Another company used our credit cards details to pay a bill

emeldc

CramCycle wrote: »

It was a credit card, not cash. There is no need to doorstep them. You ring the bank card services, get them to issue a charge back and advise them of the fraud. It is upto them how they deal with it. Calling the Gardai is a waste of time and resources as this is what they will do on your behalf.
Door stopping them is asking for the Gardai to get involved, your not a debt collector and the chargeback will put back such money straight into your account.

I know it's a bit easier now with the sepa rules but a couple of years ago I waited 9 months for a charge back against a car hire co who billed me twice. I can only speak for my own suppliers and would have no problem doorstepping them to find out what was going on. I doubt I'd be kidnapped or shot :rolleyes:. After all there could be an explanation for it. Only the OP can know what type of people he's dealing with.

CramCycle

emeldc wrote: »

I know it's a bit easier now with the sepa rules but a couple of years ago I waited 9 months for a charge back against a car hire co who billed me twice. I can only speak for my own suppliers and would have no problem doorstepping them to find out what was going on. I doubt I'd be kidnapped or shot :rolleyes:. After all there could be an explanation for it. Only the OP can know what type of people he's dealing with.

it does not matter the explanation, let them explain it to VISA or MC. Nowadays, it could be back in your account before the end of the week. I done it before SEPA and it was no more than a few days. It should not have taken 9 months for you. I would doorstop someone if I knew them personally but other than that, in this case, there is simply no need.

Report to the DPC

pedroeibar1

CramCycle wrote: »

It was a credit card, not cash. There is no need to doorstep them. You ring the bank card services, get them to issue a charge back and advise them of the fraud. It is upto them how they deal with it. Calling the Gardai is a waste of time and resources as this is what they will do on your behalf.
Door stopping them is asking for the Gardai to get involved, your not a debt collector and the chargeback will put back such money straight into your account.

The amount of waffle and commercial ignorance on this thread is astounding.

It makes no difference whether or not it was cash or a cc payment. The OP gave his credit card details and his CIF code to somebody else, who, OP alleges, misused it. Handing out those details is a breach of OP’s T & Cs with the bank, so it will be unlikely to do a charge-back. Depending on the relationship, they just ‘might’ look into it.

The OP is not a ‘debt collector’ (which legally means an assignee of a debt or somebody acting on behalf of others to collect debts). He is an individual trying to recover sums due to his company and is fully entitled to do so and doorstep anyone. Furthermore, debt collection is not a regulated activity. However, he has to be aware of the Offenses against the Person Act to ensure he keeps on the right side of the law. The Gardai do not want to know, nothing illegal has been done by doorstepping, it is a commercial matter, not a criminal one.

Get the Gardaí involved and the debtor will tell them that it was (a) a mistake made by a former employee and it is under discussion with the OP or (b) tell them that the OP is talking nonsense and that it was a debt that was due and paid via him, probably adding “who in their right mind would hand out their credit card and CIF details!”. The Gardaí will then say it is a civil matter and be delighted to go away. Telling the DPC is another useless bit of advice, there arguably was no breach of the DP laws as the OP gave his details to another.

Unless the OP has significant proof of the fraud he might also find himself on the receiving end of a writ for defamation and all the costs that goes with it.

TheChizler

Holding on to credit card details with no good reason is a serious breach of data protection. As for defamation? When would they have published the allegation? I'm not even sure if businesses can sue for libel.

pedroeibar1

TheChizler wrote: »

Holding on to credit card details with no good reason is a serious breach of data protection. As for defamation? When would they have published the allegation? I'm not even sure if businesses can sue for libel.

So what part of the Data Protection Code is being breached?

As for defamation, you are not even sure? Then why bother posting?

CramCycle

pedroeibar1 wrote: »

The amount of waffle and commercial ignorance on this thread is astounding.

It makes no difference whether or not it was cash or a cc payment. The OP gave his credit card details and his CIF code to somebody else, who, OP alleges, misused it. Handing out those details is a breach of OP’s T & Cs with the bank, so it will be unlikely to do a charge-back. Depending on the relationship, they just ‘might’ look into it.

They will do a charge-back. I say this from experience.

The OP is not a ‘debt collector’ (which legally means an assignee of a debt or somebody acting on behalf of others to collect debts). He is an individual trying to recover sums due to his company and is fully entitled to do so and doorstep anyone. Furthermore, debt collection is not a regulated activity. However, he has to be aware of the Offenses against the Person Act to ensure he keeps on the right side of the law. The Gardai do not want to know, nothing illegal has been done by doorstepping, it is a commercial matter, not a criminal one.

