Possible credit card scam

Franciscomv · Dec 2, 2013

I might be overreacting but this seemed a little fishy, so I thought it would be a good idea to let you guys know.

I placed an order with Knifeworks on Saturday (November 30) , I've always had great service from them. I got the usual confirmation e-mail. Shipping will take a while since it's an international order and so on.

Today I was surprised to receive an e-mail from a person claiming to work for Knifeworks, but using a Gmail account (instead of somebody@knifeworks.com) telling me that they needed photographs of my credit card to finish processing my order, and that it's a new measure to prevent fraud. I didn't reply, and instead I forwarded the message to help@knifeworks.com asking them to clarify if this was one of their employees (I haven't heard back from them yet). The person who wrote asking for the pictures knew my name and the number for my order.

Has anybody received a similar message? Am I an idiot and sending photos of credit cards is now SOP for on-line shopping?

Morrow · Dec 2, 2013

Did you call Knifeworks?

Franciscomv · Dec 2, 2013

I was going to call them through Skype, I'm in Argentina. I just went to their website to check opening times and they seem to be closed for a couple of days. I did e-mail them right away.

Morrow · Dec 2, 2013

Franciscomv said:
I was going to call them through Skype, I'm in Argentina. I just went to their website to check opening times and they seem to be closed for a couple of days. I did e-mail them right away.

Okay. Knifeworks is a dealer here. I sent their dealer account a message asking them to chime in on this.

Doug C · Dec 2, 2013

BIG RED FLAG, imo.
I'd never send images of my cc's to anyone.
I'd be sure to call the cc companies or bank posthaste.

DC

billygoat162 · Dec 2, 2013

I made a recent purchase and checked my inbox and spam folder and didn't find any such messages. I did get a phone call from knifeworks about my billing address when there was an issue once, but never an email.

I've honestly never heard of any company asking for pictures of someone's credit card, and email isn't secure enough for me to ever feel comfortable doing that regardless. I agree with Doug--do some calling to see if there is any fraud going on with any of your accounts. I would also start changing passwords.

RevDevil · Dec 2, 2013

If it does turn out to be an attempted scam, contact your banks fraud division, and forward the email to them. Let them know some "boludos" tried to scam you.

Franciscomv · Dec 2, 2013

RevDevil said:
If it does turn out to be an attempted scam, contact your banks fraud division, and forward the email to them. Let them know some "boludos" tried to scam you.

I'll let you guys know when I hear back from Knifeworks, I'll call them if they don't reply to my e-mails tomorrow.

RevDevil, stellar use of Argentine slang, mate.

RevDevil · Dec 2, 2013

¡Le falto cinco pa'l peso a este boludo cabron cara rota! No dejes que te metan la mula mi amigo.

A very good friend of mine was born in Argentina so I know thelingo fairly well. I hope eveything turns out well for you

SpyderPhreak · Dec 3, 2013

Being in Argentina, there is a chance this is legit and KW is wanting to verify the foreign purchase. However, I think you reacted perfectly, as there is also a good chance of it bring a scam. Interesting that they had all the proper info about the order though.

A Justice · Dec 3, 2013

If this is Legit, someone needs to let Knifeworks know that it's a Terrible business practice to do that. Even banks will never ask for your account information through an e-mail. E-mail is not secure in the least. Account information should only be submitted on a page starting with https:// , and never through e-mail; and most companies will warn customers that they will never contact them asking for their financial or personal information to prevent possible fraud - if Knifeworks has an appropriate Privacy Policy and TOS page, you may be able to find additional information there.

Curious to see if there is a compromise or if this is legit (I would highly doubt the legitimacy of this myself).

A Justice · Dec 3, 2013

Wow, it is actually in their "International Orders Section"

PER KNIFEWORKS INTERNATIONAL ORDER SECTION:

" Due to the problem of fraud orders, any customer who is placing the first order with us and use credit card to pay for the order, you will receive the other email from us ask you to send the copy of your credit card that you use for the order to be verified."

ETA- Link to International Orders Page

So it is a legit policy - but a terribly unsecure policy. I can't hardly believe it, but it's on their website (unless they have been compromised and the ruse is incredibly well thought out). I would cancel my order if they asked me to send a photo of my credit card, or any credit information, through e-mail. Especially public e-mail accounts like Gmail and Yahoo.

richard thurman · Dec 3, 2013

If that is the case then I just would take my buying somewhere else. Are they the only ones doing this or has other company’s doing it too?? Is the knife worth the risk of your credit card info getting out there?? I would not do it.

