Alternative 4 Posted May 16, 2016 Share Posted May 16, 2016 Over the weekend squadron.com had a sale, so I ordered a couple of items. Today I received an email saying that before they ship my order they want to verify my credit card details. Julie Schmidt in the accounting department wants me to email the first 12 digits of my credit card to her. I assume this is a scam. Has anyone else has similar weird email's after ordering from squadron? Quote Link to post Share on other sites
STEN8 Posted May 16, 2016 Share Posted May 16, 2016 Sounds awfully suspect to me. Harry Lutz, FL Quote Link to post Share on other sites
RCAFFAN Posted May 16, 2016 Share Posted May 16, 2016 (edited) I know that certain digits on credit cards mean certain things such as type of card and area of issue and such so maybe your New Zealand card is confusing an American system. I wouldn't just send the info but would try to check it out further by contacting them (through their published E-mail, not reply to what you got).... Edited May 16, 2016 by RCAFFAN Quote Link to post Share on other sites
Ken Cartwright Posted May 16, 2016 Share Posted May 16, 2016 Yeah, I'm thinking it's a scam, but even if it's not, it's poor policy to request that of people, and obviously not something you'd want to send in a plain-text email. I would just call them directly and find out. Quote Link to post Share on other sites
Don Posted May 16, 2016 Share Posted May 16, 2016 Personally, I'd call Squadron directly on the phone and tell them about the email. If its indeed legitimate you can give them the details over the phone and while they are on the line I'd tell them that in this day and age an email requesting such information is not going to go over well with customers. If its not a legitimate request then you've warned Squadron and saved yourself potential heartache. My two cents. Quote Link to post Share on other sites
vince14 Posted May 16, 2016 Share Posted May 16, 2016 It sounds like a potential scam - it's possible that someone has gained access to their email system and is attempting to phish credit card details - but, if it isn't, then you should contact them and advise that they're in breach of PCI DSS. Quote Link to post Share on other sites
thegoodsgt Posted May 16, 2016 Share Posted May 16, 2016 Did you call Squadron after receiving the email? Quote Link to post Share on other sites
habu2 Posted May 16, 2016 Share Posted May 16, 2016 I placed an order under the same sale and paid by CC, I did not receive an email query from Squadron. Post the header info in the email you received, we can look at it and probably tell if it was a scam. Quote Link to post Share on other sites
RKic Posted May 17, 2016 Share Posted May 17, 2016 As others have said, call them. Quote Link to post Share on other sites
Alternative 4 Posted May 17, 2016 Author Share Posted May 17, 2016 Thanks for the replies. I have forwarded the email to Squadron, unfortunately I cannot call them. If the issue is because I have a foreign credit card, it's strange I would have it with squadron and no other online retailer. If it's a problem I guess I will just cancel the order. Quote Link to post Share on other sites
Darius at home Posted May 17, 2016 Share Posted May 17, 2016 Often the card numbers are put on statements and order confirmations with the phrase "card number ending in ****", ie just the last four digits are stated. If someone has illicitly obtained this data they may be trying to get the other 12 digits to complete the card number. Smells phishy to me. Darius Quote Link to post Share on other sites
yardbird78 Posted May 18, 2016 Share Posted May 18, 2016 Contact Squadron through their regular web site and ask them what is going on. DO NOT reply directly to that email you received, especially if it has a "hot link" in it. You never know where you are going to wind up if you click on a hot link. Quote Link to post Share on other sites
Alternative 4 Posted May 18, 2016 Author Share Posted May 18, 2016 I emailed them and received a reply. They advised it's a legit email. Quote Link to post Share on other sites
vince14 Posted May 18, 2016 Share Posted May 18, 2016 (edited) I emailed them and received a reply. They advised it's a legit email. Did you reply to the original email from 'Julie Schmidt', or send one to their main email address (customercare@mmd-squadron.com)? Even if it's legit, they're still in breach of PCI DSS (the security standards of the credit card industry) as all transmission of cardholder data across open, public networks (i.e. the internet, of which email is a part) must be encrypted. Requirement 4.2 states 'Never send unprotected PANs (i.e. credit card numbers) by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.).' Unless you really, really want that order, I'd consider dropping it. Squadron clearly don't seem to know what they're doing when it comes to security. Edited May 18, 2016 by vince14 Quote Link to post Share on other sites
