Forced Authorization Attacks...

What surprises retailers is that the criminal can type in anything at this stage and the transaction will go through...
https://www.schneier.com/blog/archives/2015/12/forced_authoriz.html