Ebuyer

Oh dear. I'm glad I started using them before this bollocks.

It is up to your card issuer as to whether it is optional or not. I think that MasterCard SecureCode, which slightly pre-dates Verified by Visa, is always compulsory.

Colin Bignell

...

I used to have a regular customer for my online business who always threw up numerous fraud warnings - multiple cards used at this address, multiple names used at this address and a few others. He had a shop at Gatwick Airport and the automatic checks treated the whole airport as a single address.

Colin Bignell

One of the twelve pointers is young men whose lower face is paler than the upper, where they have shaved their beard off.

Colin Bignell

Thank-you for posting these details. I've noted your experience so ebuyer have just joined my list of companies to avoid.

Also, I think you should make a formal complaint to the credit-card company saying that one of their merchants is asking customers, AFTER the transaction has been authorised, for confidential personal information.

Say that while you accept that it might not be phishing you do not like the lack of forewarning of this on their site, nor do you see why you should trust them to safeguard that information if you chose to provide it.

I think if there's doubt about the transaction, it should have been rejected in the first place.

I rang Visa International and asked them specifically about this a while ago, and they said that the issuers all use their own algorithms to match the card number, purchaser, amount etc and decide whether or not to ask you for the extra authorisation info.

Thank you, I might well contact my bank and tell them about - it was my bank debit card, not a credit card.

I feel particularly aggrieved by this because - not only do I have an unblemished credit rating, and this was for the princely sum of £59.99 - I deliberately chose not to pay by credit card or Paypal, even though they are probably more secure, because I was thinking it would save Ebuyer having to pay commission on such a small transaction.

However, from what I have since learned about them, it seems that in the long term they might well have done me a favour!

I would be interested in ebuyer's response to a query as to why they think having customer's biometrics will in any way lower their risks, and also what assurances they can give that they are competent to ensure their security.

You will find that for any online retailer, there will be people who have a grievance - its the nature of these things that the disgruntled make far more noise than the happy customers. The difficulty with any situation like this is that most of what you get is anecdotal rather than objective numbers. I have (so far) had many years of decent enough service from them, but that could just be luck - who knows.

Assuming this information ends up on Ebuyer's systems, what would be the Information Commissioner's Office view? Do they not usually say that unnecessary information should not be collected?

I note this:

" The Identity and Passport Service advises organisations who wish to retain a reproduction of the personal details in the passport that they should obtain the consent of the individual to do so. Organisations are also advised to retain a record of the consent and to store the passport details securely. "

I interpret that as needing EXPLICIT consent - not simply the consent implied by your conforming, possibly unthinkingly, to their request.

I absolutely agree with you. Further, I absolutely agree that they should not have taken card details until such checks as they deem necessary have been completed. Again, taking card details is unnecessary if the transactions cannot go ahead because you would refuse Ebuyer's excessively heavy ID requirements. Should have broken both the DPA and the card company's T&C.

Ebuyer have now joined Machine Mart...