Is it standard practice to ask a customer to send a photo of their credit card to confirm their identity?

It's not standard, and it's quite inadvisable.

The PCI security standard, with which any legit merchant will have to comply as part of their merchant account agreement, would require that a photo of the front of a card would have to be transferred using a secure, encrypted upload facility, stored encrypted at the merchant end, and, in the case of Amex cards which have the Card Security Code on the front, securely deleted after the transaction was authorised. It's very unlikely they've managed to get all this right, and if they asked you to send the photo through mail (or MMS etc) then clearly that could not be compliant.

That's not evidence of malice, but openly asking customers to do something non-PCI-compliant is evidence of incompetence, raising questions about their security in general.


I've seen similar requests coming from foreign sites/companies just because of how they handle credit card payments.Think of credit cards imprinters. Some countries/merchants still use them and somehow they assume that an image of the credit card could be just as valid.

In the situations where I've come across this type of request, I have opted to send payment either via Wire transfer, Paypal or similar services. They were wholesale orders where the card could not be charged until the product was manufactured, etc.


No it's not standard practice - in no way, shape or form does sending a photo of your credit card confirm your identity at all. Ignoring the fact that photos can easily be photoshopped, the fact that you physically possess a credit card certainly does not prove that you are who you say you are.

Tags:

Credit Card