

Ask HN: Fishy Travel Post-Booking Request - smachimo

This is my first post on here, but I thought it might be interesting. Here's the skinny:<p>Two flights were booked with an online service, let's call it "Woohoo". The name on the credit card used in the transaction was the same as the name on one of the tickets. This person also purchased a ticket for a second person.<p>From my experience using any service to book flights online, they simply send a confirmation email and ticket combo.<p>So here is where things went fishy. They sent an email with a subject saying "3rd PARTY <i></i><i>URGENT - CREDIT CARD AUTHORIZATION REQUIRED FOR BOOKING</i><i></i>". The entire structure of the email is very poor and unprofessional (only writing, no logos, varying size of font, 3+ font colors, CAPS, <i></i>*, etc). Now the smelliest bit of info in this email is as follows:<p>__________<p>By accepting the terms and conditions during the reservation process, you have agreed to submitting the following required information.<p>In order to release the tickets we require all of the following information faxed or scanned and emailed:<p>From the credit card holder:
1) A legible copy of a photo identification.  We will only accept the following: Valid Passport or Valid Drivers license
2) A letter stating that the cardholder (by name) is authorizing WOOHOO to charge the credit card on behalf of the passenger travelling (by name).  The booking number and the amount to be charged must also be in the letter.
3) A legible signature from the cardholder must also be present on the letter.
4) A legible copy of credit card used front and back<p>From the passenger:
1) A legible copy of a photo identification.  We will accept the following: Valid Passport, Valid Drivers license or Valid birth certificate.<p>This information must all be faxed to XXX-XXX-XXXX attn: Web Department 
You can also scan and email the information to WOOHOO@woohoo.com
__________<p>What's your thoughts? I can vaguely imagine the need for such a confirmation, but it looks shady! Imagine a page including a valid identification of you, the front and back copy of your credit card, and your signature getting into the wrong hands. And also, the thought of faxing a page like this is troubling. I'm under an assumption that "reputable" online companies will protect customer credit card numbers in a fairly thorough manner, but it's acceptable to fax this info along with other valuable info...? I wonder what their security is like around a fax machine.<p>Let me know if I am out to lunch on this, otherwise, how would you handle this? Hope this was interesting and sorry for the novel :)
======
smachimo
Turned out for the worst. This wasn't someone working their end of the system.
This is an actual practice of their because of fraud in the past. Supposedly
this confirmation allows them to sleep better at night.

Not very impressed. I thought companies were not allowed to keep records of a
customer's credit card number? Wouldn't this be breaking that very rule and
than some?

------
hga
Sounds fishy enough to me that I'd back out of this transaction and book with
another company.

