Never Email Credit Card Information!

Sending credit card information through email is not safe and can lead to identity theft. To prevent this, we have created the back office system at and  These sites send credit card information to us using what’s called Transport Layer Security (TSL), a protocol designed to communicate securely over the internet.  You can recognize sites that us TSL because the web address in the top bar of your web browser will start with “HTTPS” rather than just “HTTP”.  When you use a website that sends data securely, the information you submit is encrypted.  Any identity thieves or other nefarious individuals can try to eavesdrop on your activities, but the ”conversation” will be encrypted.  You can think of it like the modern radio transmitters that the military and police forces use.  Civilians can buy a scanner from RadioShack but still won’t hear (or understand) the digital signals.

Why is email not secure?  First, there’s often no encryption in transit for email, and it is surprisingly (frighteningly) easy to listen in on unencrypted web traffic. Even if you use an email client like Gmail, which uses TSL, it only works from point to point.  What this means is that you can send personal data on a website using TSL, because the information is just going straight from you to them.  It is secure for the entire trip.  However, with an email, you are not sending information straight to one site.  You are sending it from your computer to your email service, let’s say it’s Gmail, to the recipient’s email service, which will then send it to them.  If their email service does not support TSL, your safe, secure and encrypted email carrier will be useless because the email service on the other end is leaving the message unprotected and free for any miscreant to steal. That’s nasty, but we’re only just getting started.

Next is the fact that you have no guarantees that the email is stored online securely. I would trust Google’s or Yahoo’s ability to protect unauthorized access to email stored on their servers (other than the fact that they have applications that read and catalog all of your emails, saving them even after you have deleted them from your mailbox.  Then again, so does the NSA, and most likely the signals intelligence agencies of other countries, like England, Germany, Russia, China, etc.), but as for the hundreds and thousands of other mailbox services set up across the globe, not so much. I don’t trust them at all.  You just cannot expect email to be stored securely anywhere.  That includes in your sent items folder.

Here’s another one:  Got a smartphone?  A tablet?  An email program such as Outlook or Thunderbird on your desktop?  Those are three more places holding copies of your email. Two of these are mobile and are devices that are frequently left unlocked in cafes.  Email is one of these services that advertisers refer to as “cloud-based”, meaning it’s stored somewhere centrally, and automatically “synced” across multiple devices. It’s great for convenience, but it maximizes your areas of risk.

Ever send an email or surf the internet using a café’s Wi-Fi, or any public Wi-Fi spot?  Everybody else connected to that Wi-Fi network has a “trusted” connection with your device.  Computers and mobile devices are initially set up to trust all other devices automatically on the same local network as you.  They do this to make establishing a home network easier, but it means that it’s also easier for people using the same Wi-Fi spot to intercept each other’s web traffic, or even access each other’s devices.  Before you connect to the hotspot at Starbucks, make sure you secure your laptop or mobile device and guard your web traffic by investing in a VPN.  If you don’t now how to restrict access to your laptop or device, or what a VPN is, then those are two tutorials you should look up.  Just don’t do the web search at a public hotpot.

There are several more reasons not to send credit card or personal information via email, but one of the easiest to understand is that it can be illegal!!!  Some states have enacted legislation that makes it a crime to email credit card information.  Arizona, for example, is one of those states.

So be safe with your credit card information, and certainly don’t put other people at risk by sending their credit card or personal information over the internet.  They may not thank you for it, but they won’t chastise you for getting their bank accounts drained by hackers, either!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *