11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

CAN I CAPTURE CUSTOMERS CREDIT CARD DETAILS AND SEND BY EMAIL ?

by M.T.
9 replies
Hi Warriors,

One of my customers websites i set up years ago captures customers credit card details and emails these to him so he can use his offline credit card terminal at the office, The site is secure https but the email is not encrypted.

I have advised him to go for a merchant account or payment gateway or use paypal.

Could someone tell me if they do this, or is this now illegal to do?

thanks

MT

ps: The charges here in the uk for merchant accounts are just a rip off!
#capture #card #credit #customers #details #email #send
  • Profile picture of the author JohnMcCabe
    I'd ditch the open email. Although the likelihood of getting the details ripped off are fairly slim, it only takes one time to create a huge judgment against you, your customer or both of you.

    One option would be to store the details on the secure server, then use a secure method to download them for processing. Here's one way to do it (not an affiliate link):

    The Road

    Not sure why the link reads like that. The name of the application is "Secure View and Remove".
    {{ DiscussionBoard.errors[1203742].message }}
  • Profile picture of the author fifthnormal
    It's bad for two reasons:

    1). It's absolutely a bad idea for security. You're just asking for the credit card data to be stolen. This breaks the credit card industry's security rules.
    2.) It's against the credit card company rules. In essence, you are cheating them to get a lower rate by deceiving them into thinking the cards are processed on site rather than through the more risky internet.

    Daniel
    {{ DiscussionBoard.errors[1203785].message }}
    • Profile picture of the author marciayudkin
      This is absolutely against Visa, Mastercard and American Express rules, with big fines imposed if you are caught doing this. (Read your latest merchant account regulations for details.)

      It also contains the seeds of ruin for your customer's business. If there's just one security incident, the business MUST notify all of its customers about the breach.

      Imagine having to confess to your customers that you were sending their credit card details by email!

      Last year, one of my colleagues had a laptop stolen that contained customer credit card info on it and had to notify everyone who had purchased from her of this. It made her look bad.

      In fact, the credit card security requirements and fines have gotten so stringent that I made the decision never to store any customer credit card information (or Social Security Numbers) on my computer or in an unlocked file cabinet in my office for any reason at all.

      IT'S JUST NOT WORTH IT.

      Marcia Yudkin
      Signature
      Check out Marcia Yudkin's No-Hype Marketing Academy for courses on copywriting, publicity, infomarketing, marketing plans, naming, and branding - not to mention the popular "Marketing for Introverts" course.
      {{ DiscussionBoard.errors[1203811].message }}
  • Profile picture of the author Emily Meeks
    With this age of identity theft, I wouldn't do it. Say somebody hacked into his system and stole all those credit card numbers - he'd get shut down at the very very least.

    Not to mention, this method is probably costing a lot of money, as most people don't like entering their credit card numbers anywhere anymore.
    Signature

    In all that you do, know your True INTENT...

    {{ DiscussionBoard.errors[1203791].message }}
  • Profile picture of the author M.T.
    Hey,

    Thanks Guys for Your Help And Advice.

    Yes just as i thought it would be breaking visa,s terms and conditions.

    When dealing with some clients it is hard to explain these things without it looking like you are trying to charge more money because they need a addon service.

    MT
    Signature
    - Coaching Newbies -

    1000's Of PLR Ebooks And Products
    {{ DiscussionBoard.errors[1203871].message }}
  • Profile picture of the author AmyBrown
    I would think it would be harder to explain why it was setup like that in the first place. In any case, I'd document that you brought the security issue to their attention. Personally, if they refuse to change the process I wouldn't have anything further to do with the account.
    Signature
    "Test fast, fail fast, adjust fast."
     Tom Peters

    {{ DiscussionBoard.errors[1203915].message }}
  • Profile picture of the author M.T.
    Hi Amy,

    The website i host for my customer already had this shopping cart feature built into the software.

    The good new is he now has agreed to go with a secondary authorization payment process.

    The bad new is he cant use the same shopping cart..........

    MT
    Signature
    - Coaching Newbies -

    1000's Of PLR Ebooks And Products
    {{ DiscussionBoard.errors[1208320].message }}
  • Profile picture of the author HomeComputerGames
    I believe there is a fine up to $20,000,000 in some circumstances. Read the fine print on the merchant agreement.

    Might want to have a read:
    https://www.pcisecuritystandards.org/
    PCI FAQ

    PS: If you are hosting for this person you can be held liable for some types of thefts.
    In some U.S. States being PCI Compliant is law.
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[1208327].message }}
  • Profile picture of the author Richard Tunnah
    If you're in the UK then they're probably going against data protection act which requires secure storage of customers private info including name, address, credit card details etc. You really don't want the UK government on your case.
    Lastly I see no reason why anyone needs to do this. Most merchant providers now provide secure online order systems or there's loads of online merchant providers.

    Rich
    {{ DiscussionBoard.errors[1208338].message }}

Trending Topics