Something very odd ordering from Provape.com

[Fun-atic]

Hello,
I just order my provari mini and my provari over the weekend and today I get an email from a Lady named Jennifer to verify my number on the credit card and my bank name, Basically all my info. The part that I am concerned about is that I gave them all this info when I paid for the provari mini and the provari in the billing info in there website, now they wanted me to give them the first 6 digit of the credit card I used that ended in #### and the bank name the card is in. So if I gave all this info out on this email the lady sent me. My credit card info will be out there..

Have any of you guys have this problem or should I just cancel my order? I emailed them back and gave them my phone# if they had questions with my billing info.

 

[raqball]

Another user recently had the same thing happen..

http://www.e-cigarette-forum.com/fo...g-more-personal-information-regarding-cc.html

I didn't see that thread get updated with the final resolution / outcome.

I placed 2 orders (over $400 total) on the 4th and all my gear shipped with no additional questions from ProVape.

I'd be very weary of giving that type of info via email and I honestly don't know why they would need it unless the ship to address is different from the credit card address..

 

[ratchet62]

Never give this info via email or to an unknown, unverified in bound phone call.

If you are concerned there is a problem with your order, you should initiate contact wit provape.

Call their phone number as listed on their website, or use their contact page. Simply ask if there is a problem with your order.

Ratchet62 from my Nexus 7

 

[Fun-atic]

Rachet, that's the thing they don't have a phone number to call. I did initiate a support ticket with them. But no answer yet. I just found it really odd they won't even call me back I gave them my phone number. Raqball, I too placed 2 seperate orders first I purchased the provari mini then 2 days after I made up my mind, I put in another order for the provari. It's totals about $400. I hope my order does not get cancelled..

 

[Fun-atic]

Well from the online Provape support contact just confirmed that it is them emailing me and wanting more info.. Just odd but atleast I know it is them..

 

[Fun-atic]

Alright got it all resolved.. Jennifer at Provape was great after we got it all clear that she was not scamming me.. LOL!! I gave her the info she needed to complete the transaction.. My package is shipped and on it's way to me..

 

[djumv]

This is just part of the credit slash fraud detection system. It's there way of making sure people r not getting ripped off. There r a few things that may flag a account. Jen is the best and always gets the orders out.

They went a step farther than that now. Now they want a picture of the front and back of your card, next to your driver's license.


Not going to happen. I am not sending my CC# and DL# unencrypted to anyone. And I am certainly not sending a picture of my card and my driver's license to any vendor for them to potentially keep in an inbox.

I'd love to buy the provari I ordered last night, but I am unwilling to risk my credit reputation or my identity security in order to do it. I don't know what their security standards are or what guarantee they give to their customer's to protect their information (none from what I was able to see on the email), but to ask me to send a plaintext unencrypted email with a picture of my CC and DL in the interest of "security"? Nah, that's BS. I'll pass. I don't need a provari THAT bad.

 

[NicoHolic]

Never send any information about your credit card to a vendor in email, even if they request it. A security conscious vendor won't. It is only encrypted at best, at the end points. Between and on servers it can be unencrypted. If a vendor asks for the first six digits of your credit card, the issuing bank, or the customer phone number on the card, send them the following:

I gave you my entire credit card number securely with my order, so you already have the first six digits (the Bank Identification Number). That means you (or anyone who misused my credit card number for that matter) can lookup the issuing bank and their customer care phone number info here:

https://www.bindb.com/bin-database.html

I also provided you the industry-standard Card Verification Value (CVV) which should be used for verification in lieu of the easily obtainable information you requested.

I am not going to provide this information you allege you need from me (but don't) in an unencrypted email. That degrades rather than enhances my security. If you choose not to fill my order, this experience will be posted in the "reviews of Suppliers - Negative" sub-forum of e-cigarette-forum.com (ECF).

Sending images of your CC and DL unencrypted is just ridiculously foolish.

 

[sweet tea]

They went a step farther than that now. Now they want a picture of the front and back of your card, next to your driver's license.


Not going to happen. I am not sending my CC# and DL# unencrypted to anyone. And I am certainly not sending a picture of my card and my driver's license to any vendor for them to potentially keep in an inbox.


I'd love to buy the provari I ordered last night, but I am unwilling to risk my credit reputation or my identity security in order to do it. I don't know what their security standards are or what guarantee they give to their customer's to protect their information (none from what I was able to see on the email), but to ask me to send a plaintext unencrypted email with a picture of my CC and DL in the interest of "security"? Nah, that's BS. I'll pass. I don't need a provari THAT bad.

djumv, I see you live in Ky. I'm not sure what B&M stores you may have in your area but I know a few in my area ( NC ) now carry Provaris in their stores. You might could go that route and see if any stores carry them.

