Expedia.co.th Strange Operation

[dave111223]

We (wife and I) booked a hotel in Singapore. And had an 8% coupon for Expedia.co.th from our KTC credit card.

Like an idiot I didn't key in the coupon at the checkout until it was too late and had already completed the booking.

I contacted them right away via their customer service form (the only way to contact them) and explained the situation and asked if I could get the 8% coupon credited back to my card.

The email I got back was in English and incorrect to the point of making no sense, for example:

Thank you for contacting Expedia Thailand!

Kindly contact us to ours customer service due to we need more infomation for clarify & security verification.

After a few emails they said yes they could refund the 8% coupon, but I'd have to send them my full credit card number and expiration date via email...this seem very odd...so managed to get their phone number instead. My wife called in Thai, and again they said they can't do anything without the full credit card details. Even providing them with the first 4 and last 4 digits of the card was not enough.

They also have no physically address, so I cannot physically go down there and see why they need the full card number.

As an online merchant myself I know full well that I can refund my customers without having access to their full card number, and also there must be a reason Expedia see fit to not make this information visible to all employees.

I contacted Expedia.com, but got no response at all.

The coupon was only about 2,000 THB, so I think i'd rather just let that money go than open myself up to credit card fraud.

[FalangBaa]

I'd be willing to take the risk. 2,000 baht off is not to be sniffed at (going to be 50 quid before too long) and the risk of anyone being a victim of credit card fraud is still very low. What makes you think a reputable worldwide company or its employees who desire to keep their jobs and avoid prison would attempt fraud with your credit card number? Or are you one of those paranoid maniacs who thinks a malicious third party is going to be listening in on their phone conversation somehow? Relax. 2,000 baht is 2,000 baht. I found a 100-baht note walking down the street yesterday and I'm still ecstatic over it. By the end of next year, 100 baht is probably going to be worth about £10, so I'm hoarding huge wads of 1,000 baht notes now. (Don't trust sterling.) No, not inside my mattress.

[dave111223]

I'd be willing to take the risk. 2,000 baht off is not to be sniffed at (going to be 50 quid before too long) and the risk of anyone being a victim of credit card fraud is still very low. What makes you think a reputable worldwide company or its employees who desire to keep their jobs and avoid prison would attempt fraud with your credit card number? Or are you one of those paranoid maniacs who thinks a malicious third party is going to be listening in on their phone conversation somehow? Relax. 2,000 baht is 2,000 baht. I found a 100-baht note walking down the street yesterday and I'm still ecstatic over it. By the end of next year, 100 baht is probably going to be worth about £10, so I'm hoarding huge wads of 1,000 baht notes now. (Don't trust sterling.) No, not inside my mattress.

All it would take for them to do it write down the credit card number and expiration date, then sell it to someone, who would then start order stuff online shipped to Africa or somewhere (you can still process payments some places without the security code, or just guess the 3 digit security code). I'd have no way to prove that it was stolen by an Expedia employee. Trust me, when you are in the business of selling online, you know that credit card fraud/theft is still a real problem.

I've used Expedia many times and have had no problems at all, but this is the first time i've actually contacted Expedia.co.th and doesn't seem very professional at all. I was half expecting the email to start talking about how their uncle in Benghazi who has 10 million dollars but just needs $50 via Western Union to unlock and split it with me.

And the point is why would they even need this information to issue a refund or partial refund in this case?

If I called my credit card company and said "should I send out my full credit card number and expiration date via phone or email to someone I've never met" what do you think they'd say?

I know that 2,000 is nothing to sniff at, but compared to having someone run up 100,000s in fraudulent bills on my card it seems a small amount.

Edited March 4, 2013 by dave111223

[stevenl]

I'd be willing to take the risk. 2,000 baht off is not to be sniffed at (going to be 50 quid before too long) and the risk of anyone being a victim of credit card fraud is still very low. What makes you think a reputable worldwide company or its employees who desire to keep their jobs and avoid prison would attempt fraud with your credit card number? Or are you one of those paranoid maniacs who thinks a malicious third party is going to be listening in on their phone conversation somehow? Relax. 2,000 baht is 2,000 baht. I found a 100-baht note walking down the street yesterday and I'm still ecstatic over it. By the end of next year, 100 baht is probably going to be worth about £10, so I'm hoarding huge wads of 1,000 baht notes now. (Don't trust sterling.) No, not inside my mattress.

All it would take for them to do it write down the credit card number and expiration date, then sell it to someone, who would then start order stuff online shipped to Africa or somewhere (you can still process payments some places without the security code, or just guess the 3 digit security code). I'd have no way to prove that it was stolen by an Expedia employee. Trust me, when you are in the business of selling online, you know that credit card fraud/theft is still a real problem.

I've used Expedia many times and have had no problems at all, but this is the first time i've actually contacted Expedia.co.th and doesn't seem very professional at all. I was half expecting the email to start talking about how their uncle in Benghazi who has 10 million dollars but just needs $50 via Western Union to unlock and split it with me.

And the point is why would they even need this information to issue a refund or partial refund in this case?

If I called my credit card company and said "should I send out my full credit card number and expiration date via phone or email to someone I've never met" what do you think they'd say?

I know that 2,000 is nothing to sniff at, but compared to having someone run up 100,000s in fraudulent bills on my card it seems a small amount.

It is quite common in Thailand to send credit card details for bookings.

[davejones]

Quite easy for fraud to take place if you email your credit card details. It's not being paranoid at all. I had credit card fraud after booking with an east European airline. All the fraud pointed to someone at the airline using the card online. Everything was refunded, but it took about 6 weeks. So cancelled my credit card (Barclaycard) because of the poor customer service. They agreed it was fraud right away, but still took 6 weeks to refund - unacceptable.

[enyaw]

It's not unusual for a reservation system to block out your card details after a payment has been made, it's not a case of we don't trust our employees more of a case of don't give anyone the chance? Saying this though it's not really a great idea to send your card details via email either, more safe to supply over the phone or if they can send an attached form to fill out which is password protected.