Dynadot, a company that works with everything from web hosting to domains and everything in between- and, for most of us, it is known as one of the few “legitimate” ICANN accredited places to accept PayPal, which is becoming increasingly hard to use nowadays outside of eBay. In a display of not only horrible customer service, a good friend of mine who purchased a domain name from Dynadot for their normal price of $9.25- and then received an e-mail from Dynadot demanding that he send a copy of his credit card (basically, a photo) to Dynadot to “verify [his] identity”. You’ve got to be kidding me.
So here’s the story. After placing his order on Monday, my good buddy S (who will name anonymous to ensure Dynadot doesn’t pull anything on him) got the following letter:
Dear [S],
To minimize credit card fraud, sometimes we ask our customers to verify their identity. Please send us a copy of your credit card.
1. Send by fax: +1-415-869-2893 (secure)
2. Send by email attachment: info@dynadot.com (not secure)If we do not receive this within 2 days, we reserve the right to cancel your domain name or web hosting.
Best Regards,
Dynadot Staff
Right. Considering the blunt nature of this e-mail, my good buddy S was a little shaken. This methodology is commonly used by scammers to get credit card information from those stupid enough to send it- and obviously, this sounded nothing like what a reputable domain company would demand. His response:
I received an e-mail with this message after I purchased a domain name at your website: [See above]
Because this is not only a clear security issue on my part but also very likely a clear violation of normal merchant agreements, I refuse to send this information. Normal internet purchase operating procedure never requires this, and this is a disturbing request upon your part. If you need to verify the security of my payment, I am willing to wait until the entire payment clears in approx. 3 business days.
Be noted, however, that any refusal on your part to provide me the service I have paid for after the money has cleared will be taken as direct theft, and I will be not only contacting my credit card company to pull the payment, but also the BBB and my Lawyer.
This is an incredibly insulting request- I hope your company will be able to remedy it without me having to go to such lengths.
Thanks,
S
As you can probably guess, a lot of this letter was sent by S to basically call a potential scammer’s bluff- after all, he had no idea that the e-mail was legitimate other than a scant amount of account information enclosed, which could very well have been gotten by an enterprising scammer logging into an account somewhere else online. After a day or so, he received this response:
Hello,
It is your choice as to whether or not to complete the verification process. However, as noted in the email we sent you, “If we do not receive this within 2 days, we reserve the right to cancel your domain name or web hosting.”
Credit card companies do a good job of protecting consumers from credit card fraud, however, businesses are not offered that same protection. Thus, businesses have to protect themselves. Some simply pass the loses on to their customers. Since chargebacks can happen weeks or months after the original charge, we prefer to take a more proactive approach and stop fraud before we take a loss.
Best Regards,
Dynadot Staff
So, that’s where we stand. I advised S to tell them to cancel the charge, but I personally feel that’s not enough- so, let me unceremoniously rip Dynadot apart and explain why, as a businessowner, programmer, former “social engineer” and just general consumer, this is a horrible, horrible policy.
First off, anyone with any sense knows that faxing credit card information, or even worse, e-mailing it, is incredibly dangerous. Both methods are horribly insecure and full of ridiculous flaws. Would S have chosen to send his credit card (mind you, a full image of his credit card, and they would probably demand to see both sides), he would have absolutely no control over what would happen to it once it printed out on the “other side” in Dynadot offices- that is, his credit card information, all that anyone would ever need to use his credit card limitlessly, would be laying around like a bad memo. Anyone- from a disgruntled employee to someone on cleaning staff- could pick up the memo, stuff it in their pockets, and then simply charge the card incessantly- or worse, sell off the number online for a quick buck. Would S have chosen the other option- e-mail, with absolutely no security settings whatsoever (they never even indicated how he would do so if he DID want to encrypt his e-mail)- he would have been subject to the whims of Dynadot staff and their computers, entrusting them with an image file of his credit card, which could not only be printed out and shoved into a pocket, but also shoved onto a USB drive, saved onto a hard drive, or otherwise tampered with to the company’s heart’s content. Spoiler: None of this is secure, and no secure option was available to S at any time.
Second off, Dynadot’s policy of immediately suspecting a customer is not only insulting, but incredibly unusual, and probably spawns from poor company policy. To immediately make a customer jump through hoops for a nine dollar transaction is worrisome. Though it is indeed true that “businesses have to protect themselves”, this style of verification is not used, to my knowledge, by any reputable company on the internet. From Amazon to Overstock, these companies seemingly manage the Herculean feat of staying away from scammers- all without demanding the use of a fax machine or a scanner. Of course, we can presume the real reason in which Dynadot is so paranoid is their own policy- frankly, being known as the company that accepts PayPal for transactions (a method infamous for use by thieves and scammers), Dynadot has already created a market for those who operate below the law. If you Google them, it’s quite easy to find examples of scams they have been directly or indirectly involved in- especially when it comes to fraudulent payments by those whom re-sell domains. Would Dynadot operate with much more legitimacy and have avoided being the equivalent of the seedy house on the bad side of town, this would not have happened- but clearly, they are a breeding ground for scams.
Finally, this is a lot of worry over nearly $10, which isn’t even a day’s worth of food for most people. Let’s be realistic here- $10 is not that much. If Dynadot wants to curb legitimate scamming, it is not going to come from some guy registering a single domain with a legitimate credit card- the effort does not compare with the payout. While there will certainly be exceptions, the big, bottom-line-ruining scams are going to be coming in very large purchases from people with questionable methods of payment (PayPal)- not normal everyday Joe Public.
In fact, I think that’s the point here. This is all over $10, Dynadot. You’re asking for a new customer- someone who could potentially bring you more business and further your profits- to potentially get himself mixed up in what could be hundreds to thousands of dollars of identity theft over $10. In fact, I’d be willing to make that wager- if my friend S ever scams you or runs away with your money, I’ll put up the $10 myself to cover your losses. How’s that for bottom line protection?
Tags: consumer rights, credit card, dynadot, web hosting
I just purchased a website through dynadot and got the same e-mail. It’s a really stupid business decision; it makes people like me really reluctant to deal with them in the future. That alone should be worth them eating the costs of refunding fraudulent transactions, unless over half of their credit card transactions are all fraud.
Yes I am fighting them now, they are asking that I send a copy of my passport to register name that I won at there auctions.This is personal information that I do not give out freely. when I buy a name at auction I spend a bit of time researching the name and making a proper evaluation before going through the auction process,
I am extremely offended and feel very uncomfortable doing business with such lowlife scumbags.
I hope soon someone will knock them off of there pedestals .