Why would any host (or any business for that matter) require a customer to send in front and back scans of their credit card?

Don't say to prevent fraud...if the card's stolen it can still be scanned...

Yes they can be stolen, but most credit card theft is using stolen numbers, NOT the entire piece of plastic.

Didn't that occur to you?

And most of the time you must also scan your ID...

We do to grant SSH access along with a picture ID that matches the name on the credit card.

Originally posted by KoWind
Why would any host (or any business for that matter) require a customer to send in front and back scans of their credit card?

Don't say to prevent fraud...if the card's stolen it can still be scanned...


It is to prove that you possess the physical credit card, and not just the numbers. The reason for the front and back, instead of just the front, is that some credit cards have an additional number printed on the back in the signature area.

Ok...but why would a HOST need that info...if you use a Merchant Account, the host doesn't get a copy of all the CC info, just the name, and maybe the last 4 digits...right?

Several reasons:

#1 "really stolen" cards are reported stolen typically within MINUTES of being stolen, hours at most, the fraud on the internet is probably 99.9% using stolen NUMBERS so a scan really improves fraud checking.

#2 the reason hosts have such an impossible time fighting frivolous chargebacks is lack of physical signatures verifying the purchase, this makes a hosts case a lot more defensible when faced with frivolous chargebacks.

There's other reasons I'm sure but all in all this is a really good policy but frankly I'd be afraid to enforce it for fear of customers saying "screw the hassle" and going elsewhere.

No, all information entered is available to the merchant, so full number, exp, cvv code etc.

So it's NORMAL for hosts or other companies to ask for this?

What security do you guys provide on the images people send you?

And do you offer an encrypted email address (pgp key or whatever) for people to send these to you?

Or am I just being paranoid? If you don't want to send your CC number in an email, what makes anyone think that sending a picture of your CC through email is safe?

Whatever happened to the password system that was coming in to prevent folks from just getting cc numbers and using them on the net for fraud? I thought there was talk about each cc having a password that needed to be enterered before the purchase could be made. :)

As an internet specialist with a local law enforcement agency, I would adivse the customer, you in this case to first do somne homework.

1. Contact the better business buro and double check their rating.

2. contact them by phone and ask them why they require this.

3. What the hell are you thinking... any of you. When do you ever give your credit card to anyone for keeps sake in person. If you would't give your credit card for this person to keep you wolndt be faxing thyem the info. If for some reason you do ... make sure to blank out the security ID number on the back and any other confidential info.

I am not sure what these responses are, but no law enforcement agency would support you in a case against the person if they were to use your informaiton illegally because you gave it to them, not stolen

We had this the other day. Client was from one country on work in pakistan, fraud alerts however we informed the client and faxed through his Passport.

Originally posted by essweb2
When do you ever give your credit card to anyone for keeps sake in person. If you would't give your credit card for this person to keep you wolndt be faxing thyem the info.

Oooh, I dunno. Perhaps each time I make a purchase and they take my card through the terminal making a nice print of it which holds the same information as a copy?

I've got shoeboxes full of "copies". For tax purposes :(
Ofcourse that's only the second layer. The top layer (original) stays in the store...

Normal transactions on the net I would say no it is not needed and I would never ask for it on an account for simply hosting.

As I said we do require it for SSH access to the box tho.

Along with a signed agreement letter but for normal hosting no way I woudl give that information if I was a customer.

Like I sid though... if you really feeled compeled to do this, blank out the back numbers, if you dont no law enforcement agency will assist you against this kind of fraud.

Originally posted by essweb2
Like I sid though... if you really feeled compeled to do this, blank out the back numbers, if you dont no law enforcement agency will assist you against this kind of fraud.

What do you mean by "blank out the back numbers"? If you're speaking of the numbers on the back of a CC, they are the same as what's on the front. Do you just mean the CSV number?

Originally posted by essweb2
Like I sid though... if you really feeled compeled to do this, blank out the back numbers, if you dont no law enforcement agency will assist you against this kind of fraud.

No law enforcement agency will assist you?

Really?

That's very interesting. You're saying that if someone commits fraud against you, just because they happen to get the backside of your card, that it is now legal?

God help if I happen to make a copy of anyone's card.

Interesting...

On suspicious looking orders, we now ask the customer to fax the top portion of the credit card statement...the part that shows the name, address and credit card number.

