online seller requesting cc details via email?

[amgd28]

Is it not possible that this is just spam, and has not been issued directly from the retailer in question. Perhaps the retailer's systems are not as secure as they seem, and a phishing type operation has access to his client database?
Either way, under no circumstances should you place CC details on an email, and I would contact the retailer directly as to your concerns in this matter.

 

[euro2000]

Why not call your own CC company and see what has been charged to your account? While on to them explain what has happened and make a complaint.

 

[lluvia]

We rang the shop but there has been no answer yet, I'll give until the end of the day and if we are still not able to contact them, we'll cancel the order.

 

[blacknight]

Anyone asking for full credit card details via email is an idiot and shouldn't be allowed have a merchant account.

Some companies ask you to fax ID or verify the last X digits of your card, but asking for the full card number is stupid, irresponsible and very insecure.

 

[europhile]

How would posters feel about giving these details to a small hotel or guesthouse to confirm a booking?

 

[blacknight]

How would posters feel about giving these details to a small hotel or guesthouse to confirm a booking?

Via email - never

Via fax or over the phone - fine

EMAIL IS NOT SECURE

 

[ClubMan]

EMAIL IS NOT SECURE

Not always true.

 

[Towger]

Not always true.

It is true. There is no such thing as a secure computer system, unless it is physically kept in a safe. Even then there are ways, such as kidnapping the users family etc.

 

[europhile]

The same could be said for post, phone or fax.

 

[blacknight]

Not always true.

Sorry, but unless you rewrite ALL the internet protocols email will always be insecure.

Encrypting email only works properly if both parties have the correct keys etc.,

 

[blacknight]

The same could be said for post, phone or fax.

Not really.

It's very easy to sniff packets of data.

 

[lluvia]

Someone finally answered the phone, my husband got talking to a man who said that we have to send the email for security reasons which he refused to do. He then contacted the bank and they said that payment had already gone thru so and told him not to give the credit card details via e mail. Contacted the shop again and it seems to be ok now to send the order...

 

[rmelly]

Via email - never

Via fax or over the phone - fine

EMAIL IS NOT SECURE

What if the phone line is tapped? As likely as the family being kidnapped scenario above...

 

[blacknight]

What if the phone line is tapped? As likely as the family being kidnapped scenario above...

Then you really are out of luck

 

[ClubMan]

Sorry, but unless you rewrite ALL the internet protocols email will always be insecure.

I disagree.

Encrypting email only works properly if both parties have the correct keys etc.,

Of course appropriate key management is fundamental to (for all intents and purposes) secure communications.

 

[rmelly]

Plus it could be VOIP or FOIP, some of which are peer to peer and not always encrypted:

[broken link removed]

Calls between Skype software users (PC-to-PC calls) are secure and encrypted. Calls to standard telephone or mobile numbers are encrypted until they reach public switched telephone network.

 

[Marathon Man]

I frequently buy online and NEVER, EVER give financial info by email.
Where the business does not have a secure online payment facility.

Quite frequently I have given delivery/contact info in the email, saying that I will phone with the credit card details. This is fine for hotels etc, where you can confirm that the business is legitimate and that the business contact details are correct, otherwise forget it.

I reckon that the mail the op got was spam, coincidentally received around the same time as the purchase.

Rule 1: Never give your bank/financial details by email.
Rule 2: If in doubt, see Rule 1.

 

[blacknight]

Rule 1: Never give your bank/financial details by email.
Rule 2: If in doubt, see Rule 1.

Exactly

Most of the bigger financial / ecommerce sites are PCI compliant and would never ever ask anyone to handover financial details via email.

 

[lluvia]

Seller admitted sending the email so I doubt its spam, he also was adamant that we had to send him the details for our own security. The bank also told us that the payment had been debited from the account so it makes no sense to me why this double check when they already had the money. After pointing this out to him he agreed to send the product.

 

[mcaul]

Seller admitted sending the email so I doubt its spam, he also was adamant that we had to send him the details for our own security. The bank also told us that the payment had been debited from the account so it makes no sense to me why this double check when they already had the money. After pointing this out to him he agreed to send the product.

I doubt if its a scam by the store - its maybe that they've had fraud problems with previous orders and are double checking. Asking for details be e-mail shows an amateur approach - there are many ways of ensuring details are correct including refferal to card issuer who will confirm address details.