We're calling time on Splatt.co - cancel your cards ASAP

29 December 2010

Splatt scamIn our earlier post on Splatt.co, we asked for readers to provide information on the company or its operations. We're now confident in advising anybody who has placed an order with Splatt to take immediate action and cancel whatever cards used to make the purchase.

Why are you advising customers to take action?

We received an email from a source with specific knowledge about major credit card fraud. They have highlighted several key issues with the Splatt website:

• Splatt requires all customers to provide their data of birth, whether ordering online (this is requested during registration) or by phone - mostly unheard of when ordering from any other retailer. This is because information like DOB can be used to reset some security measures, like Verified by Visa. It also makes personal data far more valuable if sold.

• the website doesn't process any card details; instead it is running a script ("obtained from an underground source," according to ours) that knows what format card details should be in, i.e. Visa card numbers should begin with a 4, Mastercard with a 5 etc. The information is simply being collected for use at a later date. The web address of the payments page clearly shows that the payment processor is in an offline state.

• whenever you make an online purchase, the billing address has to match the card details. In the case of Splatt, customer addresses are not being verified because again, the site isn't actually processing any information. To prove the point, we've successfully ordered a 16GB iPad using a fictitious name, an incorrect address and random credit card number:

Bitterwallet - Splatt.co order confirmation

We've since received an email confirming our order (an "Apple iPad With Wi-Fi 16GB Wi-Fi, White" - who knew?); simultaneously another email arrived to claim no stock availability would cause a "slight delay in delivery". Splatt isn't interested in charging you right now, presumably because if you're not charged and you don't receive the goods, you might forget you ever handed over your details.

If I made a purchase from Splatt, what should I do?

According to our source, the people who now have your information will not use it immediately, but "at a later stage in card fraud".

If you used a credit card for a purchase over £100, your credit card company should cover any losses. If that occurs, you'll have to cancel your card regardless. Debit cards don't offer such protection, meaning you're exposed to fraud from now on.

In other words, you need to take action now. Contact your credit card provider immediately, explain the situation and cancel your card. It may cause you inconvenience in the short-term, but better that than risk your details being used against you.

