This weekend, I placed an order for a coin at an online retailer ($ 300-400). Shortly after, I received an email from their sales team saying something similar to the following:
Hello, we have received your order n ° 12345 which was triggered by
our fraud alert system. Please send us a copy of your driver's license
and credit card used in the transaction. You my black out all personal
details like the DL # but please leave the last 4 digits of the credit
map, name and address.
It's no different than presenting your identity in a brick and mortar
the shop. Thank you for your cooperation, blah blah blah.
My answer to them was basically:
Hello, I would be happy to check with the bank.
issue the card but unfortunately does not feel comfortable sending
copies of my DL and credit card by e-mail to an online retailer.
Their response essentially reiterated their first email, while insisting that they already had all this information and just needed to check it. I ended up canceling the order and buying the same part from another retailer. They are indeed legitimate retailers. Their name bounced off the forums with no problem and I found them, they did not find me.
My question is, Did I create a problem with something that was reasonable to respect?
Some things that have crossed my mind:
1) I have already had "fraud alerts" on my credit card when making a larger purchase than usual. They come in the form of an email from my bank asking me to confirm whether I made a given purchase or not. Sometimes they even require me to phone to check. This "fraud alert" came only from the retailer. My bank did not raise this problem.
2) As far as I'm concerned, I should never take a picture of my credit card. Even though I block important details, the original photo was probably synced with the cloud, which means I have to make sure it's been removed everywhere and trust our google overlords. / apple / amazon. I'm sure there are ways to mitigate this, but every hoop I cross is an opportunity for mistakes.
3) If I was a fraudster, I'm pretty sure I could simulate a credit card and the corresponding identifier via Photoshop that I could take with my phone for a shitty photo and satisfy them. I do not think there is a lot of security in their process.