Online Retailers Requiring Secondary Validation of Credit Card

Several years ago made a purchase at a online retailer and after going through the payment portal and order confirmed I received a notification a day later from their support that they needed to validate my credit card details further.

They said they would take 2 small transactions of a few cents that I needed to let them know what amounts they were to confirm I was the owner of the card and this might take up to 3 days. Having never had this issue before and not wanting to jump through the extra hoops I declined to proceed and they refunded me. I never thought much of it again as I have been online shopping for over a decade and never had this issue so wrote it up to a retailer that that had obviously been burnt a few times and was now overly cautious.

Then recently I made a purchase from a different retailer, and again after the transaction was completed I was contacted by support saying they needed to confirm my CC details. This time they wanted me to provide CC details over the phone which I declined and requested a refund.

In both cases the extra validation requirements were not disclosed on the order page, or in the T&Cs so feel like it's a bit shady to take the order and payment and then say that the order will be delayed until they get the validation. In both cases they claimed it was for my protection which also rubs me the wrong way since it's obviously only for their benefit.

Curious if other people have experienced this and what hoops they are willing to jump through to get the retailer to send the item you've already paid for, or if I am just being unreasonable.

Comments

  • +4

    Yeah it's a tricky one. Along time ago I worked retail and we'd look up people on the AEC database to see if their address was real. If anything suss we'd ask them to scan and send through drivers license. Personally I'd refuse to do that if I was asked though. We'd generally refuse to ship to any other address, and we defs lost a few sales. Scammers are absolutely everywhere and businesses need to be careful.

    I'd definitely NOT give CC details over the phone. They should be encrypted on the website - staff shouldn't be able to see any numbers!!

    • +3

      Only citizens are on the AEC roll, this method excludes PR and temporary visa holders.

      • And people flying under the radar by not registering to vote

    • +1

      we'd look up people on the AEC database

      Is that legal?

    • I thought you could only inspect the AEC database in person.

      • +1

        Go to enrolement.vec.vic.gov.au and you can see limited details. At the very least it confirms the personality isn't fake (might be someone else using it though).

        • Many board of directors and CEO of business and wealthy people are actually silent electors. So there address isn't even on the AEC Roll.

          They do this on purpose so when they register with ASIC as a director they can use the business address rather than personal address.

          You can look up the board of directors on CBA and many have the same address as the business.

  • This time they wanted me to provide CC details over the phone

    LOL its a bloody scam, I will never provide my CC details over phone unless I can be assured that the phone is only connected to that business, and that business is legitimate business. Even then only during desperation, i would do such a thing.

    The only time i did that was during one well known business accepted my offer of holding out 1 RAT test (during peak time of them), if i can pay for them before. That time gave them one time disposable card's details.

    That being said many legitimate businesses do take CC payments over the phone, like telcos etc.
    some councils have automated payment systems where you simply put the CC details on keypad.

    So yes this is not uncommon thing, But I strong advice to stere away from such things. If ever in doubt Use a virtual disposable CC, or cancel your bank card(report it lost/stolen) immediately after that first known charge amount gets pending.

    • But I strong advice to stere away from such things.

      The point is that you don't know before making the purchase that they are going to do it. If they disclosed they'd require validation over the phone then at least you can choose to make the purchase or not. If they only tell you after already taking the money then you either have to do what they want or chase them for a refund

    • What disposable CC do you recommend?

      • A lot of people use zip, and revolut, noth are good in my opinion.

  • +2

    This time they wanted me to provide CC details over the phone which I declined and requested a refund.

    No.

    Never give the CC to anyone over the phone.

    Payment gateways are designed to verify the CC pin. There is never a need for humans to check the pin.

    • They didn't want full CC number, just last 4 digits. Either way I am not giving them any info over the phone. It makes no sense anyway since if I was able to enter the details on the payment portal obviously I know the CC details already so they aren't really achieving anything by getting them a second time.

    • Use Bitcoin

    • Payment Gateways cannot always detect a fraudulent/stolen CC. We had a Westpac gateway on our ecommerce site and lost thousands to scammers, with absolutely no recourse.
      It became so bad that we were forced to contact all buyers by phone (and check delivery addresses on Google Maps.)
      If there was any suspicion, such as phone numbers that were not connected or went unanswered, we sat on the order till the bank reversed the transaction.
      Genuine buyers would always welcome the personal contact.