Knifeworks.com · Dec 3, 2013

This is simply done at times for CC verification on international orders.
There currently is not a method available for international CC verification.
It is not 100% effective, but has proven to be the best way to protect ourselves and our customers.
This generally occurs with 1st time purchases or when a card appears suspect.
Specific countries and specific products often flag our staff.
The amount of international credit card fraud would amaze you. It is a huge issue.
Its like loaning money to a stranger in another Country. That's the best way I can explain it.
We deal with this more than most as we are one of, if not the largest international knife dealers.
We have a staff of (4) in our international dept. that works only with orders outside the USA.
In order to keep our prices low, we try to prevent as much fraud as possible.
Our International dept uses G-mail, as Microsoft Outlook often does not recognize foreign email accounts.
That is the reason you will see us using G-mail when communicating with customers outside the USA.
I hope this explains the situation to your satisfaction. Any questions please feel to call or email.

Thank you!

Knifework's

choombak · Dec 3, 2013

richard thurman said:
If that is the case then I just would take my buying somewhere else. Are they the only ones doing this or has other companys doing it too?? Is the knife worth the risk of your credit card info getting out there?? I would not do it.

There does not seem to be a better way to authenticate the credit card at this point in time. I would consider sending CC image via email to be equivalent of swiping it physically at a grocery store, except this grocery store happens to be in another country.

Yes, and as KW puts it - there is not other better way to verify at this moment. And it is done only for international orders. Knifecenter does not accept international credit cards if used first time - one needs to call and place an order, by relaying CC data over phone. Since big brother watches everything, the point of which method is secure is pretty much moot at this point.

Technologists are too fixated on the https bandwagon to innovate a better way. ;-)

egally08 · Dec 3, 2013

choombak said:
- one needs to call and place an order, by relaying CC data over phone. Since big brother watches everything, the point of which method is secure is pretty much moot at this point.

The point KnifeWorks is making, is that they want proof that customer is physically holding the credit card in their hands, because that cuts the fraud rate down to nearly zero. Yes, some people can steal the actual credit card, but it is usually just the CC information that is stolen.

A Justice · Dec 3, 2013

choombak said:
There does not seem to be a better way to authenticate the credit card at this point in time. I would consider sending CC image via email to be equivalent of swiping it physically at a grocery store, except this grocery store happens to be in another country.

Yes, and as KW puts it - there is not other better way to verify at this moment. And it is done only for international orders. Knifecenter does not accept international credit cards if used first time - one needs to call and place an order, by relaying CC data over phone. Since big brother watches everything, the point of which method is secure is pretty much moot at this point.

Technologists are too fixated on the https bandwagon to innovate a better way. ;-)

A phone call is several orders of magnitude more secure way to transmit your CC# than e-mail. It isn't moot, and even though I expect an average person to not understand the security risks, a large online retailer should know better. If you send an e-mail with an un encrypted CC number it is automatically stored in 5 spots before the first backup ever takes place. In Verizon's 2013 annual Data Breech Investigations Report, over 621 confirmed data breeches occurred in reporting companies, and there were 47,000 security incidents. Now keep in mind, those 621 are encrypted databases that were accessed maliciously - the 47,000 security incidents is what you're opening yourself up to when that data is sent over an un encrypted e-mail.

They may not know of a better way, but their current policy is an activity that has been considered a poor security practice for a long time, and is probably one of the most elementary and well known DON'Ts of the e-commerce industry. They need to amend the policy for their own good and the good of their International customers. Excuses and posturing doesn't make sending your Credit Card information through e-mail any more secure. I think most people are well aware of how much fraud goes on overseas, but that isn't a good reason to institute a poor security practice, and pass on the risk of fraud to your customers.

If you don't want to take it from me, just search the Internet and come to the same conclusion yourself.

richard thurman · Dec 3, 2013

then I would say to use paypal then.

TheModernNeanderthal · Dec 3, 2013

richard thurman said:
then I would say to use paypal then.

I don't think knifeworks is accepting PayPal anymore due to PayPal's restrictions or something.

Edit:

From knifeworks

Due to Paypal's Strict policy on knives and other security products, we have permanently removed Paypal off our website as a payment option for purchases. In order for us to have kept Paypal on the website, we would had to remove a high volume of products off the website to obey their policy. Within Paypal's policy, you are limited to certain products that you can sell. We have made this decision hoping to better benefit our customers, by carrying a variety of knives and security products that are on high demand. We hope you understand this decision in a business matter, if you have any questions or concerns please feel free contact us.

richard thurman · Dec 3, 2013

Well what about alertpay?? I believe they are located in Canada. I know they don't mind taking money for switchblade sales and if not then somebody else.

Possible credit card scam

Franciscomv

Morrow

Don't make this weird

Franciscomv

Morrow

Don't make this weird

Doug C

billygoat162

RevDevil

Franciscomv

RevDevil

SpyderPhreak

Rocketman for hire

A Justice

A Justice

richard thurman

Knifeworks.com

choombak

egally08

A Justice

richard thurman

TheModernNeanderthal

richard thurman