Thoughts, information and reflections about technology

I heard a radio advertisor telling people to email their credit card info to him

I was listening to home improvement show on the radio today. The guest told customers that they could purchase his products by emailing their name address and complete credit card information including their ccv. He was using a Verizon email address.

If this isn’t a disaster waiting to happen, I don’t know what is. I’m sure that the guest was legitimate and was not running a scam. However, email is horribly insecure.

There are a couple of issues here.

  1. The merchant is most likely violating the terms of his merchant account by collecting credit card information via unsecured email. This can result in termination of your merchant account or penalties from your merchant account provider.
  2. As far as I know, you are never allowed to store the customer’s ccv with their account data. Emails sent this way are causing the ccv to be stored. Even if the emails are deleted, you need to make sure that they are not being stored on your email server, that the deleted itmes folder is emptied and that no backups are being kept of your emails. Missing any of those would open the merchant up to liability.
  3. Email is susceptable to compromise via packet sniffing at various levels.
  4. Consumers should NEVER, EVER send credit card information via email. There are just too many ways it can be compromised.

The merchant in this case is running a lot of risks. In addition to the penalties from the mechant account provider, he could also find himself liable for damages if it can be proven that his negligence caused a compromise of credit card information.

If you want to collect credit card information from customers, there are a number of options that are secure and easy to set up. Paypal offers the ability to put payment buttons on a web page. You can also look at Google Checkout. Both are easy to set up and the fees are in line with that of a regular merchant account. True, it might cost a few bucks to have a web designer add the functionality, but the peace of mind would be well worth the investment.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Archives
Categories
Recent Comments