Search the Community
Showing results for tags 'financial security'.
Found 1 result
PSA: Don't email your credit card information
kristof65 posted a topic in Off-Topic RampancyARRRRRRRRRRRRRRRRRRRRRRRGHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH: So the company I contract to has a service department email address. One person in the organization is responsible for responding to these emails, but this particular email address is copied to six different people (including myself, an independent contractor for them) so that we all know what's going on if needed, and so that one of us can take over if the primary guy is out. So a customer sends an email to our service department requesting parts, and to pay for those parts, he provided his credit card info in the email - full number, name, billing address, CVC, expiration date, etc. So immediately, six of us now have his CC information. Fortunately for him, we're all honest sorts, and are not going to steal his CC info (though we can't speak for anyone on the servers in between him and us). But that's not the worst part - our guy needed more information, and replied back to the customer without stripping the CC info from the reply email. By the time I saw the email and caught that, and admonished our guy, the conversation chain had been back and forth a half dozen times, and our customer had extended it to two other people in his organization, while our guy added two more on our side. This guy's credit card information has now been spread directly to at least 8 different individuals by name, and traveled multiple times through an unknown number of intermediary servers. While I'm pretty sure no one in our organization will knick the info for personal gain, I won't be the least bit surprised if his credit card ends up being compromised at some point. DON'T SEND YOUR CREDIT CARD INFO THROUGH EMAIL. While some of the path your emails take may be encrypted from server to server, you can't guarantee that, plus most standard email clients do not store their emails in an encrypted format. And once it hits your recipients email box, you have to trust them to remove it from their computers. If they don't, and just one of them has or later gets a virus looking for that sort of stuff - boom, your number is compromised.