No problem Burn, to clarify:
When I joined TFCC in mid 2011, I used a credit card that would be due to expire at the *end* of that year, so I had to fax in a copy of said card, and photo ID (passport).
When I went to order Over-Run and SG Drift at the end of January this year, as I had added my renewed card details (note, the card that I began my membership with had since expired), I was asked to provide the same details again (same ID, new credit card) -
Looking back through my emails from them, I've included the text verbatim from their emails - due to your length of concurrent membership, this may be different from older members, or you may have a check / bank transfer in place, I am unsure of how it differs with Australian members
Fun Publications, Inc. realizes that collectibles have worldwide appeal. We ship anywhere that the United States Postal Service or FedEx delivers. However, there are restrictions. Upon your first order, you will need to fax us a copy of your credit card, front and back as well as photo identification, which shows your signature to 817-448-9843. If a credit card transaction is made through our site without the fax confirmation of your identity, we reserve the right to CANCEL THE ORDER."
My membership lapsed in June (as the card I had last used on file with them had been terminated due to irregular charges as a direct result of the security breach at FunPub earlier this year).
As my membership didn't even cover anything of any worth (since they swapped portals, you didn't even get access to the Members Area that had content in it), and due to the breach itself, I happily let it lapse, as there had not been any firm news at that point on how, or when, the subscription service would work.
Idly looking at the cost details when announced this weekend, I noted that I would have to renew membership to apply for the subscription package ( this was before the service went 'live' as it were) -
I went to renew by clicking the 'renew' link on their main page, and was brought through the steps of renewal, and noted, before I added my (as far as FunPub is concerned, 'new') card payment details were required - that I would have to go through the whole 'photocopy, fax, validate' procedure again....
At which point, realising that nothing (past encryption of the e-data) has changed with them since the breach - they still require international subscribers to fax in a copy of the requested card and ID info - meaning that they are still requesting a copy of my full credit card number, expiry date, and security code on the back....
Even staff at banks and online payment systems (such as PayPal, Amazon, etc) do not have access to these numbers - they only see the last 4 digits of your card number (something I learned both at college, and was made aware of again when following up on the bogus transactions tried at the start of Feb with my bank) -
I'm aware of how 'faxed' records can be stored electronically, but the fact remains that they still require photographic proof, stored somewhere in their possession, of my full credit card details.
As often quoted by other posters on this, and other threads in relation to anything security related:
'Fool me once, shame on you.
Fool me twice...'...
The (lack) of thinking on their part at every new announcement just staggers me - they are literally like a puppy that pees the rug, is admonished for it, then continues to pee the rug....