Our web hosting company, OCS Solutions, like any other hosting company, has to deal with one of the highest rate of fraud orders in business. For some reason, web hosts are targeted more often than most other types of vendors.
Because of this, we often require new customers from overseas to fax or securely send us a copy of the front and back of their credit card. While most of them are used to this policy (we are not the only ones that do this, many online merchants now require this), some are not, and it can cause quite an uproar.
Ironically, asking for a photocopy of the front and back of a credit card is no different than handing a credit card to your waiter or at a convenience store. You're proving you have the card in your physical possession. But, when conducting online commerce, most people are actually more cautious than they would be in conducting real world transactions, where the opportunities for fraudsters and criminals are actually greater. It's a classic manifestation of the 80/20 rule, putting 80 percent of effort into securing something that is likely 20 percent of the threat.
I'm not saying that there aren't security risks in online transactions, because there are. Consider this though – most people wouldn't order from a site that didn't have SSL (i.e. https://), but give their credit card number freely over a cordless phone that can easily be listened to with over the counter supplies and little to no expertise. Ironically, it's considerably harder to “listen in” on a non-secure web connection than it is to tap a phone.
So when I see someone have a problem with sending in this sort of verification, I do understand where the fear comes from, but am puzzled as to society's consistent misapplication of security. One customer called their bank and the representative said that it 'sounded suspicious' and recommended them not to do it. They said that this policy made it sound like we had a “credit card copying facility” behind the scenes. That same customer would not have been able to order from many online retailers now that require this proof.
Unfortunately, these myths make honest retailers trying to avoid getting screwed by credit card fraud and protect their own security look like xenophobic paranoids.
