I understand the long-running and much-honored Slashdot tradition of not reading TFA, but couldn't you at least have read The Fucking Summary?
When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits....
There was ample dumbshittery (and liability) to assign here, but it's all on the Apple Store drones. No bank involved.
Nope, its all on a system that accepts random numbers of a certain length with the only safety "feature" being that the store clerk is supposed to call the bank himself so they can tell him a code that he can make up on his own. IOW that override is seriously broken. And has been used to defraud for ages, because the criminals know how it works.
The only reason this is "news" is because one guy hit one chain of stores. No, wait, it's because that chain is Apple.
"It does not actually matter what code the merchant types into the terminal," the U.S. Attorney's Office in New Jersey stated publicly in February after a similar case there. "Any combination of digits will override the denial."
(The Tampa Bay Times is withholding the number of digits so as not to inspire anyone.)