100% agree but why do it when the charge back will solve this and save the hassle of confrontation. What if it escalates, might not but if the person denies it or ignores you its very hard to do anything else without risking getting in trouble and it becoming a criminal matter.

Get the Gardaí involved and the debtor will tell them that it was (a) a mistake made by a former employee and it is under discussion with the OP or (b) tell them that the OP is talking nonsense and that it was a debt that was due and paid via him, probably adding “who in their right mind would hand out their credit card and CIF details!”. The Gardaí will then say it is a civil matter and be delighted to go away. Telling the DPC is another useless bit of advice, there arguably was no breach of the DP laws as the OP gave his details to another.

Which I said (in relation to the gardai). It's well within the remit of the DPC as they should not be holding onto such details without permission and have suitable security in place (for example to protect against ex or bold employees).

Uless the OP has significant proof of the fraud he might also find himself on the receiving end of a writ for defamation and all the costs that goes with it.

I am not advising claiming fraud. I am adevising ringing card services, informing them of charges that the OP did not authorised and asking for a charge back.

Also.when you say CIF, do you mean CCV?

CramCycle

pedroeibar1 wrote: »

So what part of the Data Protection Code is being breached?

From the Data Protection Website:
Case Study

More generally, I consider it to be a sound and proper principle that credit card data obtained for a particular transaction cannot be used subsequently for other transactions without express consent, without violating the 'fair obtaining' rule. The principle of transparency and fairness, which are key tenets of data protection law and practice, apply in this area just as in any other.

Information section:

13.7 Can an organisation retain my credit card / bank account details after I close my account with that organisation?

Section 2(1)(c)(iv) of the Acts provide that "the data shall not be kept for longer than is necessary for that purpose or those purposes [for which it was obtained]". Where the purpose for which the information was obtained has ceased and the personal information is no longer required, the data must be deleted or disposed of in a secure manner. Information should never be kept 'just in case' a use can be found for it in the future.

The Data Protection Acts do not specify a maximum retention period and accordingly it is a matter for the data controller to decide on an appropriate retention policy based on the circumstances and the reason why the information is being retained. We would not generally raise an issue from a data protection perspective with a retention policy that provides for banking information to be retained for a short period following termination of a customer contract in order to deal with any subsequent queries about payments made on the account/closing balances etc. We would not expect that such companies would be required to delete a person's bank details immediately when a person requests the closure of their account.


13.8 Can an organisation re-use my retained credit card information for a subsequent purpose?

Where personal data stored on a credit/debit card is collected for the purpose of a transaction, unless it is clearly stated, it can be assumed that the purpose for its collection ends following a certain period following completion of the payment for a product or service (to allow for follow-up payment related queries).

Where an organisation retains personal data for automatic renewal of a subscription service, we would expect the customer to have agreed in some way to this further processing. Where an organisation can point to an ongoing customer relationship and where it is using payment details in line with the terms and conditions which it outlined at the time the person signed up for the product/service, then the use of the credit card details in an auto-renewal transaction will not likely give rise to a data protection issue.

As for defamation, you are not even sure? Then why bother posting?

Again why bother accusing or doorstepping. Just report to the bank.

gargargar

pedroeibar1 wrote: »

The OP gave his credit card details and his CIF code to somebody else, who, OP alleges, misused it.

He made a payment using a credit card. It would appear they used this information again to make another payments. They must have held on to the information when he first gave it to the make the initial payment. Don't see any wrong doing on the part of the OP here.

I'm not sure about the CIF code. I don't see a reference to it in the original post (apologies if I have missed it). Could it be that he just gave the normal information - number/expiry/ccv?

pedroeibar1 wrote: »

Unless the OP has significant proof of the fraud he might also find himself on the receiving end of a writ for defamation and all the costs that goes with it.

For this new payment, I would assume the third party would most likely confirm that the OP is not a customer. I would doubt they would not want to get involved in credit card fraud.

GerardKeating

pedroeibar1 wrote: »

The amount of waffle and commercial ignorance on this thread is astounding.

Yes it is

pedroeibar1 wrote: »

It makes no difference whether or not it was cash or a cc payment. The OP gave his credit card details and his CIF code to somebody else, who, OP alleges, misused it. Handing out those details is a breach of OP’s T & Cs with the bank, so it will be unlikely to do a charge-back. Depending on the relationship, they just ‘might’ look into it.

