Pretty sure banking rules in the US are slightly different than up here, so this may be a Canada-only issue.
There is a small company that ships me supplies on request occasionally (I don’t want to be specific since I would consider that TMI; lets say a small company selling health-related stuff located in a different province than me). I phoned in a typical order today and was quite shocked that the person at the other end did not need my Visa credit card number! She already had it “on file” (her words).
Is that legit? I thought (since it isn’t a consistent recurring purchase) that companies weren’t supposed to keep credit card info on file for months at a time?
I’m not going to complain to the company until such time as the shit hits the fan, but I am quite shocked.
If you’re confounded by the idea that this company has a sheet of paper or a database with your credit card info typed in plain text right there and can take the info and type it in somewhere else to charge you…that’s probably not the case.
I have a small business and I keep credit cards on file for customers that don’t make regular monthly purchases.
I don’t know the credit card info, though. “On file” means I type it in to an interface (my online Merchant Gateway account) once and it’s immediately encrypted and obscured. I don’t know anything but the address and last 4 digits. Even the expiration date is obscured (the interface alerts me when it’s about to expire.) I can run the card at any time but only through the interface.
There are compliance rules you have to follow to be able to accept credit cards, and you can be audited at any time. A lot of those rules involve the security of credit cards you keep on file.
In turn, you as a cardholder are protected from fraudulent charges either made by the company with your card on file, or by a third party that has criminally gained access to the company’s file of cards.
I have several companies that have my card information on file. I’m always given a choice if I want to use the card on file with the last four digits XXXX or pay with another method though.
They sure do, and so do many other retailers. I don’t even know of any way to NOT get them to do that. And books come up as “1-click” purchase options, so you even have the “convenience” of potentially ordering things accidentally!
In my experience, in the US, when I order something online, and I’m asked to either create an account, or check out as a guest, if I create an account, it will retain my payment information, about half the time without specifically asking me if I want it to. I always assumed that the requirement to ask varied from state to state. There is almost always a box to check if I don’t want to receives “ads and notices” from them, and there’s usually a “privacy notice” where they promise not to sell my information to other companies, but that doesn’t mean their own subsidiary companies don’t have access to it. I always check this, and if I get mail from them anyway, it goes to spam, unless it turns out to be a company I end up ordering from again, and the offers are for free shipping on orders over some amount, or other types of discounts I might actually use. For example, there’s a Jewish products outlet that I go to a lot when I think of something I need, but not immediately, and before every holiday, I usually get a “free shipping,” email, so I check my cart, and if I’ve hit the number, I order. They have my debit card on file, and it makes checkout a lot faster, because I don’t have it memorized.
I also order a lot of computer and electronics parts online, because I have a little side business where I do small repairs for people (nothing to complicated), and I make house calls, so people don’t have to pack up whatever it us. Anyway, so a lot of places have my card on file, and I’ve have never once had a problem with fraud.
It’s pretty easy to cancel with Amazon, though. It’s one of the easiest cancels I’ve ever done. I left the screen up once when I went away from the keyboard, and my cat ordered something, but I saw it as soon as I was back, and cancelled it right away. Never heard another word about it.
My understanding is exactly the opposite, it is ‘opt in’ only if the business chooses to conduct business in such a manner. You give them your CC info, then why would they not have it - that does not make any sense.
Which FWIW many such phone ordering methods has someone enter the phone order into a similar online system, if not the exact same online system that the OP could access directly. All you get in some cases in phone orders is the free use of a ‘secretary’ to input your order for you into their online system online.
I actually have customers that ask me to do this, especially for businesses so that they dont have to hassle with the payment when one of my techs come out. They also like it better that 1 person (me) has control of the CC info and it is exposed to fewer sets of hands.
I use an online Pharmacy and if I call in a refill, the person will ask if I want to use my on file CC or something else if the Rx has co-pay. Using the internet interface, they ask the same question.
You have to have an account to use them and Rx must come from your Doctor.
Ok, I understand how it works. Perhaps I should have quoted the people who were comparing the OP’s checkout process with Amazon’s. I could see where it would throw him for a loop when ordering on the phone as opposed to a Web site, is all.
You’re going to regret not having that 10 cases of Chicken Giblets’N’Gravy Now With Extra Tuna Fish when you’re having your face gnawed off some night in your sleep.
Except from your cat. The thing probably meowed incessantly for the next week!
I agree, though. My one and only return with Amazon was a Kindle where I just changed my mind about the model I wanted and bought a Paperwhite from a local store instead. They sent a postpaid mailer for the return, and then sent an email confirming the refund. No hassle, and very professionally handled.
From my rough knowledge of card processing - the rule is that if the merchant is presented with the valid card, and the signatures match, then the transaction is legitimate for him. (YMMV)
The “security code”, that 3 digits on the back, is a substitute with online or phone or card-not-present transactions as a form of proof the card was there. Merchants are forbidden from storing the security code in their database, it must be discarded when the transaction is complete. Of course, the merchant is free to process your transaction without that code, as I understand, but then they assume any risk that the transaction is not legitimate and is contested.
if you are a trusted regular customer, then there probably is not much risk in a merchant skipping the security code. If they are shipping expensive merchandise to anonymous consumers across the country, they probably want that code for a bit more protection.
I’m a buyer and my experience is that keeping your credit card on file is the norm rather than otherwise. If you do not want your credit card on file, you must tell most vendors. Newegg and Amazon are good about this.