  • They said they would take 2 small transactions of a few cents that I needed to let them know what amounts they were to confirm I was the owner of the card and this might take up to 3 days

    Not uncommon. It's a fair enough way of verifying.

    • Common to verify before you make a purchase, not after. They already took the money, and now they wanna validate the card

      • If i can remember correctly, Sniip asked me this same thing too, after I payed Bpay with Prepaid CC, they asked the photo of CC, given that was prepaid card, and i was paying full amount via Bpay to someone, I didn't care much.

      • Common to verify before you make a purchase, not after. They already took the money, and now they wanna validate the card

        True, but perhaps something flagged after the amount was charged. Who knows what that flag might have been? I once had one shop flag me based on my email address, which they thought was dodgy.

  • +2

    The thing about verifying a couple of cents transaction is probably fair enough … if a bit painful.

    I certainly won't be reciting CC numbers over the phone or emailing through scans of licences, etc.

    I recently had a situation where a company wanted me to email them copies of all this ID and simply declined. I'm happy enough for people to cite documents and even transcribe relevant details. I'll even consider secure uploads depending on the business I'm dealing with. But expecting people to "just email" these documents is a recipe for disaster.

  • Do you buy digital goods by any chance?

    • Physical goods, which have high resell value so I do suspect they are target of scammers. The issue is that they don't disclose this before taking your money, forcing you to jump through their hoops or force a refund. I suspect they do it this way to make it less likely for people to cancel the transaction as they'd just rather submit to the validation than trying to get a refund

      • ok, not every seller giving a lot of thoughts into the ordering process. They may just recently having issues with chargebacks/disputes, thus they do immediate change into asking more to make sure the same thing not happen to them.

        Yes let them know they need to have them into their T&C.

  • I've had to validate my card once via the two small payments method.

    I can't remember who it was - maybe SportsBet or something. I guess it's just to make sure you aren't using a stolen card.

    • Yes, but would you be OK if they TOOK the money you wanted to bet with, and then blocked making bets until you validated it? The issue is they retailers took the money first, then required validation. If you choose not to validate then you need to go through the refund process to get your money back, that's the dodgy part.

      • Yeah I agree that is dodgy. Either accept the card or don't.

        Can't have both.

      • No, they put a temporary hold for those small amounts that falls off after a few days or a week.

        • No they didn't, they took the full purchase price, THEN they took the small validation amounts. The full purchase price was removed from my card before they even validated it which means I was forced to validate even if I didn't want to, or I had to get the order cancelled.

  • Woolies put a hold on your card for 0.01 cents when you sign up for scan and go

    • Right, so not after you already paid for the purchase and withheld the goods from you? Which is what I am talking about.

  • One of the major tool shops does something similar to this. They will sometimes bill you in two amounts for the full amount and then ask you to confirm what those two amounts is. I suspect scammers selling tools bought with stolen credit card details must be quite common.

    .

  • Pretty sure these practices breach their merchant t&cs.

    I would never purchase from any retailer requiring this.

    • Sucks cause so far I've only found out after. If they disclosed it in the T&C for the site it would be one thing, but not mentioning it seems deliberate so they don't scare off customers. Once they take your money your forced to deal with them either way.

  • This is why the CCV was introduced. They are probably violating their master agreement with Visa or MC by doing this.

    • Yes, not to mention on the more recent purchase I had to do the 2FA check anyway, where at the stores payment portal I enter a authentication code from my bank app to confirm the purchase. So surely that is enough to confirm I'm the correct owner. I know for a fact that the merchant is aware of this authentication

  • Which stores asked for this?

    • The older one was some online jewellery store, I have no recollection of who (not a bricks and mortar one).

      The more recent one I'll hold off mentioning until I actually get my refund from them

  • I've worked for two companies that have used a similar system;
    Charge small amount - Get customer to confirm small amount (Eg: They tell us the amount we charged them) - Then charge balance of order
    Proves customer is in control of the account they're paying with, practically eliminates someone using a stolen/found card to make a transaction.

    I've never heard of someone charging the balance and then doing small verification amounts. That seems odd. However, functionally if you can't complete the verification, they could just refund the balance, albeit likely at the expense of fees. Seems like a weird choice, but probably harmless.

    As for placing an online order and then being asked to provide card details on the phone, I am struggling to envision a situation that would call for that. I would also go the refund.