TOPICS:   Scams

66 comments

  • David M.
    Hope not too many people fell for this. If what you say is true at least cancelling now should mean you're safe enough. However will this trigger them to start trying to use the numbers. The marketing campaign seems quite expensive to have run to farm numbers for later use.
  • Ross
    Not used the site myself but very pleased to see an article like this on here. This is what Bitterwallet should be about - really helping consumers. Well done.
  • Denny
    There is a slight inaccuracy not regarding Splatt.co in this story, I know of another retailer who asks for DOB. Play.com do and say it's for verification purposes.
  • Paul S.
    Hi Denny - interesting. Is that the case when you register, or every time you order? I don't remember having to give it in the past? Ross - cheers; this sort of stuff doesn't happen every day, but we'll always take it up as and when readers pass it on to us.
  • Jimbo
    DSG also ask for DOB, PC World site specifically I only signed up the other night. Some others do as well can't remember off the top of my head but I know I have had money off vouchers for my birthday for some online stores. But good work on outing splatt, set of (unts. (Splatt not you)
  • john s.
    Dear Bitterwallet Just to even up the argument I reieved my Ipad last week for 329 doller. I be having another 400 shipment comig in this week. Pleaase send over card details and I do them for 200! John (Nigeria)
  • RazorD
    (Sorry for all the posts) Their web developers have a blog post all about splatt.co's launch.. http://www.series3graphics.co.uk/blog1/?p=9
  • RazorD
    Hum. It appeared to delete my other two comments... Anyway! I suggested you contact their ISP, heart internet ([email protected]) and raise your concerns. They should be able to get in touch with someone there and figure out if they are genuine, and close the site if needbe. Also worth pointing out they're using a free, open source, quick and easy setup software for their website called PrestaShop.
  • paul
    Yeah i ordered some UGG boots a few weeks ago from SPLATT that never turned up. My bank has phoned me and said my credit card details have been used in the USA for digital music downloads to the amount of £233. My bank has canceled my credit card and are saying because i gave them my details i am liable for the cost even though it was a credit card. Thought credit cards protected you from this ........
  • RazorD
    They've also been suspended by Twitter, which suggest they've been spamming or have broken something else in twitters terms..
  • Paul S.
    Hi Jimbo - lots of websites will ask for DOB when signing up online - plenty will wish you a happy birthday or send special offers on the day, as you say. With Splatt, you have to give you DOB if you *call them to make an order* - I honestly can't recall another retailer that does that. If they'd only collected that information as part of the registration, I don't think it'd raise any flags.
  • NotEvilDave
    @RazorD That blog also had mention of them co-operating with Trading Standards RE the site. But that blog entry is gone now - funny, that.
  • Chris
    Good article BW! More articles like this would be great instead of the inaccurate polls!
  • Denny
    @Paul Smith, Play.com ask it when you wish to change your credit or debit card (unlike most retailers you can only have one with Play.com) and they retain it. I'm not sure about registering but I assume they'd ask for it when they first take payment details.
  • rob
    Well done bitterwallet. I've seen their web designers on Moneysavingexpert defending the company and I feel a bit sorry for them as it appears they have been involved in setting up a site for a load of scam artists which has made them look mugs in fairness. One thing to note though is that like someone said earlier there are a lot of sites out there that are very similar and use the same template. Hope these crooks get sent down anyway.
  • Source
    @everyone on about DOB. Legimate companys ask you for DOB as they use it to ask security questions when you contact them. Most of the above mentioned companies are safe companies to give your DOB and these are companies that CAN BE HELD LIABLE for misuse of your information. Why not put the whole DOB issue to the test yourself and SEE how easy it is to re-set your password using the details you supplied splatt, your dob and your postcode.......... then and then wake up and see what is really going on.......... http://www.visaeurope.com/en/cardholders/verified_by_visa/faqs.aspx right down near the bottom also tells you how easy it is.......
  • Matt
    "Your is Order Complete" should have rung alarm bells really
  • Tom
    I think the clue with this is the web designers... their blog post seems overly positive and also mentions that.. "S3G also operate all databases and the dedicated server on which the ecommerce store runs. With more than 97% uptime and unlimited bandwidth, we ensure that the site remains stable with upwards of 50,000 customers browsing and placing orders at the same time." So why don't they pull the plug? or is this something to do with them, as surely if they designed it, they added the credit card capturing scripts so are in on the whole scam??
  • Eddiex
    The thread on HUKD was started on the 9th of December,I emailed Bitterwallet on the same day informing of a possible scam.Nothing appeared on Bitterwallet until 20th Decemember.I wonder how many poor sods were shafted in the 11 days in between.
  • Paul S.
    Hi Eddie, I've just been through the inbox and can't find your email - which address did you send it to? To be fair, there's nothing to say we would have reached today's conclusion any quicker; it still took us ten days to reach a point where we felt confident in advising people to cancel their cards.
  • Snowball
    So, if the card details are being stored rather than processed, doesn't this mean that Simon Daley of S3G is totally in on it?
  • Deepz
    This is a decent article. Well done.
  • Mark
    I know nothing about the site in question but I've worked somewhere where they stored credit card details in a secure online database and then manually entered them into a card terminal at time of order despatch. And this was commercially available shop front software. It's no different to taking an order over the phone. And if you're a small traditional shop setting up your first online presence and you're not expecting high volumes of orders then it's cheaper and easier. Though that does conflict with claims of handling 50,000 orders at the same time. :D