Not correct, otherwise how would one use the credit card.

pedroeibar1 wrote: »

The OP is not a ‘debt collector’ (which legally means an assignee of a debt or somebody acting on behalf of others to collect debts). He is an individual trying to recover sums due to his company and is fully entitled to do so and doorstep anyone. Furthermore, debt collection is not a regulated activity. However, he has to be aware of the Offenses against the Person Act to ensure he keeps on the right side of the law. The Gardai do not want to know, nothing illegal has been done by doorstepping, it is a commercial matter, not a criminal one.

The OP did not authorise the third (innocent) party to use the card, it does not matter to the OP whom use the card, just that it was unauthorised.

All the OP should be concerned with is getting the card issue (BoI i gather) to raise a chargeback, it is for them to bother with the Gardaí if they want.

It might be a genuine mistake, but they should never had retained the card details.

onedmc

sreilly37 wrote: »

So far the bank is refusing to return the money.

!

I cant understand this if you didn't "order" the service then you need to refudiate and the banks will organise a chargeback.

How do you know who used the card? Seems odd that you know this, did someone provide you with evidence of this. If you have this evidence give it to the bank.

pedroeibar1

CramCycle wrote: »

From the Data Protection Website:
Case Study

Information section:

.

You really have no idea. That is about consumers, individuals. We are discussing a company debt and credit card.:rolleyes:

pedroeibar1

So, in brief, three pages in on this thread and the OP has not been on within an hour of his first post.

We have people who have read the OP and not seen that we are discussing a company credit card, not a personal one. (There is a big difference.)

We have posts from people who have no idea of what is covered by DPL or how the Data Protection Act differentiates between consumers and companies. (There is a big difference.)

We have people who have no idea of the terms and conditions pertaining to the issuance and use of a credit card and who have a sense of entitlement to a ‘chargeback’ due to stupidity. (Banks are not charities and also have responsibilities to the payee.)

We have posts from people who have no idea that a company has legal personality and can sue or be sued in its own right. (It has, and it can.)

We have people who think that accusing a company of fraud and informing several banks and one of its customers is not defamation. (Let’s not get side-tracked on libel and slander.)

We have people who think that a bank is simply going to charge-back a debit on the OP’s company account purely on his say-so. (No it will not.)

We have people who think door-stepping and debt collection is illegal. (No it is not.)

We have people who think the Gardai would be interested in door stepping/debt collection. (No they will not.)

We have people who think that handing out a CFF number is ‘grand’. (There are gobs#ites in every industry who have no idea of security.)

We have people who think the firm that used the card details was wrong to hold them on file. (Yes, probably, but they will claim that they were told to keep them for future payments. Go prove otherwise!)

Lots of keyboard warriors with no idea of debt collection, law or the reality of business life. It’s no wonder so many of the better posters have left this forum. I’m out of this thread, I’ve wasted enough time.

Delacent

pedroeibar1 wrote: »

The amount of waffle and commercial ignorance on this thread is astounding.

It makes no difference whether or not it was cash or a cc payment. The OP gave his credit card details and his CIF code to somebody else, who, OP alleges, misused it. Handing out those details is a breach of OP’s T & Cs with the bank, so it will be unlikely to do a charge-back. Depending on the relationship, they just ‘might’ look into it.

.

Looking at your posts you seem to do nothing but attack people and sit on some imaginary throne believing you know everything

This is a very simple case.

Unless the pin number was used (unlikely) its a "cardholder not present" transaction and its for the company that took the card details to prove that they were correctly applied.
If they cannot show a connection with the cardholder and approval for debt, then the funds are taken from their account along with a fee (€25 in the case of Elavon)

The op should give the company that took the payment one chance to make a refund.

As they have been informed that it was not an honest transaction, they could be also considered to be complicit in the fraud.

So if op wants the funds back, put pressure on their card issuer about unauthorised transaction and the company that took the payment.

Then after getting money back you can decide if you want to pursue it further.

CramCycle

onedmc wrote: »

I cant understand this if you didn't "order" the service then you need to refudiate and the banks will organise a chargeback.

How do you know who used the card? Seems odd that you know this, did someone provide you with evidence of this. If you have this evidence give it to the bank.

