# online seller requesting cc details via email?



## lluvia (7 Jul 2008)

hi
After placing an order online the seller e mailed me asking for confirmation of credit card details. It's the first time I order goods online so I don't know if this is normal..This is the email:

As a security feature of our payment system we must now ask for further information from yourself as we are required to perform security checks on all of our online orders for your own safety.
Please can you provide us with the following details:
Card holder's name:
Full card number:
Expiry date:
Card issuing bank:

Is there anyother way that a seller could confirm this without me disclosing this information over the phone or email?
Thanks


----------



## mathepac (7 Jul 2008)

I've paid for numerous purchases online by credit & debit card and never once have I been asked to respond with confirmation details by email.

I believe it would be inappropriate for you to respond with the details they are requesting. There is nothing secure about email.


----------



## rmelly (7 Jul 2008)

You used to get this in the early days of ecommerce (a decade ago), but it shouldn't be accepted now.

I wouldn't be happy to proceed - can you find an alternative site? Or alternative payment method e.g. paypal etc?


----------



## Graham_07 (7 Jul 2008)

Do not give CC details in an email. Period.


----------



## ClubMan (7 Jul 2008)

Some online retailers may request a copy of your _CC _details for security purposes but they would normally do this via fax. Who is the retailer? Are they well known and reputable?


----------



## sandrat (7 Jul 2008)

its not next directory by any chance is it?


----------



## lluvia (7 Jul 2008)

I haven't used nor heard of them before, they have a couple of shops in dublin so I thought they'd be ok. Perhaps someone here know them [broken link removed]


----------



## ClubMan (7 Jul 2008)

Did the payment page not already ask for some or all of the details requested separately by email? Given that this is not a large well known retailer I would be cautious and would not be inclined to give them additional details without good reason.


----------



## g1g (7 Jul 2008)

if its next then its legitimate.  They failed to notify any of their stores about it though.  My order was cancelled as I thought it was spam. You'd think they'd have a better way of doing it.  Was told be two different next stores that it was better to order through the store than going through the web as orders seem to get mixed up etc. Have ordered through store several times without problems


----------



## lluvia (7 Jul 2008)

Yes all the details where given when I placed the order except the issuing bank. The email also said that once the above details have been verified with the order they will send the goods.


----------



## sandrat (7 Jul 2008)

try ringing one of the stores?


----------



## ClubMan (7 Jul 2008)

g1g said:


> if its next then its legitimate.


Er - it's not:


lluvia said:


> I haven't used nor heard of them before, they have a couple of shops in dublin so I thought they'd be ok. Perhaps someone here know them [broken link removed]


----------



## rmelly (7 Jul 2008)

It wasn't clear from the original post whether you had already given the details on the site - why do they need ALL the info again - have they lost it or is this their standard practice?


----------



## mathepac (7 Jul 2008)

lluvia said:


> ... Perhaps someone here know them [broken link removed]


Never heard of them, but that has no significance as they probably never heard of me either. 

Interestingly among other things they charge €8 for Dublin deliveries and €13 for "RESTOFIRELAND".


----------



## lluvia (7 Jul 2008)

I don't understand why they need it again, they said its a security procedure but I don't feel very secure giving the information all over again and not encrypted.. I'm wating for my husband to ring them because I used his credit card.


----------



## ClubMan (7 Jul 2008)

mathepac said:


> Interestingly among other things they charge €8 for Dublin deliveries and €13 for "RESTOFIRELAND".


So? 


> "RESTOFIRELAND"


Wonder if it's one of the many new _Asian _owned/operated mobile phone shops that seem to be springing up these days?


----------



## g1g (7 Jul 2008)

ClubMan said:


> Er - it's not:


 
apologies!!!!!!!!!!!


----------



## Towger (7 Jul 2008)

The site says they use Verified by Visa, so why require the double check. Anyway burried in their small print is the address : FM Mobiles, 76 Camden St, Dublin 2.
A look up gives :
Registry Whois

% Rights restricted by copyright; [broken link removed] 
% Do not remove this notice 

domain:      *fmmobiles.ie* 
descr:       Mohamed Elferdaoussi 
descr:       Sole Trader 
descr:       Registered Business Name 
admin-c:     ABE819-IEDR 
tech-c:      AAA967-IEDR 
renewal:     23-February-2009 
status:      Active 
nserver:     ns1.hosting365.ie 
nserver:     ns2.hosting365.ie 
nserver:     ns3.hosting365.ie 
source:      IEDR 

person:      Mohamed Elferdaoussi 
nic-hdl:     ABE819-IEDR 
source:      IEDR 

person:      IE Internet Hostmasters 
nic-hdl:     AAA967-IEDR 
source:      IEDR


----------



## mathepac (7 Jul 2008)

ClubMan said:


> So? ...


Sorry I had a longer list - have a look. I didn't post the longer list in case I got contravention of posting guidelines notice.





ClubMan said:


> ...Wonder if it's one of the many new _Asian _owned/operated mobile phone shops that seem to be springing up these days?


In that case would it not read "RESTOFILERAND"?


----------



## sse (7 Jul 2008)

Personally I wouldn't give these details over. There's hundreds of places you can but electronics without taking a risk with personal information.

I've never heard of such a security check being required before anywhere I've shopped - the only vaguely similar one is that the address you provide has to be the cardholder's registered address. It's somewhat ironic requesting personal information for a "security check" via the most insecure method around, you'd have to wonder how securely it's kept. It may be that they're going to try to submit a cardholder-not-present transaction for the payment.

