Groupon Credit/Debit card details

thephatdj

I have been using Groupon for a little while now, it's been ok ish up until now.
I have had a refund due to oversubscription of an offer and this was refunded as a credit to my Groupon account but not my card, still no issue for me I guess.

I purchased a voucher on the website and obtained the link emailed automatically to me, there was a charge for delivery of the items, which was expected and paid without issue.
However when I check my bank account I see that Groupon have taken a payment from my account by using stored debit card details they hold and not take it from the Groupon account credit as expected.

I called Groupon customer services and asked where my debit card details were held and why could i not see the card details minus the first 12 digits on my account page.
I could not get an answer from them, I asked how they managed to take a payment from my account using the card without me authorising the transaction or entering the CV2 digits on the back of the card.
I was informed that the card details are stored on their system for easier payment.
I asked for my details to be removed and not be stored in the future. I am awaiting confirmation by email.

Can someone please confirm whether Groupon are actually acting within the law regarding the storage of credit card details?

According to the PCI Security standards website merchants aren't allowed to retain the CV2 data.

What is the issue here I hear you ask, well it means that purchases can be made through your groupon account without anyone requiring proper authorisation, so is there a possible security issue for Groupon and its members or am I just being too cautious?

Azari

Inform your bank that they have taken a payment you did not authorise.

The more people who kick up a stink about this appalling outfit with whomever they can the better for everyone.

thephatdj wrote: »

Can someone please confirm whether Groupon are actually acting within the law regarding the storage of credit card details?

According to the PCI Security standards website merchants aren't allowed to retain the CV2 data.

Well, Amazon and paypal seem to do it without any problems.

Vicky46

My understanding is that your bank have contact numbers with companies who debit their customers account, they also have a facility for such issues whereby they send you a form and when you return the form with the details, they act on it to have your money refunded.

arcon5

Vicky46 wrote: »

My understanding is that your bank have contact numbers with companies who debit their customers account,

I doubt it, in my experience they are useless when it comes to tracking a debit. They'll tel lyou the company/merchant who make the request and thats it. They are not directory enquiries.

Vicky46 wrote: »

they also have a facility for such issues whereby they send you a form and when you return the form with the details, they act on it to have your money refunded.

It's called a chargeback (link at top of page). They remporarily refund you (if your situation qualifies for this that is), then request further information about the transaction from the merchant, then make a decision as to whether to uphold the refund and request reimbursement from the merchant account the retailer is using or callback the temporary refund.

arcon5

thephatdj wrote: »

I have been using Groupon for a little while now, it's been ok ish up until now.
I have had a refund due to oversubscription of an offer and this was refunded as a credit to my Groupon account but not my card, still no issue for me I guess.

I purchased a voucher on the website and obtained the link emailed automatically to me, there was a charge for delivery of the items, which was expected and paid without issue.
However when I check my bank account I see that Groupon have taken a payment from my account by using stored debit card details they hold and not take it from the Groupon account credit as expected.

I called Groupon customer services and asked where my debit card details were held and why could i not see the card details minus the first 12 digits on my account page.
I could not get an answer from them, I asked how they managed to take a payment from my account using the card without me authorising the transaction or entering the CV2 digits on the back of the card.
I was informed that the card details are stored on their system for easier payment.
I asked for my details to be removed and not be stored in the future. I am awaiting confirmation by email.

Can someone please confirm whether Groupon are actually acting within the law regarding the storage of credit card details?

According to the PCI Security standards website merchants aren't allowed to retain the CV2 data.

What is the issue here I hear you ask, well it means that purchases can be made through your groupon account without anyone requiring proper authorisation, so is there a possible security issue for Groupon and its members or am I just being too cautious?

You don't necessarily need the security digits to put a payment through. The retailers merchant console will allow them to adjust the security level and choose whether to pass or fail a payment based on certain criteria, for example address match, CV2 match, enable/disable 3D secure.
It's just retailers will demand the CV2 field matches to reduce the risk of fraud -- in the same way most enable 3D Secure.

Also, an online retailer doesn't necessarily need to even store the card information. You can charge a card by 'cross-referencing' a past transaction. So for example, you pay them £10, this transaction generates a CR ID No., you at a later date then use this CR ID to charge the card. A web developer can integrate this into their systems easily.
I do this alot for regular customers and/or recurring payments. When the customer phones I can click a single button on the epos software and payment is complete -- no entering data ect