Don Posted May 18, 2016 Share Posted May 18, 2016 I tend to agree with Vince. Legitimate request or not in this day and age of identity theft and credit card fraud there is no way that Squadron is going to endear themselves with modelers by sending out these emails and asking customers to divulge such info. Hope it all works out. Quote Link to post Share on other sites
Sir Fondlebottom Posted May 18, 2016 Share Posted May 18, 2016 Also realise, that mail with your card info, is going to stay in their mail system until way after your card has expired on its own. Quote Link to post Share on other sites
Jinxter13 Posted May 18, 2016 Share Posted May 18, 2016 Sorry I'm late, but this has SCAM all over it, I would delete it and run a system scan for any nefarious files that may have came with it. This may sound a bit like overkill, but better safe than....a lot of swearing and problems later. Never have I heard of anyone requesting any card info; if they have the first 12 numbers it simple to just have their system run the gauntlet of numbers from 0000 thru 9999 until they get a hit and look out for any one whose number is legit. I'm of the mindset there is never too much caution. Quote Link to post Share on other sites
Helmsman Posted May 18, 2016 Share Posted May 18, 2016 Having done few purchases with US online retailers from abroad using non-US cards I'd say that request for card number might be legit. For example, B&H and Adorama requested a scan of both sides of my card. However while using non-US card with Squadron I wasn't asked for any additonal information by them. Had a US shipping address though. Quote Link to post Share on other sites
stevehnz Posted May 21, 2016 Share Posted May 21, 2016 As a Kiwi too, there is no way I would go along with this. It's why I use PayPal to avoid having to share my card details with merchants all over the globe. If I can't do it that way I'll look elsewhere. It seems to me that Squadron should be able to verify your card thru the Nth American card offices unless its not one of the major credit card types. Steve. Quote Link to post Share on other sites
RiderFan Posted May 21, 2016 Share Posted May 21, 2016 Canuck Models website can process credit card information from people all over the world so there should be no reason they can't. No modern processing system should have difficulty processing a 'big 3' (Visa, MC, Amex) card from New Zealand. If squadron's card processing system is so ancient that it can't do this, or requires a human to verify data, you probably shouldn't be using them anyway. Quote Link to post Share on other sites
Tony Stark Posted May 21, 2016 Share Posted May 21, 2016 Did you reply to the original email from 'Julie Schmidt', or send one to their main email address (customercare@mmd-squadron.com)? Even if it's legit, they're still in breach of PCI DSS (the security standards of the credit card industry) as all transmission of cardholder data across open, public networks (i.e. the internet, of which email is a part) must be encrypted. Requirement 4.2 states 'Never send unprotected PANs (i.e. credit card numbers) by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.).' Unless you really, really want that order, I'd consider dropping it. Squadron clearly don't seem to know what they're doing when it comes to security. Canuck Models website can process credit card information from people all over the world so there should be no reason they can't. No modern processing system should have difficulty processing a 'big 3' (Visa, MC, Amex) card from New Zealand. If squadron's card processing system is so ancient that it can't do this, or requires a human to verify data, you probably shouldn't be using them anyway. This. All of this. To OP - Cancel your order, there are better retailers out there. Quote Link to post Share on other sites
habu2 Posted May 21, 2016 Share Posted May 21, 2016 I've dealt with Squadron since the 80s and never had my CC questioned. I wonder if CC prefix #s are different outside the US? Are you sure your CC# was entered correctly? Not defending Squadron per se but this seems like an isolated case rather than a consistent issue with an antiquated system. Quote Link to post Share on other sites
Helmsman Posted May 21, 2016 Share Posted May 21, 2016 I wonder if CC prefix #s are different outside the US? It is different for both VISA and Mastercard. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.