Web Hosting Talk : Web Hosting Main Forums : Web Hosting : HostGator asking for credit card and gov id through email

[osakka]

Hey guys, new member here with a weird HostGator issue...

I recently just purchased a semi dedicated account from HostGator. I got my first email that stated I should receive all my account info within 20 min. Twenty minutes passed, so I waited an hour, then sent an email letting HG know.

I was told that it usually takes 24-48 hours for a semi dedicated to be set up. Cool, understood.

48 hours pass by, I email them this morning letting them know, and that's when I receive the email saying in order for my my purchase to go through they want a scanned copy of my credit card (both sides) and gov id emailed to them.

There is something about this that just doesn't feel safe and I have a bad feeling abut this. Has this happened to anyone? Obviously since they sent this email, they've yet to charge me, right? So I can easily take my business elsewhere?

Thank you,

[Rochen]

It is not uncommon for companies to request this type of information if they are not completely certain that an order is genuine. That being said it is extremely insecure for you to send your credit card details via email.

Perhaps you should drop Host Gator an email asking for clarification?

- Chris

[HackNo-Alex]

Well many hosts will ask you to fax in identification due to the fact that they do not want to setup a whole new dedicated server for a person that has frauded their payment. I have seen many hosts do this, and I can assure you that it is no trick.

On the other hand, they may or may not have charged your card. I would recomment contacting Host Gator and asking them about a refund if you do not feel comfortable with them.

Hope this helps.

[BrentOfHG]

I'm not sure who you spoke with but faxing your id and credit card is how we usually do it on a small percent of orders.. If you could do this then respond to us via email notifying you faxed it in for verification we will be happy to rush that order for you. Thanks!

[taylorwilsdon]

We've had to do it in a few cases where the buyer had red flags coming up on their account; but generally its just a precaution. Hostgator is obviously an established company and you should feel confident in their protection of your personal information.

I'm sure they'd let you block out parts of your information, if you felt that to be necessary.

[UH-Matt]

Just block out some numbers on the card with paint before you send it.

Its fairly standard for higher risk orders to require further authentication before service is provided.

This is a very high fraud risk industry unfortunately for us all.

[uberhostNET]

Quote:

Originally Posted by osakka

There is something about this that just doesn't feel safe and I have a bad feeling abut this. Has this happened to anyone? Obviously since they sent this email, they've yet to charge me, right? So I can easily take my business elsewhere?

I would go with fax over email myself, but as for HostGator they have a great rep: http://www.webhostingjury.com/

[WireNine]

I can understand your hesitation, but some companies require this for orders that raise a red flag, others would simply reject the order or go through with it even with a possibility of fraud.

If you don't feel safe about sending an email, ask them for their fax number

[SkyNetHosting]

Requesting your credit card/ID via mail/fax for a purchase of a dedicated/semi-dedicated server is reasonable, specially if they are doubtful about your order. If you are uncomfortable sending your credit card details via email best thing is to fax your C/C details.

[NS-Icon]

Yup this is normal, I would however recommend you do not send a copy including all credit card digits, this would be insecure, including the last 4 digits of the credit card should be more than enough for them to complete any verification they require.

I would send a copy via e-mail myself as this way you have some record of the data being sent, with FAX, its almost impossible to prove anything was sent, this is the problem I have always encountered with some providers requiring fax details to be sent.

Anyway, best of luck

[joetryn]

Yup... I agree with NS-Icon.

Try not to send all digits in clear text. And never ever send the 3-digit security number, visible at the back of your card, in clear text !
Last 4 digits should be enough... especially when you are talking about sending over the internet/fax.

If they still need more information... maybe you should use more secure channels.

[amitpatel_3001]

When i setup my account i was asked to verify my account via phone.
I had to call them and give my address, domain name and the paypal.

[CyberHostPro]

emailing the card details! this i dont think HG should ask users to do, surely if it got in the wrong hands HG would be to blame.

Like some of the other hosts on here, if we need proof we get a user to FAX it to one of our international fax numbers, but never recommend email due to security, but this is totally the customers own risk if they choose to.

I also agree with blocking out the last 4 digits of the number.

[amitpatel_3001]

Quote:

Originally Posted by CyberHostPro

emailing the card details! this i dont think HG should ask users to do, surely if it got in the wrong hands HG would be to blame.

Like some of the other hosts on here, if we need proof we get a user to FAX it to one of our international fax numbers, but never recommend email due to security, but this is totally the customers own risk if they choose to.

I also agree with blocking out the last 4 digits of the number.

Yep,
they should better ask for a signed agreement on a Fax, better safe and secure than the CC one

[thesmallguyshost]

I've said this dozens of times, more credit card numbers are stolen by waiters at restaurants then have ever been 'sniffed' through email packets since the history of the internet.

Someone please send me a link of a confirmed case where someone sniffed packets and grabbed a credit card number AND then used it fraudently. I'm not talking about someone hacking into a database, but grabbing it while in transit via email.

I can go dumpster diving and get more credit card numbers in a day than I could ever possibly use.

Yes fax is best but if it's long distance, out of the country and costs money, I see no reason not to use free email. And yes, never send the security code on the back. That decreases the ability to use a stolen number greatly if the thief doesn't have that code.

I also don't know of any credit card company that does not protect the card owner 100% against fraud/stolen numbers.