Sorta frustrated at a PS vendor and their payment processing

[TechieTechie]

Trying to order two sets of diamond huggie earrings from that very highly recommended online/B&M PS vendor and they are making payment a real pain. First off, they won't take a person to person payment (Capital One 360's version of a wire transfer) and if I want to pay by my AMEX, I freaking have to send a copy of my credit card and license to them via email or fax.

Not only is the a PITA in this day and age, but I work in IT consulting and do a ton of security work. And emailing credit card and license information over the internet, on an unsecured connection and without the proper encryption (scrambling the message so it's unreadable by spambots or hackers) is an open door to identity theft.

Honestly, I am this close to cancelling a $4k order. I know I am likely overreacting, but this sorta thing really gets my goat.

Anyone else have this problem?

 

[Niel]

Re: Sorta frustrated at a PS vendor and their payment proces

It happens. I've had to jump though a few hoops to buy from a few different vendors.

See if they take PayPal. I find that the easiest way to deal with diamond vendors online.

 

[mdmc]

Re: Sorta frustrated at a PS vendor and their payment proces

Not sure who you are dealing with but I just did a wire transfer from my bank. No problems.

 

[CRYSTAL24K]

Re: Sorta frustrated at a PS vendor and their payment proces

I know it is a PITA, but I think the credit card/license procedure is for your protection.
When dealing with high priced items they want to risk the liability of fraud.

I have no answer for Capital One 360.

 

[diamondseeker2006]

Re: Sorta frustrated at a PS vendor and their payment proces

Can't you do a regular wire transfer? I've done it many times and it is so easy!

 

[Mikla]

Re: Sorta frustrated at a PS vendor and their payment proces

I agree with the OP. Never put personally identifying information in email. That's just asking for trouble. However, a wire transfer,Paypal, or an ACH should be just fine. Do they have a problem with any of those options?

 

[arkieb1]

Re: Sorta frustrated at a PS vendor and their payment proces

I mostly use International wire transfer get charged a bucketload of fees and get ripped off on the exchange rate. I've also given vendors my credit card details unsecured and never had any issues, so maybe you need to explore other ways to pay.

 

[TechieTechie]

Re: Sorta frustrated at a PS vendor and their payment proces

I just figured out a way to do a wire...I can do the wire from my secondary checking account, I just have to transfer funds between accounts. It's just a combined frustration with my own primary bank account...but also with the request from the vendor.

The vendor asks for the CC and ID for their protection (in case they have a fraudulent or stolen CC to pay for goods) not ours. I understand why they want that...but if they do, they should provide a secure, encrypted method to obtain that information.

As a PSA announcement, you should never, ever send personal financial information over an unsecured connection. And, any business that you do business with should never, ever save your personal information (social security #, DOB, bank information or CC information) without some sort of masking. (look at a restaurant CC receipt...it only has the last 4 digits....that is masking). Otherwise, your financial information is ripe for theft. Just because it hasn't happened to any of us doesn't mean that it won't. I had a friend whose identify was stolen...it cost them $50k before they were able to recover their money. And my company has worked with some the most notable CC breaches in the country...so I have first hand experience with how widespread the potential danger is. Most companies, particularly smaller ones, don't have proper safeguards in place to protect your valuable data....even my hair salon had my AMEX card number, expiration date, and security code on file (for cancellation policy)..everything someone needed to put charges thru to my account...until I demanded they delete it.

Anyways, in regards to the bling...I will be sending wire today from my secondary account. I just want everyone to be careful out there, particularly during the holiday season, with their personal financial information! You want to spend that money on bling and your families and loved ones, rather than lining pockets of crooks.

Rant over. Thank you for listening!

 

[SB621]

Re: Sorta frustrated at a PS vendor and their payment proces

I just figured out a way to do a wire...I can do the wire from my secondary checking account, I just have to transfer funds between accounts. It's just a combined frustration with my own primary bank account...but also with the request from the vendor.

The vendor asks for the CC and ID for their protection (in case they have a fraudulent or stolen CC to pay for goods) not ours. I understand why they want that...but if they do, they should provide a secure, encrypted method to obtain that information.

As a PSA announcement, you should never, ever send personal financial information over an unsecured connection. And, any business that you do business with should never, ever save your personal information (social security #, DOB, bank information or CC information) without some sort of masking. (look at a restaurant CC receipt...it only has the last 4 digits....that is masking). Otherwise, your financial information is ripe for theft. Just because it hasn't happened to any of us doesn't mean that it won't. I had a friend whose identify was stolen...it cost them $50k before they were able to recover their money. And my company has worked with some the most notable CC breaches in the country...so I have first hand experience with how widespread the potential danger is. Most companies, particularly smaller ones, don't have proper safeguards in place to protect your valuable data....even my hair salon had my AMEX card number, expiration date, and security code on file (for cancellation policy)..everything someone needed to put charges thru to my account...until I demanded they delete it.

Anyways, in regards to the bling...I will be sending wire today from my secondary account. I just want everyone to be careful out there, particularly during the holiday season, with their personal financial information! You want to spend that money on bling and your families and loved ones, rather than lining pockets of crooks.

