Over the last few months, I’ve had a number of experiences where people have offered to email me their credit card number.
My jaw dropped.
Frankly, I can’t believe that anyone at this point in time could possibly think that emailing a credit card number is safe.
Email is NOT secure. Never send any confidential information to anyone through email. Even if the email makes it to the intended recipient without being intercepted over the many networks it must cross, you have no idea how that email will be stored over time. Computers are hacked all the time, whether it’s a server on the Internet or one sitting on someone’s desktop. (How many people do you know that have had their computer die because of some type of malware or infection?)
If a business asks you to email credit card numbers or any other type of personal information, don’t do business with them. If you know it is a legitimate company, find another way to pay. Either mail a check, or call them with your credit card information. Sending two emails (splitting up the data) isn’t a good option. Many times, if you receive an email out of the blue asking for personal information, it’s a scam. Delete it.
As a business owner, if you have a merchant account, you risk losing the account and being fined by credit card companies if you accept credit card information via email. It’s a violation of your merchant agreement, so just don’t do it. Even storing card numbers in your shopping cart is risky. Our online store doesn’t store any credit card information in the databases at all.
Any time credit card numbers are transmitted over the Internet, the connection needs to be encrypted. That’s what the little “lock” icon on the browser or the https:// is doing. It’s encrypting the data, so the whole Internet can’t eavesdrop on the transaction and steal the data.
If you are setting up an ecommerce store to sell your books, don’t cut corners. You must either have a hosted shopping cart handle the encryption for you, or spend the money on an SSL certificate if the store software is on your own site.
I don’t care how “small” your company is. If you want to take credit cards, do it right. Even if you don’t care about losing your merchant account, it’s irresponsible to put your customers’ information at risk.
Options like PayPal are great for people who are on a budget and don’t have many transactions. Even technologically challenged people can set up a PayPal account. It’s just not difficult.
The bottom line is whether you are business owner or consumer, it is NEVER okay to send credit card information via email.