Hi! We see you’re using an ad-blocker. We’re fine with that and won’t stop you visiting the site.
But as we’re losing ad-revenue from this then why not make a donation towards website running costs?. Or you could disable your ad-blocker for this site. We think you’ll find our adverts are not overbearing!
Joined: Dec 23, 2004 Posts: 78 Location: Kent, United Kingdom
Posted: Tue Dec 28, 2004 10:41 am Post subject: Credit card - confirmation required?
I went to a seller with a good reputation on this section, and ordered goods to the amount of £600, but they have asked me to send a fax copy of my last credit card statement and front of my Credit Card!
All the telephone/fax numbers in their email request for this info matches their web site numbers ... but I feel reluctant to fax such info.
Has anyone else had such an experience?
What do thers think?
(I have not mentioned the company's name as it may be unfair to them if this is a common practice)
It's not uncommon for a retailer to ask for this. They will usually ask for this if you are asking the goods to be delivered to a different address than the delivery address to guarantee it's not a fraudulent activity and that you are who you say you are because it will have those details on your utility bills or credit card statements.
Sometimes retailers may request this information if you have only been at the address for a short period of time or the credit check has failed or shown up something irregular. I would call them and ask why they require this information before divulging it. You do have the right to go to another retailer if you're not happy with the reason they are requesting it, but you may not get the same product for the same price and they may also ask something similar if the credit check failed for whatever reason.
Joined: Nov 03, 2004 Posts: 251 Location: Earth where else
Posted: Wed Dec 29, 2004 8:08 am Post subject:
Dave wrote:
It's not uncommon for a retailer to ask for this. They will usually ask for this if you are asking the goods to be delivered to a different address than the delivery address to guarantee it's not a fraudulent activity and that you are who you say you are because it will have those details on your utility bills or credit card statements.
Sometimes retailers may request this information if you have only been at the address for a short period of time or the credit check has failed or shown up something irregular. I would call them and ask why they require this information before divulging it. You do have the right to go to another retailer if you're not happy with the reason they are requesting it, but you may not get the same product for the same price and they may also ask something similar if the credit check failed for whatever reason.
Gingernut, you obviously haven't taken the time to read one character of his original post.
He did not say he received an unsolicited email
He did say that he had initiated the transaction and then received an email back from them saying they couldn't complete the transaction unless he provided them with further information.
This is not phishing. They are requesting information because a credit card check has failed for some reason. There are still alot of retailers who will not send goods to an address other than the billing address because credit card numbers are stolen and there's no way of them verifying with the bank, so they will ask for some kind of proof.
When I switched banks, my new bank before they would give me any credit wanted to see 6 months worth of my previous banks statements. So what you're saying is my new bank is also phishingand a crook ?
If he had received an unsolicited email then yes, this would be Phishing, as it is they're trying to complete the transaction but something has failed on the credit check.
Expansys along with a number of other retailers have requested similar items from me in the past year when I've tried to ship to addresses other than the card holder address. If he hadn't initiated the transaction and had received an unsolicited email then I would say don't respond and report it, but as he has initiated the transaction they are only trying to prove who he says he is. That might be because he's trying to ship to an address other than the card holders address, he hasn't supplied a CVN or the expiry or start dates don't tally, or that the name doesn't quite tally on the credit card. Hence why I suggested that he contacts the company in question to ask what has failed and why they require it.
I've worked in the IT Security and Fraud industry for 7 years, so I think I know a little bit about Phishing and Credit Card Fraud!
Joined: Nov 03, 2004 Posts: 251 Location: Earth where else
Posted: Wed Dec 29, 2004 10:49 am Post subject:
Dave
No disrespect, but any credit card company will tell you, noboby should ask for a copy of your statement, or to copy the front of the card.
If the company he ordered from has ask for this, then they are in breach of the terms set out by the credit card companies.
Even if it as failed for some reason, they should RING the customer, not ask for copies of anything.
Also you stated about your bank wanting "bank Statements"
These are ENTIRLY DIFFERENT to CREDIT CARD statements.
Even if it failed on a credit check, they should contact him telling him it FAILED, not ask for COPIES.
It may well be that he has given out a wrong number, or start/expiry date.
If you have worked in IT Security and Fraud industry, you should
KNOW you DON'T GIVE OUTcopies of statements of Credit cards, you RING, and speak to the customer personnally _________________ Using an A to Z
Sextant & Compass
Giving out a faxed copy of a credit card statement blacking out any transactions you want will not give them any more information apart to prove that you have what appears to look like a valid credit card statement with your credit card number (which is your account number) attached to the form. They already have your credit card number, so I fail to see what extra information you are giving them.
Likewise a fax copy of the front of your card if you cannot provide a statement is not giving them any more information. They already know your credit card number, your expiry and start dates, issue numbers if you have provided these, and they also know who your bank issuer is, so again unless it's a perfect forged copy there's nothing else they can obtain from this.