I doubt any thief would bother to steal both the credit card AND the statement. ;)

--Tina

I've heard of gaming sites asking for front and back copy of credit cards and if the host suspects fraud but if its just a routine hosting transaction and your based in the U.S. and they ask for this I would quickly move on to another host. I like host companies that use Paypal and 3rd parties since many host companies are here today gone tomorrow so I don't want them to have my cc information. Worse case scenerio if your in the US by law you are only liable for a max of $50 in case of cc fraud on your account. But unless there is some other issue in your situation I would move to another host and not send this company your cc info via email!

Originally posted by KoWind
Ok...but why would a HOST need that info.. . . . . Most wouldn't. If you're suspicious; trust yourself. Move on to a different provider.

Well, stores don't even get a back of your CC. I wouldn't do any of it. I wouldn't fax part of my statement either. I'd find a company that did not require those things.

A lot of processors nowdays need ccv2's to process credit cards, thats what the security numbers are there for, granted fairly useless, but they're still required.

BTW, just because someone says something is true on WHT doesen't make it so, did i ever tell you my names Myles, im a fireman, and a general, and i fly a F16, and i've got the uss nimitz strung up by my cottage, but dont tell anyone, hmm-k? :D :laugh:, Ohh yes, im also the presidents unofficial advisor, but you didn't hear it from me :rolleyes:.

KoWind,

I'd be careful what you read here.

YOUR PROVIDER DOES NOT NEED A SCAN FROM BOTH SIDES OF YOUR CREDIT CARD!

Offer them another piece of ID, if they refuse and you can find the services you require elsewhere, do so! It's far easier defraud a credit card when you have what's darn close to the card itself in your hand. They'll get a digital copy of the signature, your card ID number, and physical indicators on the card. No one needs this over a valid piece of identification for any reason whatsoever.

There are some respected companies these days that request a scan, usually for larger or specialized orders. You may not be able to find their offerings anywhere else and forced to play by their rules; still, check up on the company: How long have they been around? Where are they located? Are they a registered business there? Be very careful.

Please, be careful. This information is all someone needs to be you as far as VISA is concerned and will negatively affect everyone (including yourself) if another card is stolen by someone pretending to be a host.

Sincerely,

-Matt

Just a note to clear up something..

It is not myself that was asked to do this, it is one of my customers. She lives in Australia and is purchacing hosting with gisol.com

They are the host that asked for the scans. She sent them in without a second though :rolleyes:

Yes, we looked at the posts here and she felt the reviews were not bad, and thost that were are over 1 1/2 years old. Her call. I'd have prefered a different company.

Personally I'd avoid any host that did this. But the suggestions of sending the top part of the statement (which does not have the ccv number), or another portion of id. I'd still blank out a portion of the information, just to make it harder to use that information for anything else.

Greetings:

Our parent company does ask brand new customers to sign a form authorizing the charge of their card, and to send a copy of the front and back of the credit card.

This was specifically done to reduce charge backs that were directly related to fraudulent use of stolen cards.

While it is true that some one who has physically stolen a card could send in a copy, the following also remains factual:

1. They may not have the billing address of the card holder.
2. Most on-line credit card fraud involves the suspect not having physical access to the card.

Since we’ve instituted this procedure, we have had zero charge backs related to credit card fraudulent use of stolen cards.

Thank you.

So, it's good for the host protection; but not for the consumer. That's my take on it.

Yep,

Hosts get beat up a LOT more then customers, they deserve the right to ask for protection. Either side, on any given transaction takes a certain amount of risk, if a reputable host asks for this information, the risk to the customer is fairly low, but the risk to the host is very high, otherwise they wouldn't have bothered asking.

You might have had zero chargebacks since you implemented that procedure but I'm sure you've lost many potential customers by implementing that! It's your choice but as a customer I would move on to another host rather then send you copies of my credit card.

Originally posted by arpmn
You might have had zero chargebacks since you implemented that procedure but I'm sure you've lost many potential customers by implementing that! It's your choice but as a customer I would move on to another host rather then send you copies of my credit card.

I understand your position...but try to understand ours. If we get 1% chargebacks on ALL of our orders...we'll lose our merchant account and the ability to accept credit card orders. That pretty much puts us out of business.

The drastic measure of asking for copies is for our long-term business stability. SO, you might move on to a host that doesn't ask for copies...or has a really lax fraud screening in place...but what does that tell you about how careful they are?

Bottom line though - its the credit card companies and banks that are to blame. :angry: We, as consumers and business owners, are the ones getting the raw deal. :angry:

--Tina