SSE


----------



## amgd28 (7 Jul 2008)

Is it not possible that this is just spam, and has not been issued directly from the retailer in question. Perhaps the retailer's systems are not as secure as they seem, and a phishing type operation has access to his client database?
Either way, under no circumstances should you place CC details on an email, and I would contact the retailer directly as to your concerns in this matter.


----------



## euro2000 (7 Jul 2008)

Why not call your own CC company and see what has been charged to your account? While on to them explain what has happened and make a complaint.


----------



## lluvia (8 Jul 2008)

We rang the shop but there has been no answer yet, I'll give until the end of the day and if we are still not able to contact them, we'll cancel the order.


----------



## blacknight (8 Jul 2008)

Anyone asking for full credit card details via email is an idiot and shouldn't be allowed have a merchant account.

Some companies ask you to fax ID or verify the last X digits of your card, but asking for the full card number is stupid, irresponsible and very insecure.


----------



## europhile (8 Jul 2008)

How would posters feel about giving these details to a small hotel or guesthouse to confirm a booking?


----------



## blacknight (8 Jul 2008)

europhile said:


> How would posters feel about giving these details to a small hotel or guesthouse to confirm a booking?


Via email - never

Via fax or over the phone - fine

EMAIL IS NOT SECURE


----------



## ClubMan (8 Jul 2008)

blacknight said:


> EMAIL IS NOT SECURE


Not always true.


----------



## Towger (8 Jul 2008)

ClubMan said:


> Not always true.


 
It is true. There is no such thing as a secure computer system, unless it is physically kept in a safe. Even then there are ways, such as kidnapping the users family etc.


----------



## europhile (8 Jul 2008)

The same could be said for post, phone or fax.


----------



## blacknight (8 Jul 2008)

ClubMan said:


> Not always true.



Sorry, but unless you rewrite ALL the internet protocols email will always be insecure.

Encrypting email only works properly if both parties have the correct keys etc.,


----------



## blacknight (8 Jul 2008)

europhile said:


> The same could be said for post, phone or fax.



Not really.

It's very easy to sniff packets of data.


----------



## lluvia (8 Jul 2008)

Someone finally answered the phone, my husband got talking to a man who said that we have to send the email for security reasons which he refused to do. He then contacted the bank and they said that payment had already gone thru so and told him not to give the credit card details via e mail. Contacted the shop again and it seems to be ok now to send the order...


----------



## rmelly (8 Jul 2008)

blacknight said:


> Via email - never
> 
> Via fax or over the phone - fine
> 
> EMAIL IS NOT SECURE


 
What if the phone line is tapped? As likely as the family being kidnapped scenario above...


----------



## blacknight (8 Jul 2008)

rmelly said:


> What if the phone line is tapped? As likely as the family being kidnapped scenario above...



Then you really are out of luck


----------



## ClubMan (8 Jul 2008)

blacknight said:


> Sorry, but unless you rewrite ALL the internet protocols email will always be insecure.


I disagree.


> Encrypting email only works properly if both parties have the correct keys etc.,


*Of course* appropriate key management is fundamental to (for all intents and purposes) secure communications.


----------



## rmelly (8 Jul 2008)

Plus it could be VOIP or FOIP, some of which are peer to peer and not always encrypted:

[broken link removed]



> Calls between Skype software users (PC-to-PC calls) are secure and encrypted. Calls to standard telephone or mobile numbers are encrypted until they reach public switched telephone network.


----------



## Marathon Man (8 Jul 2008)

I frequently buy online and NEVER, EVER give financial info by email.  
Where the business does not have a secure online payment facility.

Quite frequently I have given delivery/contact info in the email, saying that I will phone with the credit card details.  This is fine for hotels etc, where you can confirm that the business is legitimate and that the business contact details are correct, otherwise forget it.

I reckon that the mail the op got was spam, coincidentally received around the same time as the purchase.

Rule 1: Never give your bank/financial details by email.
Rule 2: If in doubt, see Rule 1.


----------



## blacknight (8 Jul 2008)

Marathon Man said:


> Rule 1: Never give your bank/financial details by email.
> Rule 2: If in doubt, see Rule 1.



Exactly

Most of the bigger financial / ecommerce sites are PCI compliant and would never ever ask anyone to handover financial details via email.


----------



## lluvia (9 Jul 2008)

Seller admitted sending the email so I doubt its spam, he also was adamant that we had to send him the details for our own security. The bank also told us that the payment had been debited from the account so it makes no sense to me why this double check when they already had the money. After pointing this out to him he agreed to send the product.


----------



## mcaul (9 Jul 2008)

lluvia said:


> Seller admitted sending the email so I doubt its spam, he also was adamant that we had to send him the details for our own security. The bank also told us that the payment had been debited from the account so it makes no sense to me why this double check when they already had the money. After pointing this out to him he agreed to send the product.


 
I doubt if its a scam by the store - its maybe that they've had fraud problems with previous orders and are double checking. Asking for details be e-mail shows an amateur approach - there are many ways of ensuring details are correct including refferal to card issuer who will confirm address details.


----------



## lluvia (10 Jul 2008)

Agree with amateur approach by the seller but very irresponsible one at that... Anyway I received the goods and in good condition.
Thanks to everyone for the advise given.
Lluvia


----------

