PDA

View Full Version : Getting a refund


finncapt
19th Mar 2018, 16:48
Want to pick the collective brains.

I recently stayed at a hotel, large chain, and they need to refund a sum of money to my debit card.

They suggest I e-mail them my debit card number to facilitate this.

My brain tells me this is not secure and wonder what others think.

Thanks in advance.

UniFoxOs
19th Mar 2018, 16:50
Sounds dodgy. They should have the number from the original transaction. You could try asking them for a phone number to ring in with the information, double check it is their accounts department before you call, though.

Mike6567
19th Mar 2018, 16:58
No. Do not send card details in an e-mail
Telephone as UniFox suggests

Andy_S
19th Mar 2018, 17:02
I recently stayed at a hotel, large chain, and they need to refund a sum of money to my debit card.

When you say "refund", this implies you used the debit card to pay for the hotel or at least some service the hotel provided.

Ergo they already have the debit card details........ If not, insist on a cheque or bank transfer.

I would not, under any circumstances, share your debit card details via a medium as unsecure as e-mail.

ehwatezedoing
19th Mar 2018, 17:12
Not knowing anymore details, that sounds dodgy at best.

As said, call directly and have them refund the card you used to book/paid for your room.

finncapt
19th Mar 2018, 17:14
I don't think they are dodgy (but maybe that is not what you meant) as I initiated the transaction query with them and they admitted they had made an error.

Yes, I did pay with my debit card.

The amount is relatively small (£22.90) and I will probably suggest they credit me the next time I stay there - I stay fairly often.

I do think they could find the card number from the original transaction and will make that suggestion - they probably don't want to make the effort.

A telephone call from Finland will, possibly, be more than the refund!!! - a good suggestion all the same.

Pontius Navigator
19th Mar 2018, 17:33
If you stay there fairly often,do it when next you visit?

ChrisVJ
19th Mar 2018, 17:43
If you used a credit/debit machine when paying they will probably not have your whole card number. The machine will be working through a 'secure' third party company and will only put the first three and last four numbers on their records.

If you will be staying there again you could get an email confirming the refund and collect when you next stay.

Those of us who use on line shopping often give people our numbers on line, as long as you don't give them you PIN number you should be OK as (over here at least) the bank picks up the tab for fraud.

ExXB
19th Mar 2018, 18:11
Can’t you give them your IBAN and ask them to do a bank transfer?

Or send them a fax, or attachment to an email.

Senior Paper Monitor
19th Mar 2018, 18:40
- They must refund to the card they took payment from (conditions of the merchant agreement)
- they cannot retain the card number from the original transaction (conditions of the merchant agreement)
- the only acceptable transaction technically (assuming it is by now a completed transaction) is a telephone call (non recorded line) from which they process the refund as 'client not present' (expect some security questions in the process)

Before anyone says so - that is by no means a foolproof process, but it is assumed that the actions of the member of staff processing will be conducted in accordance with their PCI DSS compliance procedures.

Chronus
19th Mar 2018, 21:21
Want to pick the collective brains.

I recently stayed at a hotel, large chain, and they need to refund a sum of money to my debit card.

They suggest I e-mail them my debit card number to facilitate this.

My brain tells me this is not secure and wonder what others think.

Thanks in advance.

I would phone/email my credit card provider and enquire what they recommend.

flash8
19th Mar 2018, 22:02
Well as long as you DEFINITELY don't give them that number on the back (CVV) think you should be pretty safe as I believe this is needed almost everywhere to validate a transaction if card holder not present.

Could be wrong though!

ian16th
19th Mar 2018, 22:14
A telephone call from Finland will, possibly, be more than the refund!!! - a good suggestion all the same.

Not if you use Skype.

Lascaille
20th Mar 2018, 05:15
Or send them (the card number as an) attachment to an email

Sorry to butt in just to criticise but I have to say: don't do this - it's no more secure than typing it in the body of the email.

