Thread: Credit Card Validation

Never in my life have I heard of this before. The implications that can be caused to the buyer are enormous. Image if some sleezy worker gets his hand on this info and then takes the persons identity. I use VISA with my transactions and have never heard of such a thing. I have also bought from MP3Car and never had to do that. Why do you think they make the security code numbers on the back of the card. Also that is why they have voice authorization, sounds like MP3Car is to lazy to pickup the phone and do a voice authorization. It seems like the MP3Car is digging themselves into a deep hole with all the bad customer service and now this. If I had to do this I would feel like I'm a person trying to prove I'm no criminal. I work at a HOTEL and we take in a ton of international authorizations, which we verify over the phone, and or through the credit card terminal with our merchant services provider. Only time we ever ask for an ID is if the person is making a reservation on someone Else's behalf and will be taking care of all the charges, but not be present.

Just to defend a bit, I have seen this and do this on a daily basis.

I deliver chinese food for a small family owned restaurant. All delivery orders that pay with credit card we run through the machine by typing it in manually. Credit Card company policy says that if you manually type in the numbers and expiration date rather than physically swiping the card through the reader, if there is a dispute over the charge you lose unless you have a copy of the card. So we type in the number, charge goes through. We make the food and I deliver it. They eat it, then call the credit card company and say "I never ordered food", credit card company reverses the charge. We are out food, my time, and money unless we can proove it. Only acceptable proof by the credit card company for us is a imprint on special paper the bank distributes. Those oldschool machines that you put the card in and the carbon paper ontop, and roll the bar over and it makes an imprint. That thing. Yes I have to carry that with me on every delivery because of fraud. If we didnt do the imprint, we would loose a lot. There are a lot of dishonest people here that will scam anyone. Happens to lots of people, but this is a way to prevent it. To us it doesnt happen anymore since we started swiping, but even before it was like $50 lost. I can imagine that a big ticket item on the mp3car store would really hurt if it was stolen (which essentially is what happens when you take it and then say you never ordered it).

So it really isnt a big deal, if you feel it is unsafe, send the proof in by certified mail or something.

Originally Posted by 2k1Toaster

Just to defend a bit, I have seen this and do this on a daily basis.

I deliver chinese food for a small family owned restaurant. All delivery orders that pay with credit card we run through the machine by typing it in manually. Credit Card company policy says that if you manually type in the numbers and expiration date rather than physically swiping the card through the reader, if there is a dispute over the charge you lose unless you have a copy of the card. So we type in the number, charge goes through. We make the food and I deliver it. They eat it, then call the credit card company and say "I never ordered food", credit card company reverses the charge. We are out food, my time, and money unless we can proove it. Only acceptable proof by the credit card company for us is a imprint on special paper the bank distributes. Those oldschool machines that you put the card in and the carbon paper ontop, and roll the bar over and it makes an imprint. That thing. Yes I have to carry that with me on every delivery because of fraud. If we didnt do the imprint, we would loose a lot. There are a lot of dishonest people here that will scam anyone. Happens to lots of people, but this is a way to prevent it. To us it doesnt happen anymore since we started swiping, but even before it was like $50 lost. I can imagine that a big ticket item on the mp3car store would really hurt if it was stolen (which essentially is what happens when you take it and then say you never ordered it).

So it really isnt a big deal, if you feel it is unsafe, send the proof in by certified mail or something.

I understand the requirement for imprint on manual transactions. In fact, 60% of my customers pay by credit card and 60% of those are manual (phone/Internet).

I have no problem with someone making a imprint of my card, but IMHO that credit card authorization form should include the items sold (or at minimum the order number) and total price. If you wanted to (or a bad employee) you could charge my credit card for anything, then when I file a charge back, all you need to do is produce that form.

The issue is you can not refuse a transaction if the card holder refuses to provide ID. It is in VISA/MC merchant agreement. I believe AMEX and Discover are the same, but I would have to check.

The next issue is the send file page is not on a secure server. So how secure really is it? The file is not even keep/sent on mp3car's servers, but yet uses "https://www.sendthisfile.com/"

Another issue is that mp3car suggests emailing the form to them. That is very unwise for both the customer and mp3car.