Vodafone gave me the details on who used my card as I was the cardholder and as far as they knew, the person who used the card and entitled to said details.

pedroeibar1 wrote: »

You really have no idea. That is about consumers, individuals. We are discussing a company debt and credit card.:rolleyes:

As someone, formerly with a company and a personal card, I can tell you the principles are not much different, but please, keep giving out to everyone without actually posting any links that even hint you are correct or know what you are talking about. It has happened once or twice where a hotel or some such had double charged or charged a wrong amount, or charged for another date. It did not add up with what I submitted. Admin in the office would query it, sometimes they would refund ASAP, sometimes you were met with someone who couldn't and they had to contact the card issuers to deal with it and issue a chargeback (admittedly rare). It sounded like a mildly frustrating process the way it was talked about over coffee but it always got done.

pedroeibar1 wrote: »

We have people who have read the OP and not seen that we are discussing a company credit card, not a personal one. (There is a big difference.)

In regards to the fact that it is a small company (OP) and potentially the OP carries it in their own name or under the companies name, not much in this situation. It only really makes a difference in terms of certain benefits, who can authorise applications for changes in lending conditions (eg increase in limit) and who is responsible should payment and other requirements fail to be met. For example on mine, it would have to go to the board to authorise an increase, I often just returned expenses rather than go through the rigmarole.

We have posts from people who have no idea of what is covered by DPL or how the Data Protection Act differentiates between consumers and companies. (There is a big difference.)

Fair enough, but the reply was in regards to credit card data, assuming (and until the OP responds, you know no better), the original transaction was a once off, it still applies. Maybe the OP agreed to the holding of details, do you really think he agreed to payment of their bills. Why would they not charge money owed to themselves and then pay their debtors. Noone in an SME, in their right mind, does business this way unless they are up sh1t creek and really stupid.

We have people who have no idea of the terms and conditions pertaining to the issuance and use of a credit card and who have a sense of entitlement to a ‘chargeback’ due to stupidity. (Banks are not charities and also have responsibilities to the payee.)

It's not a sense of entitlement. They don't do it at a whim, you have to talk through the process, and once happy that it was not authorised and treated as a POS transaction (which is what it would appear like), then they can initiate it, provided you accept the ramifications that if you misled them or are shown to be in correct, the money will be reacquired and other consequences (presumably based on value) could apply. The original details from the original transaction would leave enough info for the company to initiate a POS transaction. If their systems were set up in regards best practice, they would not, but that is often not the case with small companies around Ireland.

We have posts from people who have no idea that a company has legal personality and can sue or be sued in its own right. (It has, and it can.)

I don't think anyone said it couldn't. What advice was given was in good faith that the OP has been forthcoming with the truth.

We have people who think that accusing a company of fraud and informing several banks and one of its customers is not defamation. (Let’s not get side-tracked on libel and slander.)

It is not in the public domain, it is not accusing the other company of anything, it is simply telling the card issuer that it was not authorised. It is upto them to go to the company if their is a dispute on the charge back to say here is what was said, at which point the middle party (ie the guilty party as fa as the OP is concerned) can pipe up and say well actually, the OP authorised clearly the right to do this and agreed to explicitly r they can hold their hands up and see, sh1t, our mistake, and make up whatever excuses they want and hope they don't get in more trouble.

We have people who think that a bank is simply going to charge-back a debit on the OP’s company account purely on his say-so. (No it will not.)

As has been explained several times. No card issuer will, until several steps (they will talk the OP through them) have been satisfied. The OP though is the only one opening themselves upto risk if it turns out they have lied.

We have people who think door-stepping and debt collection is illegal. (No it is not.)

Again, not illegal but highly irresponsible when there are far easier and safer courses of action.

We have people who think the Gardai would be interested in door stepping/debt collection. (No they will not.)

Again, no one said that, the gardai will have no issue with it, perfectly legal. It is though unnecessary, and is a POTENTIAL risk point which I would not ask any employee to take when there are clearly easier routes. Who should they doorstep? how small is the company? Who is the relevant person? Should they take a cheque? Should they take a promise of repayment? Should they risk the slander. Should they risk the call to the Gardai by the unexpecting employee who feels they have been assaulted. No issues may arise, the person at the door may be the right person, they may look into it, realise that there has been a colossal F UP and pay up ASAP but then again, they may not.

We have people who think that handing out a CFF number is ‘grand’. (There are gobs#ites in every industry who have no idea of security.)

It was CIF earlier, now it is CFF. Did you mean CCV or at least explain which number you are on about, as I have never had to use a CIF or a CFF to use a company card but I have had details held for recurrent transactions.

We have people who think the firm that used the card details was wrong to hold them on file. (Yes, probably, but they will claim that they were told to keep them for future payments. Go prove otherwise!)