Lascaille
20th Mar 2018, 05:34
Those of us who use on line shopping often give people our numbers on line

I'll point something out: if a company takes card info over the internet via a website then it's on them to secure their system and your data - I don't believe you're even expected as a customer to check for encryption (https) to be enabled. Anything that happens to card details entered into a vendor website is not your fault.

Emailing someone your card details is a big no-no. From the bank's perspective, you're not entering your private information (card number, expiry, cvv etc) into a secure system, you're just giving the info to someone else to use on your behalf. You're also ensuring the into remains on the record in at least two places: your 'sent items' and the recipient's inbox, and due to the way email works any number of intermediate machines could have relayed (and copied, and stored) the message. From their perspective you might as well have written it on a bulletin board.

Don't do it, and don't tell other people it's okay to do it because the bank 'covers fraud': the bank covers fraud if you follow the cardholder agreement. That definitely includes not emailing payment details.

If you want to know why a fax is okay, the official answer - I believe! - is that fax machines transmit ephemeral data directly over a dedicated buyer-to-vendor connection. The system does not rely on 'store and forward' to function and the phone company's network is considered a 'secure path' with no third party equipment involved.

And if you don't understand what 'third party equipment' means when it comes to email, thus beginneth the lecture...

If you use hotmail and your recipient uses gmail, when you send a mail, initially it will travel from your computer to the hotmail receiving-outbound-mail servers. Those servers will STORE it briefly (while they check it isn't outbound spam) and then FORWARD it onto their 'outbound-facing' servers. Their outbound facing servers will likewise STORE it briefly (while they determine the destination servers from the part of the email address after the @) and then FORWARD it on to those destination servers. At the destination a similar process of repeated STORE/FORWARD will take place until the email is placed in your inbox on their servers. At some point after that your PC or your phone will retrieve it and store it locally. That's two third parties involved who must temporarily store the data due to the way the system operates, as well as the 'invisible' third parties that make up the network links between the two servers.

In addition to that, for quite some time it was uncommon for the server-to-server links mentioned above to be encrypted - while your connection to your mail provider and the recipient's connection to their mail provider might well be encrypted, the message would probably be passed between the mailservers of the two companies en clair, again via those 'invisible' third parties that provided the links - three or four different connectivity providers, perhaps, with no laws or regulations preventing them from inspecting any or all of the traffic that passes over their lines.

There are explicitly no guarantees when using email. None. You have no guarantee of delivery, no guarantee of non-modification, and definitely no guarantee of privacy.

Don't email your card details.

megan
20th Mar 2018, 07:22
The amount is relatively small (£22.90) and I will probably suggest they credit me the next time I stay there - I stay fairly often.I'd just send an email saying you'll do just that.

Lascaille
20th Mar 2018, 07:53
A telephone call from Finland will, possibly, be more than the refund!!!

With all due respect it is 2018 and making circuit switched international calls is just so gauche and intrinsically 20th century... If you've got a smartphone and travel at all then do yourself a favour and get the Skype app installed, buy $25 of 'Skype credit' and then do the 'caller ID' setup on their website.

Then when you want to make international calls - wherever you are in the world - you just punch up the skype client on your phone and dial using it. Most first world destinations are 1 to 5 cents per minute. Free-to-call numbers are usually free.

The call goes via the data connection (wifi/3g/4g) and the data usage is miniscule - around 1Mb per minute. The call quality is also far better than almost any international conventional call.

If you've done the 'caller ID' setup thing then the recipient will see your normal mobile number as the caller. You can also send cheap overseas SMSes via the same path. Headset and bluetooth all work as normal.

Can't recommend it enough, really. Terrible client and interface compared to whatsapp but for calling conventional numbers it can't be beat.

UniFoxOs
20th Mar 2018, 08:04
it can't be beat

With all due respect, those of us who live in the large parts of our country with no 2G/3G/4G available and only our home wifi, and make one or two international calls a year, can't be arsed to go through all the palaver to set up Skype, and have to go through it all again 6 months or a year later when it has broke or we have forgotten how to work it. I'll stick to circuit-switched.