    • If you're a consumer facing store that forces people to validate the card before being able to purchase I definitely think you'd turn off a lot of customers. I'm talking one-off purchases, nothing recurring. If you only get them to validate after they already purchased and you've taken the money then people are more likely to continue.

      I've definitely dealt with retailers who require validation of some kind after an order, but they've always disclosed it upfront on the order page. Often purchasing large stuff like landscaping supplies or building materials they will always call to confirm an order and payment before sending, they just aren't shady about it.

  • JB-Hifi did something similar when I ordered a macbook pro from them. Around 2014 I think. More recently ordered much more expensive things without verification. I recall Paypal doing it for credit card verification as well.

    • Paypal is a different thing entirely, they aren't a retailer.

      • The purpose is the same though. To prevent credit card fraud.

        • +1

          Sure, but retailers are breaching their merchant agreements by doing this. They are also losing customers, as it obvious from the feedback in this thread.

  • I bought a TV form Bing Lee the other day. In the e-mail from them they did warn that they might do extended validation. In my case they didn't, but I don't think I would have minded.

  • +1

    Back in the day before banks links mobile phones for sms codes etc fraud was significant. The only way a retailer can protect themselves was to use methods of confirming the customer had access to the cards accounts, in an unobtrusive way. We used a refund method where you advise the customer you were going to issue a refund within a $ range say between $0.08 & $0.79 that we would refund. Once the client confirmed the refunded amount we would despatch the stock. We lost a few cents each time but the losses for fraudulent transactions were unsustainable. Not sure on the merchant terms and conditions that would be breached here but this allowed us to offer products of significant value with more trust and security.

    Claims that its dodgy that funds are held without releasing stock is unfounded, given when you order online stock isn't immediately delivered so it is the same situation just rationale is different. You have many legitimate ways to recover your money if you have dealt with companies that are not holding up their end of the bargain. You can chargeback and they have to respond to the banks claim etc.however the business loses if the stock cannot be recovered and most times isn't due to the delays in banks getting chargebacks processed and sent out by mail. We never liked delaying customers so we would call, and email the moment we got significant transaction or ones that flag for us. If the phone number didn't work or we never heard back from the customer we would issue a refund anyway and not fulfil an order.

    About 5 or 6 years ago we upgraded our merchant facility to include the 3D security and lost customers because we were one of the few retailers using this online when it came out and customers couldn't believe our merchant facility knew they had an NAB card for example and their security questions weren't an SMS code but Card Limits etc. Took two years for customers to start experiencing this elsewhere and for them to trust it, now it's standard on almost all transactions. Fraud dropped significantly and we therefor no longer needed to use this practice as we had success with the banks fraud protection processes.

    Hope this helps clarify why businesses would do this, and explain that it would be unlikely to be needed now with the advancements in security.

    • +1

      I think you've failed to understand the OP, or even read any of my other comments.

      The only way a retailer can protect themselves

      Yeah exactly, protect the seller. If you read the OP you would see that the sellers were claiming it was for my benefit. Lying to your customers for the purpose of this seems pretty silly…

      Claims that its dodgy that funds are held without releasing stock is unfounded

      Not unfounded at all, if they have additional requirements to complete the transaction they should disclose them either at the order page, or in their T&Cs. If you read my other comments then you would see that I am not against the practice as I use suppliers that require phone confirmation before sending orders but they actually openly disclose this.

      You have many legitimate ways to recover your money if you have dealt with companies that are not holding up their end of the bargain.

      Of course, but they said it can take up to 10 business days for the refund to appear. That's 10 days withholding thousands of dollars. I either need to have the funds to place my order elsewhere whilst I wait for the refund, or if I don't have the excess cash I need to delay my purchase by those 10 days to wait for the refund.

      Hope this helps clarify why businesses would do this

      No clarification was required, everyone understands why they are doing it, the complaint is that they are not being open about it, and lying about the purpose.

      unlikely to be needed now

      Huh? The transaction that triggered the OP just occurred a few days ago.

      with the advancements in security.

      Again, if you bothered to read my other comments you'd see that I mention they have the security code implemented in their payment gateway and so why would they also need phone confirmation too? If they had my phone to intercept the security code, then they'd have no trouble with the phone call from the company either.

Login or Join to leave a comment