Have you ever been asked for an ID scan or any other identity proof when making a payment with a credit card online? If not, then this question may seem quite strange to you. After all, paying with credit cards is meant to be quick and easy.
It turns out that many people who experience such additional verification are pretty surprised and suspicious. It’s not what they’re used to, they already provided the CVV number, so why are they supposed to send somebody (even if its a bank) their account statements, passports, driving licences or anything like that.
However, such cases aren’t really unusual. Of course most payments go through smoothly and the verification during a purchase in an online shop is quite enough. So when anybody can ask for additional identity proof?
One of the popular situations is when a certain transaction is rejected and after a while the very same transaction (for the same amount) is accepted. Furthermore, it’s quite easy to imagine a situation, where a transaction is rejected several times and goes through in one of the following attempts.
How’s that? Making a mistake (a regular typo) when entering CVV is one thing, but remember that there are also other reasons for rejecting a transaction. Like card limits, for example. A cardholder may keep his card’s limits low (finding it more secure) and simply forget about it or be unaware that the limit has already been reached. The cardholder makes a few attempts, thinking that he or she is making a typo or something else went wrong. And after the fifth or seventh there’s a eureka moment, the limit is being changed, the payment goes through and everything should be fine.
But it isn’t fine. The merchant gets only a “transaction rejected” message from the issuer and that’s it. Yet he knows about several tries for the very same purchase. From his point of view this might have been a fraud attempt. How’s that? The simplest example is a CVV brute force attempt – someone has your credit card data, but no CVV and tries to guess it. Despite how silly it may sound – it’s possible.
Anyway, there is something suspicious in several unsuccessful payment attempts for one transaction. That’s why merchants want to be sure that every transaction is legal and will not become a reason for a chargeback.
So if you ever receive such request for additional documents, do not be alarmed. However, try to think of any reasons and if anything makes you suspicious even a little bit – verify the request (calling the merchant should be enough) and make sure it’s not a phishing attempt.