https://blauwestadtechnologieen.blob.core.windows.net/brand-assets/blue-city-capital-technologies-default.png
https://blauwestadtechnologieen.blob.core.windows.net/brand-assets/blue-city-capital-technologies-default.png

Talk with us

If you would like to make an appointment with our sales team, fill out the form below or use the help widget at the bottom of this page.

First Name *

Last Name *

Position *

Company *

Address Line 1 *

Address Line 2

City *

State *

Zip Code/Post Code *

Email *

Telephone *

LinkedIn Profile

Stay up to date with product updates, tech insights, and company news from our U.S. engineering team. You can unsubscribe from our newsletter at any time with a single click.

We value your privacy and security. When you provide us with your contact details, you can feel confident we will handle your data with care. Our Privacy Statement outlines our commitment to collecting, storing, processing, and deleting your information responsibly. Please review it to learn more about how we respect your data. Rest assured we only use your contact information for the purposes you authorize. *

Why is this relevant?

Browsing a website from your actual location rather than through a VPN (Virtual Private Network) is important for several reasons, primarily revolving around the accuracy of information, compliance with legal requirements, and ensuring appropriate access.

Accurate Content and Services:

Websites often provide content and services tailored to specific geographic regions. This could include localized news, pricing, availability of products/services, or language-specific content. Accessing a website through a VPN may misrepresent your location, leading to inaccurate or irrelevant content being displayed. For example, you might see prices in a currency that doesn't match your actual location, or services that are not available in your region may appear accessible.

Legal and Regulatory Compliance:

Many websites and online services are subject to legal and regulatory requirements specific to certain regions. For instance, data privacy laws such as GDPR in Europe or CCPA in California impose restrictions on how personal data is collected, stored, and processed based on the user's location. Accessing a website through a VPN might mask your actual location, potentially leading to non-compliance with these regulations if you're interacting with content or services not meant for your actual geographic area.

Security Concerns:

VPNs are often used to enhance online security and privacy by encrypting internet traffic and masking IP addresses. However, some websites might restrict or block access from VPN IP addresses due to concerns over abuse or malicious activities. Attempting to access such websites through a VPN could result in denied access or additional security challenges.

Quality of Service:

Some websites or online services might adjust their performance or service levels based on the user's geographical location. This could affect factors like server response times, network latency, or overall service quality. Using a VPN might inadvertently route your traffic through servers that are not optimized for the best performance, impacting your user experience.

Ethical Considerations:

From an ethical standpoint, accessing content or services through a VPN to misrepresent your location might violate terms of service agreements or undermine the principles of fair use and access intended by content providers.

OVH Cloud demands photos of customers’ credit cards.

May 04, 2026 12:25

Asif Balwani

Roubaix, France

/assets/images/IMG_0590.jpeg

Credit: Actuia.Com.

OVH Cloud are asking people to email them images of their credit cards to “minimize credit card fraud and prevent malicious use of our services”

If you were to hire an anti-fraud specialist for your firm, and that supposed specialist began asking your customers to send full images of their credit cards, front and back, with sensitive details clearly visible, would you be even the slightest bit concerned? Most reasonable people would see that as an immediate red flag. After all, the very purpose of fraud prevention is to reduce exposure to risk, not introduce new vulnerabilities through questionable practices.

And yet, this is precisely the kind of behavior that is being justified here.

Clearly, French-based cloud provider OVH Cloud do not seem troubled by this contradiction. They claim to have an “anti-fraud” team in place, an entity that should embody best practices in safeguarding user data and minimizing security risks. But when that same team instructs customers to transmit highly sensitive financial information, like credit card images, via email, it raises serious concerns about their understanding of basic security principles.

Email, as a communication channel, is fundamentally insecure for transmitting confidential data. Messages can be intercepted, misdirected, stored indefinitely on multiple servers, or accessed if an account is compromised. Encouraging customers to send payment card details without making it clear that all but the remaining 4 digits needs to be redacted, through such a medium does not just skirt the edges of acceptable practice. It crosses well into territory that most security professionals would consider negligent.

An anti-fraud team that promotes this kind of behavior is not functioning as a protective measure. It becomes a potential liability. The irony is hard to ignore. In attempting to verify identity, they are effectively asking users to engage in the very behavior that fraud prevention guidelines universally warn against.

This was not a hypothetical scenario. It was my actual experience while searching for a new web hosting provider. When I attempted to proceed with setting up a server, I was instructed to provide verification by emailing images of my credit card. Understandably, this request felt inappropriate and unsafe.

What is perhaps more concerning is that, despite these issues being raised, they continue to insist that this process is “PCI-compliant.” That claim, on its face, seems difficult to reconcile with widely accepted interpretations of PCI DSS, the Payment Card Industry Data Security Standard, which emphasizes minimizing the storage and transmission of cardholder data, especially through insecure channels.

At best, this suggests a troubling disconnect between policy and practice. At worst, it reflects a systemic misunderstanding of what genuine fraud prevention should look like in a modern, security-conscious environment.

There are now companies out there who specialise solely in identity verification, for use cases such as employment checks, or indeed purchasing certain product’s such as cloud servers. There are plenty of better, more secure ways to verify someone’s identity without having for pose for selfies with your credit card.

It’s clear that OVHCloud didn’t get the memo that’s it’s no longer 2005.

The TLDR of this is just don’t hire any former OVH Cloud employees as your security consultant, or could be open to numerous data breach litigations.

Have you been affected by anything mentioned in this article and want to have your story heard? Contact us at press@bluecitycapital.com

Search tags

#data
#ovhcloud
#news
#dataprotection
#databreach

The content of this communication, including any opinions expressed herein, is solely for informational purposes and does not constitute legal, financial, or professional advice. Any views or opinions expressed are those of the individual author and do not necessarily represent those of or its affiliates. While every effort has been made to ensure the accuracy and reliability of the information provided, no guarantee is given regarding the completeness, accuracy, or reliability of the content. Readers are advised to independently verify any information presented and seek professional advice where necessary. This communication may contain statements that constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are inherently uncertain and involve risks and uncertainties that could cause actual results to differ materially from those anticipated in such statements. This communication is subject to copyright and may not be reproduced, distributed, or transmitted without the prior written consent of . Any unauthorized use, disclosure, or distribution is strictly prohibited. This communication is not intended to defame, slander, or libel any individual, organization, or entity. Any statements made are based on the author's honest opinions or beliefs and should be interpreted as such. If you have any questions regarding the content of this communication or require further information, please contact us at press@bluecitycapital.com