Also, mp3car should follow up orders than need more verification with a phone call and not just an email pointing to the form.

Originally Posted by 2k1Toaster

Just to defend a bit, I have seen this and do this on a daily basis.

I deliver chinese food for a small family owned restaurant. All delivery orders that pay with credit card we run through the machine by typing it in manually. Credit Card company policy says that if you manually type in the numbers and expiration date rather than physically swiping the card through the reader, if there is a dispute over the charge you lose unless you have a copy of the card. So we type in the number, charge goes through. We make the food and I deliver it. They eat it, then call the credit card company and say "I never ordered food", credit card company reverses the charge. We are out food, my time, and money unless we can proove it. Only acceptable proof by the credit card company for us is a imprint on special paper the bank distributes. Those oldschool machines that you put the card in and the carbon paper ontop, and roll the bar over and it makes an imprint. That thing. Yes I have to carry that with me on every delivery because of fraud. If we didnt do the imprint, we would loose a lot. There are a lot of dishonest people here that will scam anyone. Happens to lots of people, but this is a way to prevent it. To us it doesnt happen anymore since we started swiping, but even before it was like $50 lost. I can imagine that a big ticket item on the mp3car store would really hurt if it was stolen (which essentially is what happens when you take it and then say you never ordered it).

So it really isnt a big deal, if you feel it is unsafe, send the proof in by certified mail or something.

I know about the "knuckle-buster" units, and have had to provide them to clients when their electronic processing was down.

Understand that delivering Chinese food is one thing. The low-end of credit card processing is very simple, using one of those dial-up units where you punch in the CC number. There's probably a swipe slot for walk-in customers.
The delivery-person has no way of knowing whether the card is stolen or fraudulent or not. They deliver the General Tso Chicken, get the card imprint, and leave, hopefully with a nice tip.

However, we're talking about a technology company with an online CC processing system integrated into their web-based store. Every online CC processing system I've seen uses multiple layers of verification, including ZIP code and CVV code. The idea that they require a copy of the card & a photo ID is pretty ridiculous in this day and age, even for international orders.
Shoot, many gas stations require you to punch in your ZIP code for verification, just to make sure the card isn't stolen.
CC fraud and ID theft is so common anymore, that it's necessary for the protection of both the merchant and the consumer. So the developers respond and add layers of security to their systems.

Or maybe it's NOT integrated into the store, and some flunkie has to manually authorize each CC charge on one of those budget units.... If that were the case, I'd lose what little respect I have for the mp3car management that I retain. That would be nothing short of pathetic.

Just throwing this out there. PowWeb required a copy of my ID and CC when I signed up for hosting services from them. Which was strange cause it was only like a $150 charge.

On the other hand, NewEgg, which I order probably thousands of dollars worth of stuff a week, has never asked for anything like that with my AmEx or Visa cards.

But then again, companies like D&H Distributing required everything short of a urine test for me to do business with them... guess it just depends on the company. But D&H has no retail front. Large order distribution to resellers only afaik.

FWIW, I can see both sides of this debate. Here's my 15 cents...

As a merchant, you have ZERO protection from credit card fraud, and I learned that lesson the hard way.

Overseas individual (Indonesia) wanted to order product, about $5000.00 worth. No real red flags there, no real scam indicators, I just thought it was a nice sale. Product was shipped, done deal.

2 MONTHS later, I get a call from the CC processor, explaining the card number for that sale was stolen. The time lag is due to victim not noticing a charge on their CC, then checking their statement, then calling their bank, then having an investigation, THEN calling the merchant (me) to explain their policies and what is going to happen.

The money was quickly withdrawn from my account by the processor, cus that is what they do, just like that. I was out the cost of goods, product, AND profit, period, and there wasn't a damn thing I could do about it. Came to also find out that Indonesia is like THE leading CC theft capital in the world.

Lesson learned? Yup. Do I now ask for IDs on CC sales? No. Have I been burned like that again? No. Just a bit more cautious now.

Also, according to all the merchant agreements I have read, it is acceptable to ask for a photo ID when the signature can't be verified or there is a reasonable suspicion of fraud. There is no law specifically for or against it, and what laws are out there vary by state and issuing bank. Some people even put "See ID" on the back of their card, which forces the live merchant to ask for ID right there on the spot. Although MC/VI kinda frown on that, but they don't force people to stop it.

