Today I was given my first introduction into DreamHost, and unfortunately, it is an ugly one. I’m not sure if this is a standard practice or I am just the lucky winner of making things difficult. I recently left a competitor (Myhosting.com) and decided after reading some really good reviews on Dream Host that it should be a great company. So today I gave it a try and instantly received this as my first introduction to your company:
[quote]Thanks for signing up!
Your account has been flagged for manual approval. No worries, we’ll be happy
take care of this for you, we’ll just need some additional information first!
Please provide a photo of the front of the credit card used to open the account,
so the cardholder’s name, expiration date, and the first and last 4 digits of
the card are clearly visible. Please block out the middle 8 digits for security.[/quote]
I had to reread the email 3 different times in shock and then rego through the entire registration process to see if this is an expectation of all customers as I have never had a company request this before. Normally, if there is any question on a credit card transaction a company will either A) Wait until it completely posts or B) do a 3 way conference call with a customer and their bank to ensure the transaction is legitimate. The only exception I have ever seen is the airline industry who requires a manual check upon checkin of the associated credit card of purchase and the value of those transactions are in the hundreds or thousands of dollars (not a $15 to $60 transaction).
As an IT security expert this bothers me for multiple reasons. First and foremost, billing transactions are encrypted with hash codes to protect the transaction. However, who has ever seen a support ticket system where the images are encrypted? I haven’t. Yet, that is exactly what this email is encouraging me to do. Upload a front / back image of a credit card to that very system.
I really hope I’m just having an unlucky day with the company and this practice is not standard. Either way, you should review it as the current practice is not ethical, secure,[/quote] or appropriate in my opinion.