After placing an order with a well known supplier of “stuff for the smart masses,” I received, by return of email, a request for “information needed to complete your order.” In order to satisfy this, I can send them (by email or fax) one of the following:

(1) A copy of the credit card used to order, with only the last 4
digits showing AND a copy of your government issued ID (Credit Card
orders only)
(2) A copy of a statement from a service provider or financial
institution, that shows the billing address submitted during checkout
(Credit Card or PayPal orders)

Two thoughts occur. The first is, when someone asks me for this sort of information by email, they’re usually trying to scam me. The second is, neither of these pieces of identification would be difficult to fake. Using a decent image editor, I estimate it would take me about an hour and a half to produce a good quality, sharp digital image of a passport and credit card, with all of the details changed, less than half that to produce a slightly blurry image that will pass a quick glance, and five minutes to alter the details on a utility bill so that it will look genuine enough when sent by fax.

This sort of measure provides no additional security at all, while pissing off customers. I am currently waiting for them to explain themselves.

Update: I never did get a satisfactory explanation. They claimed it was to protect me from fraud, bit did not address my case that the measures they had chosen would be totally ineffective. However, in the end (and after I had ignored several reminder emails), they shipped my package anyway.

They obviously decided that, although they care about my security, they care about my money more.