ExXB
20th Mar 2018, 08:25
You won’t send it by email, but you will hand it over at the front desk?

I hope you have scrapped off the secret code from the back!

I doubt if the secret code is actually necessary for a refund.

Something like Revolut (https://www.revolut.com/) might be the answer.

Pontius Navigator
20th Mar 2018, 08:42
You won’t send it by email, but you will hand it over at the front desk?

I hope you have scrapped off the secret code from the back!

I doubt if the secret code is actually necessary for a refund.

Something like Revolut (https://www.revolut.com/) might be the answer.
There is always an element of trust. When you hand it over at a counter you don't hand over your Pin. The least secure, after email, has to be a phone call.

I was done once where the most probable leak was at a plumber's merchant in Kent and my card was cloned in east London. It was picked up by fraud prevention and I was not out of pocket.

Gertrude the Wombat
20th Mar 2018, 11:14
If you want to know why a fax is okay
Good way to do things like transfer money out of your wife's bank account whilst she's travelling abroad and out of communication - send the instruction by fax (with a scanned signature of course) to her bank. Worked routinely for me in the days before internet banking.

finncapt
20th Mar 2018, 12:31
Before I started the post, I had decided I would do as megan (post 16) suggests.

I wondered whether I was being particularly cautious by not trusting e-mail but it seems that I was not.

What the thread has revealed, inter alia, is why the company could not refund to my debit card automatically.

The original need for a refund arose, I think, as I had pre-authorised my card for extras (most hotels seem to do this) and was not cancelled when I left the hotel.

I don't think there was any malice - we both forgot.

dook
20th Mar 2018, 13:24
.....don't give them you PIN number.....

What is a PIN number please ?

ian16th
20th Mar 2018, 14:30
What is a PIN number please ?
A Personal Identification Number number of course.

er340790
20th Mar 2018, 15:56
A very similar scam was perpetrated last year on a Canadian organization I have dealings with:

The organization was offering delegate conference places, for $299. An African delegate paid $317. The organization then got a call asking for a refund cheque for the $18, claiming the delegate had made a forex error. The refund cheque was duly mailed out.

The $18 cheque was then professionally altered to read $18,000. It was presented in the US at a small savings and loans bank, was endorsed and (somehow) paid out in cash.

Of course, as soon as the Canadian institution was hit with the $18,000 debit, it yelled fraud and was refunded by its own bank.

BUT somewhere in the US the cohorts of the African delegate were busy celebrating their $18,000 scam.

Must beat working for a living.

Lascaille
21st Mar 2018, 00:58
With all due respect, those of us who live in the large parts of our country with no 2G/3G/4G available and only our home wifi, and make one or two international calls a year, can't be arsed to go through all the palaver to set up Skype, and have to go through it all again 6 months or a year later when it has broke or we have forgotten how to work it. I'll stick to circuit-switched.

With the most earnest compliments, Sir, I would hope not to be considered speaking out of turn if I were to most humbly suggest that, as a person who neither travels nor requires clear, prudential or convenient international facilities, you might well find it best to disregard my suggestion.

I wish that the language allowed me the flexibility to place the words that served to target my initial advice somewhat more in advance of their - most laggardly - positioning, commencing as they did no sooner than the 7th word of the 2nd paragraph.

Clearly the time invested in reaching this point, even for the swiftest of readers, the most learned and literate of gentleman - such as yourself, sir - was not the brief amount I had anticipated, and was in fact so considerable as to justify the additional time investment of a complete reading and reply. I underestimate to some considerable degree, I suspect, the amount of intense and rigorous thought required to so impressively and continually address the vital matters of your position, I most certainly should have considered a more analytical reading pace and a period for integration and review.

I express the most humble of apologies that you found it necessary to write such a reply, sir, as honoured as I was to receive it.

Your expectations in regard to communication efficiency are most clearly understood and no further such inefficiencies will occur. Document beneficiaries will be clearly identified without the document.

I have the honor to remain,

Sir,

Your most gallant and obedient servant.