We're calling time on Splatt.co - cancel your cards ASAP
In our earlier post on Splatt.co, we asked for readers to provide information on the company or its operations. We're now confident in advising anybody who has placed an order with Splatt to take immediate action and cancel whatever cards used to make the purchase.
Why are you advising customers to take action?
We received an email from a source with specific knowledge about major credit card fraud. They have highlighted several key issues with the Splatt website:
• Splatt requires all customers to provide their data of birth, whether ordering online (this is requested during registration) or by phone - mostly unheard of when ordering from any other retailer. This is because information like DOB can be used to reset some security measures, like Verified by Visa. It also makes personal data far more valuable if sold.
• the website doesn't process any card details; instead it is running a script ("obtained from an underground source," according to ours) that knows what format card details should be in, i.e. Visa card numbers should begin with a 4, Mastercard with a 5 etc. The information is simply being collected for use at a later date. The web address of the payments page clearly shows that the payment processor is in an offline state.
• whenever you make an online purchase, the billing address has to match the card details. In the case of Splatt, customer addresses are not being verified because again, the site isn't actually processing any information. To prove the point, we've successfully ordered a 16GB iPad using a fictitious name, an incorrect address and random credit card number:
We've since received an email confirming our order (an "Apple iPad With Wi-Fi 16GB Wi-Fi, White" - who knew?); simultaneously another email arrived to claim no stock availability would cause a "slight delay in delivery". Splatt isn't interested in charging you right now, presumably because if you're not charged and you don't receive the goods, you might forget you ever handed over your details.
If I made a purchase from Splatt, what should I do?
According to our source, the people who now have your information will not use it immediately, but "at a later stage in card fraud".
If you used a credit card for a purchase over £100, your credit card company should cover any losses. If that occurs, you'll have to cancel your card regardless. Debit cards don't offer such protection, meaning you're exposed to fraud from now on.
In other words, you need to take action now. Contact your credit card provider immediately, explain the situation and cancel your card. It may cause you inconvenience in the short-term, but better that than risk your details being used against you.