They have contacted him and asked for this information, if he doesn't want to go ahead with the transaction and feels uneasy in anyway then he can pull away from the transaction. He can also contact his credit card company for protection.
At the end of the day you don't know the full story at hand here, and the only reason why they would be requesting this information is if there's a problem with the data supplied. Afterall, if the data supplied was 100% correct and they were a crook outfit, then they would now have all the information required to place transacitons with his card because they have all of this information at hand.
Thousands of UK and European retailers keep your address information and credit card information on file to allow you to re-order or place new orders with them. There's no difference here.
All the retailer is doing is trying to protect themselves against fraudulent transactions, the retailer could walk away from the transaction if something doesn't fit together but I suspect they don't want to lose what could be potentially good customers so they're requesting this information.
My advice still stands, contact the company in question and request why the transaction hasn't gone through, ask what was the problem and then go from there. He has absolutely nothing to lose from this.
Joined: 24/06/2003 00:22:12 Posts: 2946 Location: Escaped to the Antipodies! 36.83°S 174.75°E
Posted: Wed Dec 29, 2004 2:11 pm Post subject: Re: Credit card - confirmation required?
mrchips wrote:
I have not mentioned the company's name as it may be unfair to them if this is a common practice
The only reasons I could see for doing this is if the goods are being shipped to an address other than your billing address, you are using someone else's card or there is something irregular about the transaction.
Other than that, I think this is an unnecessary invasion of your privacy and they shouldn't need to do this. I routinely buy fairly high value items over the Internet or Phone and none of the companies I deal with request this type of information.
You should phone your credit card issuer and ask for their advice - you may be in breach of your card terms and conditions by giving out information other than that which is printed on the card and your billing address.
I am not sure what Dave means about a "credit check". The only check they do is that your card issuer authorises the transaction. If the card issuer doesn't authorise the transaction for some reason then you should take this up with the card issuer, NOT the merchant. _________________ Gone fishing!
Actually credit card companies can ask for your address also, take a look at the sites below from Visa, also if you are worried about supplying the same information again simply don't go ahead with the transaction. Shopping online is as safe as it gets, most merchants abide by a code of practice set out by Visa and Mastercard and others. Also you are only liable for the first £50 of an irregular transaction, which is often refunded in any case.
Posted: Fri Dec 31, 2004 12:01 am Post subject: Card Security Code (CSC), Address Verification System (AVS)
Hi,
Found this also:
From April 1st, 2001 the major credit card companies will be introducing further levels of security on card purchases; specifically those made over the internet and by mail order. The checks relate to obtaining two further pieces of information concerning the card/cardholder and these are detailed below:
CSC is known by difference names with the different card associations. CSC is known to Visa as the Card Verification Code (CVV2); to MasterCard as the Card Validation Code (CVC2); and finally to American Express as the Card Identification Number (CID).
For Visa and Mastercard the Card Security code is a 3 digit code printed on the signature strip on the back of the credit card. The value does not appear on the front of the card. The value will be the last 3 digits of the printed number at the top of the signature strip. The number at the top of the signature strip will in most cases be the full credit card number
followed by the card security code but in some cases only the last 4 digits of the card number followed by the card security code may be shown. For American Express, the code is a four digit number on the front of the card above the account number.
The card security code should be collected for customer not present transactions and passed to the SoftEFT system for verification. The card security code should only be stored for the duration of the authorisation process.
Specifications are available for integration into SoftEFT WinTI, SoftEFT BatchPro and ICP. Please contact us for further details.
Address Verification System (AVS)
The AVS requires that the house number and the postcode is collected for any customer not present transactions. The aim of the system is to verify that the delivery address for goods matches that of the billing address of the card holder. On passing this information to SoftEFT, the bank response will include an indicator of the match on the address details given. This will be either complete match, partial match or no match, it is then up to the supplier to determine whether to supply goods based on this response.
Specifications are available for integration into SoftEFT WinTI or SoftEFT BatchPro and ICP. Please contact us for further details.
Joined: Nov 03, 2004 Posts: 251 Location: Earth where else
Posted: Fri Dec 31, 2004 6:27 am Post subject:
Still doesn't explain why the vendor wanted copies of credit card statement, and copy of front of card.
According to Barclaycard, you don't send copies, either by fax or email. The vendor should have telephoned the customer to verify the transaction. _________________ Using an A to Z
Sextant & Compass
Joined: Dec 23, 2004 Posts: 78 Location: Kent, United Kingdom
Posted: Fri Dec 31, 2004 9:36 am Post subject:
OK I am the guy that posted the original question.
After thinking about the whole request I realised that there was nothing on the summary of my credit card statement that the company did not already know.