Rant over. Thank you for listening!

I didn't think this was a rant at all. My husband says I'm too trusting so I would complain too but eventually send my info over. I think I have been extremely lucky so far so I appreciate the warning. I do need to be more serious about this.

 

[smitcompton]

Re: Sorta frustrated at a PS vendor and their payment proces

Hi,

I agree with you completely. I had this problem with James Allen and I cancelled my order. I want my purchases on my credit card for several reasons. I have never had this problem before from any purchase on the internet. I think they ought to get into the 21 st century. Actually I think this forces you to ach them where they can avoid CC objections. There have been other complaints on here about james Allen.

Annette

 

[TechieTechie]

Re: Sorta frustrated at a PS vendor and their payment proces

Annette, I felt the same way. By putting a 10 day hold on checks (most financial institutions only hold for 4 or 5 days, enough time for the money to be deposited) and asking for the CC information, they are actually putting up artificial roadblocks and making ACH and wires the least hassle free payment method for us to pay. Now, they also benefit from this, as they get the money more quickly for ACH or wires (same day), but vendors also avoid the 4%-7% credit card fees that they must forfeit (Vendors get our payment, less the 4-7% CC fee, deposited into their account).

It wasn't JA, but one of the top 3 vendors here.

They should accept that credit card fees are the cost of doing business...though it's tough for small businesses to swallow that reduction in revenue. And, AMEX fees are high (7%) and I can understand why businesses push back on accepting them. But I would prefer CC payment as I have a method of escalation should a purchase go south.

 

[diamondseeker2006]

Re: Sorta frustrated at a PS vendor and their payment proces

I also appreciate the warning about sending unsecured information. Is faxing as dangerous as email?

You do not have to worry about this vendor. Their earrings are superior in quality and their return policy is solid should it not be what you want. Glad you found a way to wire the money!

 

[elle_chris]

Re: Sorta frustrated at a PS vendor and their payment proces

Hi,

I agree with you completely. I had this problem with James Allen and I cancelled my order. I want my purchases on my credit card for several reasons. I have never had this problem before from any purchase on the internet. I think they ought to get into the 21 st century. Actually I think this forces you to ach them where they can avoid CC objections. There have been other complaints on here about james Allen.

Annette

I'm surprised JA is doing this. I've ordered diamonds and even a diamond band not too long ago. Paid by CC and never had this problem.
Is this recent?

I know which vendor you're talking about, Techie. I've been using them for years and recently was also asked to provide them with my drivers license for a CC payment.

I made a big stink about it so they let it go. I don't like the policy one bit either.

 

[WinkHPD]

Re: Sorta frustrated at a PS vendor and their payment proces

I am not the vendor involved, but I do not take international credit cards and I offer a 5% discount on my diamonds to entice my clientele to pay via wire transfer.

Why?

Because it is 100% safe for me. With some credit cards I have to sweat the transaction up to a year before the money is actually safely mine. With diamond margins paper thin, one fraudulent transaction can take fifteen to twenty equal sized transactions to recover the lost value. Not a great incentive for a vendor to accept plastic.

With a wire transfer I do not have to pay the cc fee, which can vary from just under 2% for a simple card to over 5% for a cash back card. Theoretically we are not even allowed to ask if it is a cash back card. Cash back cards are great for the consumer, but the card companies pass all of that along to the sellers without any option for us to say no. (Or more properly to say HECK NO!)

I will tell you one thing too, if a stateside purchaser wants to forgo the wire transfer discount and use a credit card, all of the red flag alerts go up and wave HARD at me. We then have a procedure to follow that does include things like the copy of your driver's license and credit card so that we can be sure that the two match. We ask you also to have a photo taken with you holding up the drivers license and credit card so that we can match the face on the DL with the face in the picture.

Once we start going through all of that the fraudulent attempts disappear immediately (several per year sadly) and for the past five years or so, all of the legitimate purchasers just go to the bank and send a wire.

I know that big companies can afford the safe transmission access that you are referring to, but it is not cheap or affordable to a more moderate size business.

We do accept Pay Pal up to about 2k, but after that we get the same protective concerns that we do with credit cards. an average of around 3% fees and having to be a nervous nelly for 60 days about being hit up for a refund if the "client" demands a refund for any reason, real or imagined. When we are doing transactions of 10k and up, that is just too high a cost for the margins we work on when we have to throw in the uncertainty of whether or not the client is a good guy or a bad guy.

Personally, I like the certainty of wire transfer. Once that money is in my account, it is MINE! Period.

I can and will give you a refund if you ask for a legitimate reason. If I did not, even just once, it would be all over google. However, the bad guys can NOT take their money back once it is in my account.

That's my side of the story and I am sticking to it!

Wink

 

[Karl_K]

Re: Sorta frustrated at a PS vendor and their payment proces

I also appreciate the warning about sending unsecured information. Is faxing as dangerous as email?