  • BB
    So did you phone the sales line and question them..? Or was there no answer/just machines?
  • Steven (.
    Simply put DOB should not be a security measure, ever, its a stupid security measure by the very nature of it being insecure in the first place (eg other people publicly know your DOB, other companies knowing your DOB - most Public sector areas spring to mind, even email sign up wants your DOB) Must admit I have trouble remembering, when needed, which fake DOB I used for which site/email addy though - the whole DOB thing is f*ing stupid. However it has let me be twenty one for a long time now.
  • Mess
    What was the name of the company a couple of xmases ago that shafted loads of people with their cheap TVs? They got as far as advertising in the national press- The Sun ran their ads and when they eventually pulled them, they failed to report the massive scam! Yet again this is a case of low prices being a sign of a con. I fail to believe anyone could think that they could get an apple product right before christmas at a reduced price
  • John
    Snowball - Clearly yes, aside from the so called web design appearing to be suspiciously similar to the Republik site, the web design company appeared the same time as Splatt and the web design's site rather hilariously lists the e-mail address in plain text replacing the at sign with (at) to foil harvesting bots rather than the large number of proper techniques a proper web design company should know to use (as all pointed out on the HUKD thread). Even if the web design company was a proper one and Splatt was entirely independent I think it's highly unlikely they would pay money for a web design company to design an entire legit website then go into it themselves and replace all the genuine card payment systems with a collection system instead.
  • digriz
    Excellent article. Well done BitterWallet.
  • Paddy
    Cracking article BW! I fear that you are preaching to the converted on this one though and the people who need warning probably do not read BW or HUKD....
  • Tim B.
    @paul - your credit card company are trying it on. You need to have authorised every specific transaction - giving play.com your card details doesn't mean they can go any buy themselves a new telly with it. Same concept. Get back to them, follow their complaints procedure, and take it to the ombudsman/small claims court if you don't get anywhere.
  • Henvig
    Not been involved with this company, thank goodness! I like to think I'm reasonably intelligent, but I when you're being run through an expected routine to place an order, especially if a great bargain is in the offing, you can get caught out. Thank you for a very timely cautionary tale BW!
  • SB
    The designers look a bit dodgy too.. thier only other clients appear to also be a brand new company.
  • dvdj
    @paul & Tim B - if the UGG's were under £100 though the bank wouldn't cover it would they?
  • bob
    I wouldn't be surprised if the design firm was just a front to help the splatt scam. Their logos are crap and are mostly just standard fonts. Submit a few of the logos to www.tineye.com and you'll see.
  • graeme
    all just place fake orders with fake details and over-run their database with crap they can't use
  • Graeme
    ordered 30 apple products for a bargain!
  • Graeme
    ofunnily enough, order is now on backorder :) http://b.imagehost.org/view/0916/graborder
  • groovyf
    Excellent. The Queen will be happy with me... 20 iPads going her way...
  • Adam
    Hi this is right the store does NOT exist. I have utilised contacts and found that it is totally corrupt. I have cancelled our cards. Strongly reccomend that if anyone has bought from them Do the same!!!! You will not get your goods. Just hassle from them selling your details to a 3rd party. Not Good.
  • Martin M.
    I already knew about this shit.
  • z
    "ofunnily enough, order is now on backorder :) http://b.imagehost.org/view/0916/graborder" i hope you got quidco on that...
  • Abs
    Good article, just for future reference companies by law have to advertise an address, if you cant find one dont buy none! I got stung by SKY tv indian call centre rep at the beginning of the year, I know it was Sky as I had not used that card and the details they were giving was my wifes name on my card, I am not racist but I will not deal with any company thats using indian call centres anymore. People beware and take care
  • Dex
    Erm...i would have thought any e-tailer that sells (for example) DVDs/Games would ask for DOB as per the BBFC/PEGI related legislation (VRA 1984) given that you can get a debit card if you are under 18
  • At B.
    [...] We’re calling time on Splatt.co – cancel your cards ASAP That a two day-old post is the eighth most popular of the year is a bit of an eye-opener. [...]
  • shinkyshonky
    Thanks for a blinder of investigative internet/real world scamery ...this is probaly the best bitter wallet story this year well done guys
  • Jenny
    Unfortunately , found all these threads AFTER my 18yr old ordered a couple of items...left it 6 days until uncovering the real story ! However, she cancelled her debit card, ( no money taken) we called Which, Crimestoppers, and Consumer Direct and posted on hotukdeals to hopefully raise awareness. I have just paid through CIFAS to have her details Protective Registered in case of future fraud attempts on her credit file. Feel sick that they have those sensitive info details. Hope everyone comes out of this ok.
  • PaganWolf
    http://www.mayfairpoint.co.uk/virtual-offices/Packages is the company that provided the address. £60 initial outlay and you can have what looks like a legit london address or £100 and it's all singing all dancing with phone. From now on I believe I will google the address of any new site I may be thinking of using and seeing if it's just a supposedly legal front like this.
  • Tim