My credit card number and expiry date
my address
It did have a total debit and credit amount for the last month and my credit limit.
I went to the company's website and took their telephone number from there, (which proved to be the same as on their email).
I telephoned them ..... they said that as it was a large amount, and that as they had not done business with me before, they wanted to protect themselves from possible credit card fraud.
I told them that it was the first time I had done business with THEM, and I was equally corcerned about faxing off details to them.
Anyway, as I mentioned above, they were going to receive from me nothing more than I had already given them on the website order.
So on Wednesday 29th I sent the fax of the credit card summary (debit, credit summany and credit limit blacked out, and a copy of the face of my credit card).
The next day (30th December at 10am) the goods were delivered.
The company? ..... Expansys .... I would deal with them again.
I am pleased that this post created such a healthy debate which seems par for the whole of this excellent web-site. _________________ TomTom Start 25 M UK & ROI
I can understand the need for some retailers to request items like this, because the amount of transactions they are putting through which unfortunately appear to be from stolen credit cards that hadn't at that time been reported stolen are becoming extremely high and the retailer at the end of the day takes the full hit for the amount.
There's a lot of fraudsters, especially around the London area asking for goods to be delivered to either the home address of the card holder, or a different address, and wait outside the address and as soon as the courier comes along, they say "Ah, he just popped out, I can sign for that and take the package" or "you just caught me in time, I was just popping out", and the couriers unfortunately fall for it and the goods are long gone and the retailer takes this hit for the full amount because it's later found the card is stolen and a complete charge back is carried out by the credit card company.
In most cases it's easy or fairly easy to spot some of these fraudsters because they usually order multiple large priced items (because they're greedy and want to get the most out of each transaction the crook tries to place), so I do think some retailers are a little over protective and it may cost them some customers but it probably saves them a lot more in the hit on fraudulent transactions.
We're all lucky because we're protected by our credit card companies, and most will protect you for more than £50, but the retailers don't have any form of protection.
Glad it worked out well for you! :D And for others that do get asked this from Expansys (which is one of the main companies requesting this) or other companies, you have the option to not continue with the transaction if you don't want to.
Joined: Dec 26, 2004 Posts: 27 Location: Alicante - España
Posted: Sat Jan 01, 2005 1:26 pm Post subject:
Dave wrote:
...and the retailer at the end of the day takes the full hit for the amount...
... but the retailers don't have any form of protection.
Hi Dave,
It's always curiosity that gets the better of me with some topics , but is it not true that the retailer is protected as long as they get an authorization number from the card issuer?.
Also, and again curiosity, had me look at my cards. I noticed that Amex put their 'verifier codes' (the 3 or 4 digit ones) on the front of their cards. These, as I understand it are codes (independent of the full card number) to verify that a telephone customer is in physical possession of the card.
Personally I wouldn't fax a copy of my card with these codes showing.. I 'think' it would enable anyone to make telephone purchases against the card.
It's always curiosity that gets the better of me with some topics , but is it not true that the retailer is protected as long as they get an authorization number from the card issuer?.
Ken, no. If a card (or card number) is stolen but hasn't been reported as stolen and a fraudulent transaction 30 mins has been placed on the card, a chargeback can still occur to the retailer. That's happened to me before.
Ken-ES wrote:
Also, and again curiosity, had me look at my cards. I noticed that Amex put their 'verifier codes' (the 3 or 4 digit ones) on the front of their cards. These, as I understand it are codes (independent of the full card number) to verify that a telephone customer is in physical possession of the card.
I'm not sure about Amex, but if you're talking about the first 4 digits, then each merchant bank will have their own set of codes to tell easily which bank has issued the card. If you're talking about the CVN number or sometimes known as CVS or security code which is on the back of the card (3 digit number) then this again won't help a lot of internet sites ask for the CVN number to prove you have the card, but anyone that has stolen your card will obviously have access to that, so it's a pretty lame security. Just like chip and pin is. Chip and Pin will work great in the highstreet where if you present a Chip and Pin card, you will be requested to enter your pin number, but it needs full co-operation from all retailers to request the pin and not just highstreet stores so if someone steals your card they'll still be able to order transactions over the internet with certain websites that don't request Chip and Pin.
Posted: Today Post subject: Pocket GPS Advertising
We see you’re using an ad-blocker. We’re fine with that and won’t stop you visiting the site.
Have you considered making a donation towards website running costs?. Or you could disable your ad-blocker for this site. We think you’ll find our adverts are not overbearing!
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Or you could disable your ad-blocker for this site. We think you’ll find our adverts are not overbearing!
Hi! We see you’re using an ad-blocker. We’re fine with that and won’t stop you visiting the site.
But as we’re losing ad-revenue from this then why not make a donation towards website running costs?. Or you could disable your ad-blocker for this site. We think you’ll find our adverts are not overbearing!