Now that I have your attention

I tried to sign up but it seems the information I submitted through your encrypted form wasn't sufficient and you are now requesting that I send the same information (actually more information) through non-secured channels like fax or email.

I understand the purpose of the request, but there will never be a situation where I will create digital copies of my ID and credit cards and beam them over unsecured channels.

Clearly, there are ways for you to transparently verify and authorize users based solely on the credentials they supply during sign up, because every other ecommerce site is able to do it. I use my card online all the time and have never been asked to submit additional paperwork over a $20 transaction. I am merely trying to get a VPS set up, not applying for a mortgage.

I do think it is irresponsible to request identity documents and credit card information through email or fax, and I don't see how this improves security since a legitimate person is going to be far less inclined to send such information than a fraudulent person would be anyway.

Since I already submitted the information once, I am clearly in possession of it whether I am the legitimate owner or not. And considering that the majority of your customers - myself included - could quite easily Photoshop together any requested documentation that we already possessed information for, I do not see how this evidence would be any more useful at proving my identity than hitting the submit button on your form did.

I could just as easily furnish you with a copy of my StarFleet Academy diploma or Certificate of Honorary Knighthood signed by King Arthur himself.

I wanted to give Linode a shot based on what I had heard around the net, but if you care so little about the security of your customer's identity that you would actually ask them to create a "paper trail" (electronic or otherwise) of their personal identification and credit card (front AND back?!?) exposing their CVC, then I have to question your commitment to data security as well.

I'm not trying to be an ass, but seriously, WTF? This is flawed logic at best, and despite your intentions to protect yourself from fraud, it is only an illusion of security for yourself and one that exposes your customers to identity theft.

If you can not process my order (invoice 85818) with the information I have already submitted, than you can cancel it and refund payment 562343.

Thanks

James

Why are you posting this on a public forum rather than in a support ticket?

You mean the support tickets that are for customers? Perhaps because I'm not a customer and can't log in to post one.

If you have a link for non-logged in users to submit tickets, let me know. I don't see one anywhere.

For something like this, and given the sort of information concerns, I'd probably suggest just emailing directly or calling, using the information on the contact page at http://www.linode.com/about/ (as linked from "Contact Us" in the standard site footer).

Granted, for a phone call you'll have to wait until business hours on Monday[*], but you're still likely to get a better (certainly more focused on your case) result. Likely more productive than venting here, though I can appreciate how frustrating the process seems to have been in your case.

It's possible the service@linode.com address (specifically noted as being for pre-sales concerns) is monitored much like the support system, though it's also possible that it is a business hours thing too.

-- David

[*] Edit: Now that I think about it, I think I may have gotten a support person at their number off hours in the past, so it couldn't hurt to give it a shot, even if the support person may not be able to address signup/credit questions.

Thanks David,

Actually, I'm not particularly frustrated. It is not like there is a dearth of VPS hosts and I'm not in the midst of a server emergency.

I was just trying to point out the ridiculousness of it. It's like asking me to verify myself with the same information I already used while at the same time not having any further means on their end of authenticating whatever I choose to send them.

Doubtful it's the Linode guys requiring the info - more likely it's their merchant account vendor playing their own version of fantasy security theater.

If i remember correctly the last time this was brought up.. Linode has some funky magic formular that works out the percentage/chance that there is something fraudulent in the information you have logged.

Think of it as a confidence level if you will.. Its not saying you are being fraudulent just that something you have entered has triggered it.

Granted some people could forge the documents requested, but a large percentage of the population probably could not do a sufficient job.

Im sure the linode staff have a gpg key that you can use to encrypt your copy of the documents before you send them, if you are concerned about it going over an un-encrypted medium.

Your best bet is to speak to the support people directly on one of the methods provided

_________________
ServerAdmin - www.our-lan.com
"Diplomacy is the art of saying nice doggy whilst looking for a really big stick"
"In my experiece, any attempt to make any system idiot proof will only challenge God to make a better idiot"

My account was activated when I woke up this morning.

Kinda reminds me of the sign-up farce at VPS.net a while ago where they'd spend hours examining all new customer applications and the people who complained the loudest on their forums rapidly had their accounts activated.

Guess it was the approach that if you're complaining loudly then you're genuine