    "Thought credit cards protected you from this" - only from the point where you report it. Any transactions so far are your liability. Though if the card company detected it, they should be blocking these transactions and/or covering costs from that point! (mine did, the couple of times I've been hit). As for Splatt - Bitterwallet, have you contacted the authorities? Crimestoppers, Serious Fraud Office, OFT, etc.
  • e j.
    ordered from splatt next day got phone call to ask if i ordered a stone island jacket to be delivered to nottingham i live in scotland from another company told them no but to late £550 taken from my bank account contacted fraud team at bank they are looking intothis the company that phoned me refunded the money and kept hold of the jacket bank cancelled card once bitten twice shy. this is not good publicity forother genuine websites how low can some people sink.
  • Glenn
    I have just phoned my bank and cancelled my card after placing an order on Boxing day. No money was taken and, according to my bank, there is no suspicious activity with my account. By cancelling my card will that be the end of it? or is there anything else I should be doing? I notice on a previous post somebody has mentioned CIFAS!!!!
  • Stacey
    I ordered a tracksuit from splatt.co on the 20th december, Phoned the bank yesterday n cancelled my card as they hadn't took the money out, better to be safe than sorry
  • Louise
    Thanks for this very informative article. I had ordered from Splatt just before Christmas & went online tonight to check progress - their website appears to have disappeared! Suffice to say I have now cancelled my card, thankfully before any money was taken & before any suspisious activity.
  • Len D.
    Is this the first example of a possible repercussion of this scam?! http://www.hotukdeals.com/misc/splatt-co-anyone-heard-of-them-ipad/822393/?page=4#post10297138
  • Ali
    Anyone know the implications on having used a Visa Electron??? I called Halfiax and say that because i provided Splatt the details on my own accord that it cannot be classed as fraud. How ridiculous. Because its a Visa whatever they have taken out will not be covered by Halifax. I have cancelled my card - so if they do not take anything out now does that mean they wont be able to in the future?
  • Len D.
    Ali - Whoever you spoke to is ill-informed. It is fraud as they are using your card details which were intended for a previous transaction and now doing so unauthorised. Telephone your bank and say to them that you are aware that Visa allow a "charge-back" for unauthorised use of bank cards. This also includes Visa Electron. At first they may not recognise this procedure but when it escalates someone should be able to assist. Please let me know how you get on. Len
  • Ali
    Ali - the above post was an option in case they take money in the meantime. If you cancel the card they will not be able to take money as it should decline.
  • Len D.
    Ali – the above post was an option in case they take money in the meantime. If you cancel the card they will not be able to take money as it should decline.
  • Ali
    Hey Len. Thanks for the reponse. I have checked my statement. "Splatt" have not taken anything out of my account for the order i made Dec 31/12/10. I have also cancelled my card. Anyways this has made me vigilant for the future for sure. Certainly not happy with Halifax customer services. The woman on the phone did say because i readily & willingly offered my details on the website it cannot be classed as fraud which threw me back a little. She didnt even suggest i cancel my card which was my idea and she said "to wait 30days after they have withdrawn money" from my account. I think i will be complaining and getting management to listen to the call. One things for sure. Even though we have cancelled our cards. These fraudsters now have our names, addresses and dobs. I feel sorry for the folk who have not yet realised they have been had.
  • Len D.
    Ali - Remember this experience for the "BitterWallet Worst Company of 2011"!
  • mick b.
    i placed an order on the 17th of dec and received an email saying due to adverce weather there would be a delay.i made the payment with my visa electron debit card should i contact my bank.no money has been taken out of my bank yet
  • aileen
    Have just cancelled my debit card after reading this. Ordered uggs as a gift for someone on 14th Dec...have tried to email and phone splatt no response.....website has now vanished and phone lines are just a message !Really annoyed as I only ordered as I got a leaflet through the post and thought it was legit!and guess where I live...SCOTLAND! like most of the rest of you!!!!thankfully no money has been taken...lesson learned!
  • Ali
    @mick - as far as i can tell no payments have been taken out from anyones orders. Not sure what the criminals reasons were - possibly to sell the details on to other criminals. Any case just ring your bank and cancel the card. If no money has been taken out then they will never be able to take anything out in the future once the card is cancelled and a new one replaced.
  • Jo
    Ordered Uggs from Splatt in December which of course never arrived - the money has now been taken from the visa account used, and in fact has escalated into a case of identity theft which the police are involved with. A number of catalogue accounts etc have been opened using the details provided to Splatt. The visa company have credited the money back, but horrible thought that someone is using my identity.
  • jenny
    sorry to hear that Jo, hence my post on 01 Jan re CIFAS. It cost about 14 quid for a year but worth it if it blocks any attempt to use her details fraudulently. Gd luck.
  • zoe
    I cant believe it i ordered from splatt the week before christmas and then cancelled a couple of days later .I recieved a email saying order delayed never thought anything else about it .Then this week i recieved a letter from my bank saying that there was suspicious activity on my account two top ups of 15 pound to o2 and other small amounts trying to be taken by various web sites ?????
  • lyn
    I have just received a splatt catalogue through my doorn I to live in scotland. Went online to read all this, how on earth are they still able to send this out ?? Thankfully I'm fortunate enogh to dicover this website is unavailabe but its now Aug 2011 and there still at it somehowm

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment