Online shoppers are usually worried about security features on websites to protect their credit card details. However, PC & Tech Authority reader Darren wrote to Investigator because he was concerned about being asked for unexpected proof when shopping on the retail portal of Micron Technology, the US-based www.crucial.com
He wrote to Investigator explaining that after he placed an order for two 256 GB SSDs and some SODIMM RAM on crucial.com he got an email confirming his order, but this was followed a few days later by an email with an unusual request.
The email contained the following:
“Cardholder security is important to Crucial. In an effort to protect cardholders and Crucial from fraudulent transactions, additional verification of your order is needed.
“To expedite shipping, please fax or email Crucial a current utility statement verifying your billing address. An example of a utility statement is a phone bill, power bill, cable or internet bill. It is important that you do not send a copy of your credit or debit card statement as verification. We are also unable to accept a driver’s license or passport as verification.”
The email suggested that he could black out account numbers and the usage data so it would be unreadable. He was advised that he should include the sales order number on his fax. He was also told that:
“Upon our receipt and review of the required verification, we may release your order. Please contact us before 8-27-2012 or your order may be cancelled.
“We appreciate your immediate response, allowing the shipment of your order as quickly as possible. We apologize [sic] for any inconvenience this additional step requires; this security policy is in place for your protection.”
Darren was bothered and not sure if he should be worried.
“Is it just me being paranoid or does this sound like a prelude to identity and/or money theft?”
“If this is a legitimate way of them checking then I need some serious reassurance I’m not about to be ripped off or have my identity stolen. With all the positive reviews I’ve read online about Crucial I’m really surprised at this strange request.”
Darren wrote back and asked them why this proof of his address was required to finalise the sale. Crucial replied that current privacy laws prevented them from verifying his address via his bank (some banks have systems in place that allow for this kind of verification to happen electronically, but it requires support from both the company providing merchant services to the retailer and your bank). The follow-up email reiterated that he could blank out certain details, but it was necessary to fax or email a copy of a utility bill to verify his address.
Investigator checked the crucial.com website and there is information about international shipping and the site will ship to Australia and lists the delivery price as US$25. However, it has nothing on the site about needing to verify a buyer’s address with a bill or other documents.
In Australia, we have a set of national privacy principles that govern how personal information can be collected and identified. These rules outline the purposes for which personal details can be used, the disclosure of information and how it can be held or removed. For example, companies can only collect personal information if it is necessary for one of its functions and the way it collects personal information must not be unreasonably intrusive and should be fair and lawful.
Obviously when dealing with companies that are operating outside of Australia, these privacy principles don’t apply. This leaves consumers in the position of having to weigh up the risks of disclosing some private information when buying from online businesses.
Investigator approached Crucial several times to get an explanation of why it was necessary to have address verification and why a bill but not a passport or drivers licence was required. Crucial had not replied as we went to print. We suspect that it is to reduce fraud when shipping overseas (you tend to find long-running online businesses have been burned by this in the past).
Darren did as he was asked, but after a week with no reply he sent an email asking for his order to be cancelled and to have his details deleted. He said he would not be dealing with them again.
“I have had no reply, but I have not been sent the items I ordered nor have I been charged for them. I just hope I don’t suddenly run into someone with the same name as me.”