Seeing @ndrw’s post about a John Lewis order being cancelled due to “security checks” reminded me of a recent experience with Namecheap, a domain registrar.
Long story short: I bought a domain off them. It all worked very well: I paid via Monzo (virtual card - this’ll be relevant in a bit) and I was up and running quickly.
I wanted to use it for email, so I sorted out the configuration and was feeling pretty pleased with myself. I intended to use it as my main email account, including Monzo.
Fortunately, I didn’t immediately transfer everything other immediately. A couple of days pass, and I receive a message:
Unfortunately, your Namecheap account was flagged by our fraud screening system and was locked. As a result, your order was canceled and refunded.
If you believe that this is a misunderstanding, please follow the instructions below to get your account verified:
- take a color photo of the credit card used for the payment at [redacted]
Please make sure all of the edges of the credit card are visible, and that we can clearly see the card holder’s name, expiration, and last four digits of the card number. If the submission does not meet these requirements we will request that you submit this information again.
A couple of days later I received a refund. Which, due to currency fluctuations meant I lost a couple of pennies.
My account was locked out. Instead, they created a ticket on their incident system, so I dropped them a note to complain. They cancelled on me in November and haven’t had the courtesy to reply.
Compared to the John Lewis example, I can understand the potential for harm here (phishing, spam etc). Although my domain wasn’t anything that (I think) resembled any firm or entity. I suppose my main gripe is that they went nuclear (what’s wrong with a suspension?) before asking questions. Then asked for a copy of something that a) they shouldn’t (in my view) ask for, and b) something that was impossible anyway.