a communication error or the issuing bank returns an error instead of a valid approval or decline. The customer ends up getting one or two $1 authorizations and then a 3rd for the total amount of the transaction. The $1 authorizations drop off automatically after a day or two.
I agree completely that this is done, but several things make no sense. This was a repeat customer in under 30 days (which means they had previously verified the account that way)...so what would be the necessity of repeating the same procedure, unless this is how their systems are programmed? Also they attempted two separate $1 transactions at the same time. So with his second attempt Google had tried to charge 4 one dollar charges to his account, plus the real charge for us. This action tells me that the bank had approved and transmitted correct data back to Google (or whomever) and that data had been accepted by Google (our receipt of Googles notice to ship) the first time. Nothing from the customers bank prior to his second attempt created a 'red flag' which caused the banks system to block the account. Thus the bank actually saw all 4 $1 transactions plus the real charge attempted twice. I understand the bank, and why they did this as they saw it as suspicious activity. Then because of this happening through their efforts to charge the account, why should they close our account? This closing of our account was after the second attempt to charge his account as we had already received the notice to ship, then several minutes later the account closing notice and the decline of his order. We obviously have no control over Googles systems, or his bank's systems. To me none of this makes sense except for the possibility of Google's systems being hacked...and IF it is then this would definitely NOT be the first time.
I have no reason to lie to you, I have shared the information that we have available to us. Google had a press release within the past year that they had been hacked, but like everything else from them they did not release the details. fwiw...they will not respond to any communication (emails thus far) from us, they will not supply an account statement, .... they supplied a link we are to give our customers that we can't ship to because we don't have access to the shipping address info, so the customer can get a refund...they want us to supply lots of proprietary information, like who our suppliers are, invoices, etc...IF you want to verify this I will furnish you the links they sent (post them here) The customer this happened to is still wanting to purchase, but is waiting until his bank gives him the all clear. Then it will be processed through one of our other payment portals. I have shared this information so that you can be warned. We like you, probably don't read the TOS very well when signing up to new accounts or whatever, but we are going to really dissect these things from now on, plus we are going to reread all existing agreements. We finally started reading Googles' TOS and were shocked at some statements there like "they are not a bank" and they "can lock our funds away for up to 180 days"... this not a bank, means they are processing through someone else and are not subject to banking laws or restrictions...they have locked away all funds not transferred in the past 2 days before this episode...but I wonder what harm that would cause on someone that has a new site or is a drop ship type site.