That is irrelevant, the point is that, lets say they did hold the details. Do you really think that they authorised, or anyone will believe they authorised the direct payment of one of their own debts?

Lots of keyboard warriors with no idea of debt collection, law or the reality of business life. It’s no wonder so many of the better posters have left this forum. I’m out of this thread, I’ve wasted enough time.

A pity, I was looking forward to something akin to tangible proof, references, even experience to back up what you said.

Bandara

Hi OP

You need to move quickly on this, there is a limit of 60 days to submit chargeback applications

Download and complete this form and post to your bank (I'd suggest registered post)

https://www.bankofireland.com/fs/doc/wysiwyg/18-594r-boi-credit-card-transaction-dispute-form-18052012-v2-2.pdf

The onus is then upon the Merchant to prove the transaction is genuine and as its a customer not present transaction they are essentially unable to do so.

Don't waste time stressing about it, just submit your claim and get that ball rolling first. I would also personally like to see you report this to the gardai. If they have done it to you its entirely likely that many other peoples cards have been stolen from, and they may not notice it in time etc

I would be of the opinion that they should be dealt with and made to stop this behaviour.

Good luck with it.

emeldc

Bandara

The onus is then upon the Merchant to prove the transaction is genuine

Are you sure about that. It was the other way around with me.

jimmycrackcorm

emeldc wrote:

Are you sure about that. It was the other way around with me.

How can you prove transactions that you didn't make?

Digital_Guy

pedroeibar1 wrote: »

So, in brief, three pages in on this thread and the OP has not been on within an hour of his first post.

We have people who have read the OP and not seen that we are discussing a company credit card, not a personal one. (There is a big difference.)

We have posts from people who have no idea of what is covered by DPL or how the Data Protection Act differentiates between consumers and companies. (There is a big difference.)

We have people who have no idea of the terms and conditions pertaining to the issuance and use of a credit card and who have a sense of entitlement to a ‘chargeback’ due to stupidity. (Banks are not charities and also have responsibilities to the payee.)

We have posts from people who have no idea that a company has legal personality and can sue or be sued in its own right. (It has, and it can.)

We have people who think that accusing a company of fraud and informing several banks and one of its customers is not defamation. (Let’s not get side-tracked on libel and slander.)

We have people who think that a bank is simply going to charge-back a debit on the OP’s company account purely on his say-so. (No it will not.)

We have people who think door-stepping and debt collection is illegal. (No it is not.)

We have people who think the Gardai would be interested in door stepping/debt collection. (No they will not.)

We have people who think that handing out a CFF number is ‘grand’. (There are gobs#ites in every industry who have no idea of security.)

We have people who think the firm that used the card details was wrong to hold them on file. (Yes, probably, but they will claim that they were told to keep them for future payments. Go prove otherwise!)

Lots of keyboard warriors with no idea of debt collection, law or the reality of business life. It’s no wonder so many of the better posters have left this forum. I’m out of this thread, I’ve wasted enough time.

The acronym you are looking for to describe the three digit number is a CVV.

You don't understand the concept of defamation I'm afraid. One core factor is that the accusation has to be false to qualify. A second one is that the accusation must have been widely heard - hardly likely in this case.

Don't believe anyone said doorstepping was illegal. Probably because it is very unlikely that anyone would think calling to a place of business to speak with someone is illegal. So illegal - no. Stupid, yes (especially as a first step).

So just two things you got wrong - people in glass houses!!

Cramcycle's advice seems sound, but this thread goes to show you should talk to your bank, solicitors, the Guards (if required) and whoever else and use a forum only as a sounding board.

BlinkingLights

If your card has been compromised and you know it is being misused you need do contact your bank's fraud department ASAP.

Actually, to fail to do so may risk you being told by the bank you're being negligent - you should always notify them immediately 24/7 if you suspect your card has been compromised.

Once your card is blocked you need to work with your bank to sort this out and get the Gardai involved if it is fraud.

Unauthorised use of a customers credit card is fraud and theft. It needs urgent investigation if they're handling cards as you might not be the only victim.

It could be a rogue employee or a computer hack too so, don't publicly name any company - just deal with the bank and make a complaint to the Gardai.

RUDOLF289

Bandara wrote: »

Hi OP

You need to move quickly on this, there is a limit of 60 days to submit chargeback applications

Download and complete this form and post to your bank (I'd suggest registered post)

https://www.bankofireland.com/fs/doc/wysiwyg/18-594r-boi-credit-card-transaction-dispute-form-18052012-v2-2.pdf

The onus is then upon the Merchant to prove the transaction is genuine and as its a customer not present transaction they are essentially unable to do so.