You do not have to worry about this vendor. Their earrings are superior in quality and their return policy is solid should it not be what you want. Glad you found a way to wire the money!

faxing from a physical fax machine over a phone line to a phone line based paper fax machine that is in a secured area is consider secure for CC info.
Computer based or fax to email or email to fax is not secure.
Anyone asking someone to email(or other insecure methods) cc info needs to read their agreement with their processor and the pci requirements.
If there is a breach they could be liable for damages plus costs.
Even for a small vendor that can be millions of dollars and insurance will not likely cover it if they did not follow the guidelines.

 

[TechieTechie]

Re: Sorta frustrated at a PS vendor and their payment proces

All, thank you for your input...this has turned into a very interesting discussion.

First off...It was not JA, but I will go no further in naming names. Suffice it to say they are a top vendor here with an excellent return policy, so I am unconcerned about the quality and my ability to return items. It's more the processes and policies they are asking us, their clientele, to follow...and what risks we consumers must balance. Plus, a ten day hold on a check is just horsehooey. Most checks now clear the Fed and the paying bank in 72 hours...so that is a blatant attempt by this vendor to force folks away from writing checks for payment.

Karl..thank you for your open and honest answer. As a former small business owner, I had these same concerns, particularly with the restrictions and fees that the 'big 4' credit card vendors (AMEX, MC, VISA, DIS) require of merchants. It's pretty terrible and I appreciate the dilemma with slim profit margins...but I think it's a bit dishonest to put up roadblocks to entice clients to a particular payment method that is less risky to the vendor...and potentially more risky for the client (particularly the email faxing of CC and DL information . It's not a personal attack on you...B&M retail stores do this all the time as well. For example, when a customer purchases something at a mall store with their credit card..how often are they prompted to enter a PIN if you've used their Visa/MC cash card...all the time! It's because the payment transaction becomes a ACH transaction rather than a CC transaction...and the retail location avoids the processing fees and gets their money faster. Again, I'm perfectly fine with this as long as the consumer understands the trade off. Oh, and I wouldn't suspect potential customers who forgo cash discounts for credit card payments. 3-5% off is nothing when I compare the value of the points I get on my AMEX (I regularly earn enough AMEX points for several weeklong vacations a year off...on nothing but points).

Finally, Diamondseeker...IMHO faxing is not necessarily safer (sorry Karl). If there is a secure connection, if both faxes allow for encryption and password protection, and both faxes do not have harddrives that store information, then yes, it is more secure than email. But I certainly would not bet my horse on all of those variables lining up either...as most simple faxes don't have these capabilities.

Chip and Pin Credit cards are currently the most secure method of credit card payment (they are common in Europe but not yet here due to higher costs) but they aren't foolproof either.

http://bits.blogs.nytimes.com/2014/12/02/preparing-for-chip-and-pin-cards-in-the-united-states/?_r=0
http://www.pcworld.com/article/2853450/data-breach-trends-for-2015-credit-cards-healthcare-records-will-be-vulnerable.html

Again, I'm not against any one form of payment and the vendor's right to define their associated payments. I just want them to be open and honest in their demands, for we consumers to understand our rights & risks, and for vendors make our financial data as secure as possible.

And trust me, as a former IT auditor, most vendors only put enough money into data security as absolutely necessary....as it's one of those 'overhead' expenses that provide little to no value (in an age of shrinking IT budgets) until they get hacked or regulators step in. So everyone should be a little skeptical when looking out for the safety of their financial data.

If you are required to send something with financial data over the internet...I would recommend taking a picture of it, put the pic into a word document, password protect the word document, and then email. DO NOT email the vendor the password, call them instead. Personally, I wouldn't fax as who knows who could pick up the fax, but that's me.

Okay, Jen out

 

[yssie]

Re: Sorta frustrated at a PS vendor and their payment proces

Techie - rant as much as you like - and I thank you for it!! This is important stuff.

I'm a developer. I sorta figure... if someone's out for me, specifically, well... they're going to be able to get whatever information they want and there isn't much I can do about it, so the best I can do is avoid being the low-hanging fruit.

I like your suggestion of emailing pictures in password-encrypted Word docs (hopefully through a service that requires HTTPS like Gmail). Posting the images to a Dropbox account and removing them after they've been downloaded is another idea... the problem, of course, is that whilst we consumers can be very careful about distributing our information we have no control over what happens on the other end - downloaed to a phone on an unsecured public network? Printed in multitude and left on a desk somewhere, or tossed in the garbage un-shredded? Re-emailed internally? - and a company that recommends emailing sensitive information is IMO likely to be equally lax about securing internal procedures

It is an unfortunate fact that data security is, as you noted, usually a low priority. I wouldn't email my license and credit card information - it isn't that I don't like or trust the vendor, it just isn't safe

 

[Wednesday]

Re: Sorta frustrated at a PS vendor and their payment proces

Thanks for all the information, Techie. I knew never to send personally identifiable information over unencrypted e-mail, but thought I would need to get an encryption program (ugh, more work/research) in order to do so.

Your suggestion to paste the info into a password-protected Word document is an easy, cost-free solution. If a vendor is going to insist a buyer provide this info, without also providing a safe way for the buyer to provide it, they should incorporate this safeguard into the instructions to the buyer.