Back in 2022, I was on holiday in Auckland for a friend’s wedding when I noticed something alarming: $6,000 had been debited from my account.
The transaction was made through Amazon, and I initially suspected my card had been compromised. Oddly, there was no notification from my bank or Amazon.
I contacted my bank, and after some internal processes on their end, they managed to recover my funds — but only after four to five days.
What I experienced was a classic example of a force post transaction.
What is a Force Post Transaction?
Normally, when you make a payment to a merchant, the transaction must pass through multiple layers of checks before it can be authorized. These checks typically include:
- Is the merchant blocked?
- Does the account have sufficient funds?
- Is the card’s CVV correct?
- Has the card been reported stolen?
- Is the IP address associated with fraud?
And so on.
However, an old mechanism exists where a merchant can bypass these safeguards. This is known as a force post transaction.
Historically, this was associated with physical retail POS (point of sale) systems. If their internet connection went down, the system would still allow them to process a transaction offline. Once connectivity was restored, the transaction would be finalized.
Which Merchants Allow Force Post?
Today, force posting is virtually unsupported by online payment processors. Platforms like Stripe, PayPal, and Adyen do not allow it.
That said, large platforms like Amazon, Steam, and others have built their own billing infrastructure over time (fun fact: even Stripe doesn’t use its own platform for internal billing).
These companies often work with multiple merchant banks, some of which may still support force posting under certain conditions.
What Does Force Post Mean for Merchants?
Let’s be clear: force post transactions are a chargeback minefield.
If a customer disputes the charge, merchants typically have no defense. They also bear the full liability if the card turns out to be fraudulent, if the transaction details are invalid, or if other authorization errors occur.
In short, there’s very little advantage for merchants to use force posting today. It’s useful only in rare, edge-case scenarios:
- A service business where a client refuses to pay the remaining balance.
- A milkshake stand where the internet connection fails, but the transaction needs to be completed.
How to Protect Yourself From Force Post Transactions
Maintaining proper account hygiene goes a long way in protecting your funds. Here’s what I personally do to minimize risk:
Maintain a current (primary) account with only minimal funds, used for daily and online transactions.
Keep a secondary bank account where the majority of your money is stored.
Do not link a debit or credit card to the secondary account.
Do not use the secondary account for any online purchases.
If you want to go one step further, keep the secondary account at an entirely different bank for additional protection.
Force post transactions are a relic of an older payment era, but they still carry real risks today.
Understanding how they work and how to protect yourself can save you from unexpected losses and unnecessary headaches.