The laws do say DL Info can't be copied down or kept on record, things like that. Also as a merchant, you pretty much have the right to refuse selling anything to anyone, as long as it's not a race, creed, sex, etc., decision.

Some would say PayPal is an option, but they are not all they are cracked up to be either. Seller protection only kicks in when shipping to a confirmed address. Unconfirmed address + stolen or unauthorized charge = SOL for seller.

As a buyer, I have been asked to fax over a copy of the front and back of a CC in certain big ticket instances, and that's fine with me. I have never been asked to fork over a drivers license or anything like that, but I probably would do it if I was asked, unless I had a gut feeling I shouldn't for whatever reason.

The situation here is a bit different. The MP3car store is out to limit exposure and financial loss in CC transactions so they don't get burned. Nothing terribly wrong with that mentality from a merchant standpoint.

There is unfortunately NO foolproof way (especially online) to eliminate CC fraud, so mechants do what they can to reduce the risks. The CVV2 number is a step in the right direction, since that adds assurance that you (probably) physically have the card. It is not foolproof either, and neither is address verification, especially overseas.

I also think they went above and beyond explaining the actual processes they have in place (a few posts back) on who sees what, and who processes what, etc. Do you know the name and nick of the person that does your transactions at ANY online merchant you deal with?


With all the huge hits mp3car has taken over the past few months (Street Deck, a couple of very disgruntled customers, orders being mis-routed, e-mailed questions not being replied too, etc). I think we all have noticed their attempt to reach out on the forums and do things a little different. OK, the fuzzy-wuzzy stuff on the first page is a bit much, but hey, it's all good baby! It is kinda nice to put a face to a name.

I mean, this is an example. An issue pops up right here in this thread, there is a valid customer concern, and they change the way the CC processing is done. Just giving some credit where credit is due.

I don't order much from mp3car, so I am not the perfect test case. But the few times I did, I had no issues.

Lastly, as a buyer, you have the option of shopping anyplace you want. So if you don't like a merchant's policy, chances are you can get the same thing from someplace else. I have refused to do business with many places for that reason alone.

Good luck with whatever you decide.

Originally Posted by quantum

Also, according to all the merchant agreements I have read, it is acceptable to ask for a photo ID when the signature can't be verified or there is a reasonable suspicion of fraud. There is no law specifically for or against it, and what laws are out there vary by state and issuing bank. Some people even put "See ID" on the back of their card, which forces the live merchant to ask for ID right there on the spot. Although MC/VI kinda frown on that, but they don't force people to stop it.

"See ID" is not a valid signature according to VISA/MC. Merchants are not suppose to take cards with this written on them, but most do. This is because the signature on the card "See ID" does not match the signature on the receipt. You will lose a chargeback just on this reason alone.

Originally Posted by Visa Rules - Page 29 - See ID

Some customers write “See ID” or “Ask for ID” in the signature panel, thinking
that this is a deterrent against fraud or forgery; that is, if their signature is not on
the card, a fraudster will not be able to forge it. In reality, criminals don’t take the
time to practice signatures: they use cards as quickly as possible after a theft and
prior to the accounts being blocked. They are actually counting on you not to look
at the back of the card and compare signatures—they may even have access to
counterfeit identification with a signature in their own handwriting.
“See ID” or “Ask for ID” is not a valid substitute for a signature. The customer
must sign the card in your presence, as stated above.

Originally Posted by Visa Rules - Page 29 - Requesting ID

When should you ask a cardholder for an official government ID? Although Visa
rules do not preclude merchants from asking for cardholder ID, merchants
cannot make an ID a condition of acceptance. Therefore, merchants cannot
refuse to complete a purchase transaction because a cardholder refuses to
provide ID. Visa believes merchants should not ask for ID as part of their
regular card acceptance procedures. Laws in several states also make it illegal
for merchants to write a cardholder’s personal information, such as an address or
phone number, on a sales receipt.

If you are bored you can read this: http://usa.visa.com/download/merchan..._merchants.pdf

If Mp3car feels a transaction is suspicious then they need to call in a Code 10.

Paypal is an option though, isn't it?