Merchant911 - Fraud Prevention for Merchants

Back in December I was approached by someone via email. We’ll call him Mr. Long. Mr. Long was trying to pitch his company and product that was, as he put it, “going to be an agent of change in all of on line commerce.” Specifically, a product called “PinPay” Their parent company is Acap Security, who’s tag line is High Level Security Software for Communication and Transaction Applications.

The fact that someone emails me from a hotmail account and claims to be a company representative is, of course, a red flag by itself. Remember we, as merchants, should be very wary of free email accounts. But I try to be a fair guy, so I poked around the website that Mr. Long provided.

Their sign up page was a huge alert! Here’s a company that wants to do business in the credit card industry, has a parent company with the word “Security” in their name, and they are collecting personal information and credit card numbers from an insecure page! Specifically
here. Being fair, I figured that someone forgot to use the https in the link so I typed https://www.softcard.biz/cardholder_registration.php into my browser. I can’t establish a secure connection. The form is asking for name, address, DOB, city of birth, card number, and issue date. You know - the stuff that credit card fraud is made of.

I responded to Mr. Long and suggested that he might have more credibility with me if he didn’t use a hotmail address and pointed out that the URL was not secure. What I got back was an email with a lot of attitude and derogatory comments. I think Mr. Long thought I just got into this fraud prevention thing yesterday.

I just revisited the site. The site is still there and the insecure URL is still there.

Cardholders and merchants alike should be careful. I certainly won’t enter MY credit card information there and I recommend that you don’t either.