Comment Authorisation is only half the process.... (Score 2, Informative) 126
The poster obviously doesn't understand how credit cards word. Sure, we can do an offline transaction for whatever value we want, provided the merchant doesn't fall into any of the various restricted merchant category codes, like gambling companies and so forth.
Even then, you've got an offline authorisation for almost a million dollars... you think you've stolen a million dollars? Nope! Firstly the point of sale system must upload a file containing the authorisations it's performed. The bank takes this, and generally a night, through a process called settlement, moves the appropriate funds around. A lot of the settlement processes are still performed with ALOT of human supervision. For one company I used to work at, which processed billions in credit card payments every year, there were 3 hardy engineers, ensuring the process went off without a hitch. Catching large or fraudulent transaction happens at this stage too. Most cards have an upper transaction value also, so when submitting a file containing a value over this, the entire batch would be rejected, and an engineer would have to regenerate a new file, minus the transactions and submit. The file submitter would get an automated report of what transactions failed to settle correctly, and from there they could investigate fraud...