My friend ordered clothes from a clothing site and was asked to send a picture of her credit card.
Is it standard practice to ask a customer to send a photo of their credit card to confirm their identity?
Asked
Active
Viewed 1e+01k times
23
-
7This is not standard. I suggest she declines to do this. I cannot think of a single reason a legit merchant would ask to do this. Only two possible outcomes will come out of this. The first the mercant will use her credit card for fraud, and the second is in 6 months their images of said credit card will be leaked and it will be used by a different criminal. – Ramhound Aug 07 '12 at 17:22
-
3It used to be much more common, but it is still used now in various places. – Rory Alsop Aug 07 '12 at 19:01
-
Did you asked them if you could send an edited photo, with the date, billing number and total price written on the card photo with an image editor? – curiousguy Aug 25 '12 at 03:39
-
If its just a verification on who you are why cant they ask for a different kind of photo ID? It's suspicious when you are asked for either a passport or a drivers license even if you blank out the info – Mar 04 '16 at 00:11
-
No way. While some actually are legit, think about what would happen if that picture of your card was seen by an unhappy employee. – Henry F Apr 28 '16 at 17:53
-
1This happens all the time in China, quite unfortunately. They will reject your purchase if you don't send it. It's supposed to be for "fraud prevention." It really helps assist in committing fraud, though. They get a picture of your signature on paper, plus your card, and then they can do anything with it. This is why I use throwaway cards in China. – Mark Buffalo Apr 28 '16 at 18:02
-
While I agree that it could be used in committing fraud (and I'm NOT recommending the practice), I believe the intention, at least some of the time, is to ensure the customer is the actual cardholder. In the US, most credit cards can be validated against an address (street line and ZIP), which helps a merchant feel comfortable shipping goods. So if you have a US card and address, make sure you enter the correct billing address when prompted! – Mike T Sep 16 '16 at 18:38
-
@Ramhound How would one prevent "card not present" chargeback? The customer shouldn't send a full image of the card, I think they should show the name and block (by a piece of paper, finger etc) the cards number except the last 4 digit since these will be visible to the merchant payment gateway anyways. A lot of fraud transaction happen because the thieves have a list of card number and they start trying them out. – Mohammed Joraid Feb 01 '21 at 21:26
-
@Ramhound Your comments is nearly 9 years old (now I'm starting to feel old...)! – JMK Feb 02 '21 at 14:52
5 Answers
21
It's not standard, and it's quite inadvisable.
The PCI security standard, with which any legit merchant will have to comply as part of their merchant account agreement, would require that a photo of the front of a card would have to be transferred using a secure, encrypted upload facility, stored encrypted at the merchant end, and, in the case of Amex cards which have the Card Security Code on the front, securely deleted after the transaction was authorised. It's very unlikely they've managed to get all this right, and if they asked you to send the photo through mail (or MMS etc) then clearly that could not be compliant.
That's not evidence of malice, but openly asking customers to do something non-PCI-compliant is evidence of incompetence, raising questions about their security in general.
bobince
- 12,694
- 1
- 28
- 42
-
how about having the customer to block the cards number e.g with a piece of paper and only show last four digit. Sales with "Card not Present" can be easily disputed and chargeback can happen especially for large orders. Custom just calls the bank and say it wasn't me. Most of the time the thieves don't' poses the actually card and they have gotten a list of blackmarket of stolen credit cards and they test it online. – Mohammed Joraid Feb 01 '21 at 21:29
12
I've seen similar requests coming from foreign sites/companies just because of how they handle credit card payments.Think of credit cards imprinters. Some countries/merchants still use them and somehow they assume that an image of the credit card could be just as valid.
In the situations where I've come across this type of request, I have opted to send payment either via Wire transfer, Paypal or similar services. They were wholesale orders where the card could not be charged until the product was manufactured, etc.
Trynity
- 176
- 5
11
No it's not standard practice - in no way, shape or form does sending a photo of your credit card confirm your identity at all. Ignoring the fact that photos can easily be photoshopped, the fact that you physically possess a credit card certainly does not prove that you are who you say you are.
DKNUCKLES
- 9,237
- 2
- 38
- 49
-
2Not only that, the photo does not even expire (until the photographed object expires), it trivially could be reused. – curiousguy Aug 25 '12 at 03:37
2
All that does is ID the card as being physical and not just numbers from a data dump.
To verify the card is active they can do that by the card number, name, exp date and CSV on the back, and a simple penny or dollar withdrawal.
The best industry standard I have seen is used by Circle.
Circle is Goldman-Sachs. Not just some fly-by-night web site.
They want a photocopy of your driver license or other government-issued ID with a photo, first.
Then their site turns on your webcam (I used a smartphone). That way they can match a photo taken at a known time with the photo on the ID.
They will not accept a date and time-stamped uploaded photo. It must be in real time.
Then, and only then, do they ask about your banking information. Their priority is to identify the person first.
If some site is asking for that, you might want to ponder whether you really want to entrust your data with them.
SDsolar
- 977
- 1
- 6
- 25