 

[Strongbeard]

I work in this area and I deal with CC fraud all the time. Never type out your CC numbers and email that info to ANYONE... EVER. And don't EVER send any pictures of your DL, or CC, or anything like that. This is why mortgage companies still use FAX machines to send your personal files back and forth. That information will sit in someones email box forever, unsecured. And I don't care how SECURE they say things are.... email is NEVER secure. They can be forwarded and sent to multiple users at once.

I'm really glad that this was just a weird anomaly and you didn't get burned. I would have been freaking out the whole time..

 

[djumv]

djumv, I see you live in Ky. I'm not sure what B&M stores you may have in your area but I know a few in my area ( NC ) now carry Provaris in their stores. You might could go that route and see if any stores carry them.

Sweet tea, I did just check with a few brick and mortars in my area, and they don't carry them unfortunately. I do appreciate the advice, though and the consideration.

My concern and reason for my post is primarily to help other users in the community. I am a Senior Network Engineer, and I have a fairly lengthy history and experience in the data security field both in the financial and healthcare fields. When I got that email this morning from provape, it was almost offensive that they asked for the information "for internet security purposes", when it is the very antithesis of acceptable internet security practices.

For other users, let me back up what has already been stated here, and give you some technical knowledge in the process. I'm probably being redundant, but I don't want to see anyone in the community get burned.

#1 - Do not send a picture of your credit card or driver's license to anyone via email. Not a vendor, not your mother, not your grandmother, not your spouse. Nobody.
#2 - When you buy a house and get a loan, many times they will get a copy of your driver's license. This copy of your license is transmitted between your bank and the underwriter in addition to all of the other data like your SSN, personal financial info, account number, work history, number of pets you own, number of times you went to the bathroom in a 2 month period, etc, but it's always encrypted (In very loose laymens terms, encryption means that the data that is being encrypted between 2 end points has a string of numbers - known as a "key" - defined by a standard and accepted by both sides that have both been verified. Unless it is decrypted with the correct key, it looks like gibberish). Your bank can get in a crapload of trouble with the SEC if they transmit this data unencrypted.
#3 - When you purchase goods or services online and you enter a credit card number, the data you transmit is also encrypted when you make a purchase.
#4 - Unless you are managing your email on your own email server and you own your email domain, you email is getting scanned by your email provider (yahoo, google, microsoft, aol, hotmail, etc, etc) and it is being provided to third parties so that they can target their advertising to you. This is not some tinfoil hat stuff, they clearly tell you this in their terms and conditions.


So why then, would anyone in their right mind send this data via unecrypted plaintext email? What happens when your provape support agent that you sent pictures of your driver's license and credit card to takes their laptop home with them, leaves it in the car, and it gets stolen? Your credit card and driver's license is sitting right there in his or her inbox, ripe for the taking.

I'm not saying this to discredit provape. The provari is likely a great product (I suppose I will never know). I am a consumer, just like everyone here. But the last thing I want to hear about, is one of you guys getting your entire life ruined because a company is reacting to fraud in a manner that invites the very fraud they state that they are attempting to prevent.

 

[Stef64]

They went a step farther than that now. Now they want a picture of the front and back of your card, next to your driver's license.


Not going to happen. I am not sending my CC# and DL# unencrypted to anyone. And I am certainly not sending a picture of my card and my driver's license to any vendor for them to potentially keep in an inbox.

I'd love to buy the provari I ordered last night, but I am unwilling to risk my credit reputation or my identity security in order to do it. I don't know what their security standards are or what guarantee they give to their customer's to protect their information (none from what I was able to see on the email), but to ask me to send a plaintext unencrypted email with a picture of my CC and DL in the interest of "security"? Nah, that's BS. I'll pass. I don't need a provari THAT bad.

You can always use a pre-paid or Visa/MC gift card to make your online purchases. They cost a little more to purchase, but if they are compromised you won't be out of your life's savings and your credit won't be ruined.

 

[jennifer360]

Hi all, just an update... we are no longer requesting this information to be provided on our credit card orders. We do want to thank you for your input as this is what allowed us to start a new process in which this info is no longer needed We do deeply apologize for any inconvenience this may have caused our loyal customers. Thank you for your understanding

 

[2highcal]

I am glad my B&M carries Provari now even though I only live about 15 miles from the provari factory.