Don't waste time stressing about it, just submit your claim and get that ball rolling first. I would also personally like to see you report this to the gardai. If they have done it to you its entirely likely that many other peoples cards have been stolen from, and they may not notice it in time etc

I would be of the opinion that they should be dealt with and made to stop this behaviour.

Good luck with it.

At long last, some practical advice and recommendation as to how to arrange a chargeback.

RUDOLF289

pedroeibar1 wrote: »

Was it to pay a debt incurred by you? Did they have your permission? If not, place a stop on the card right now. They must have been cash desperate to do that, so doorstep them and tell them unless you have cash immediately you are (a) going to the Fraud Squad and (b) inform the IAPI. Do not take a cheque or promises - even volunteer to go to the bank with them. I'd also break all links with them.

Doorstepping runs the risk of complications and things getting out of hand. Placing a stop on the card (and getting a new one) would be a sensible action to take. Writing to the issuer of the card and/or the bank would also be required as part of the process of getting the money refunded. Two simple steps really.

lawred2

pedroeibar1 wrote: »

It makes no difference whether or not it was cash or a cc payment. The OP gave his credit card details and his CIF code to somebody else, who, OP alleges, misused it. Handing out those details is a breach of OP’s T & Cs with the bank,

what?

RUDOLF289

lawred2 wrote: »

what?

Surely you know that you are not allowed to provide credit card details over the phone when you are buying something or paying for a service ...........

I am not entirely sure what the alternative is, so therefore I break the Terms and Conditions of my debit card use several times per week ...........:p:p:p:p

I suppose I better have another good look at those terms and conditions

mel123

Can i jump on this thread with a question, seeing as it kind of relates.

You know when your giving someone your cc details for whatever reason, and then they ask you for the three digits at the back? Are you meant to give the 3 digits?

emeldc

jimmycrackcorm wrote: »

How can you prove transactions that you didn't make?

In my case there was an original transaction and then a duplicate unauthorized transaction 6 months later (car hire). Luckily I could produce the paperwork for the first transaction but it was only when I threatened the bank with the European small claims court that someone actually read the file and made the refund (9 months on). And no fraudsters were harmed or prosecuted in the making of this post :rolleyes:.

emeldc

mel123 wrote: »

Can i jump on this thread with a question, seeing as it kind of relates.

You know when your giving someone your cc details for whatever reason, and then they ask you for the three digits at the back? Are you meant to give the 3 digits?

The seller can't process the transaction without it.

Digital_Guy

mel123 wrote: »

Can i jump on this thread with a question, seeing as it kind of relates.

You know when your giving someone your cc details for whatever reason, and then they ask you for the three digits at the back? Are you meant to give the 3 digits?

As mentioned above, they can't complete the transaction with those details, otherwise they wouldn't need them.

It's about using your own judgement really - there's a difference between John from Customer Support in Meteor asking for them, and Tony down the pool hall*.








*Not casting any aspersions on Tony down the pool hall.

RUDOLF289

Digital_Guy wrote: »

As mentioned above, they can't complete the transaction with those details, otherwise they wouldn't need them.

It's about using your own judgement really - there's a difference between John from Customer Support in Meteor asking for them, and Tony down the pool hall*.








*Not casting any aspersions on Tony down the pool hall.

I was just about to jump to Tony's defence !

lynchie

mel123 wrote: »

Can i jump on this thread with a question, seeing as it kind of relates.

You know when your giving someone your cc details for whatever reason, and then they ask you for the three digits at the back? Are you meant to give the 3 digits?

Like the reply above, yes you must give the Card security code (Each card scheme uses different acronyms for it CVV/CVV2/CVC2) to the merchant to process "Card not present" transactions. The code is to verify you are in possession of the card. PCI-DSS mandates that the card security code is never written down / recorded / stored and most payment gateways / virtual terminals / e-pos devices will not store them but only use them for verification.

davindub

Digital_Guy wrote: »

As mentioned above, they can't complete the transaction with those details, otherwise they wouldn't need them.

It's about using your own judgement really - there's a difference between John from Customer Support in Meteor asking for them, and Tony down the pool hall*.

*Not casting any aspersions on Tony down the pool hall.

These days I wouldn't trust anyone with CC details. There is a lot of fraud going on and they are getting away with it there usually isn't a investigation for small amounts.

Don't even hand your card to a cashier in case they skim it quickly before entering it into the terminal.