homepage Welcome to WebmasterWorld Guest from 54.205.207.53
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
Ever get customers e-mailing you sensitive information?
ChanandlerBong

5+ Year Member



 
Msg#: 4009798 posted 2:11 am on Oct 20, 2009 (gmt 0)

The mind boggles at some of the stuff I get sent through from customers. SSN's, credit cards (including security codes), bank account information, passwords, the lot.

I always take a minute of my time to try and educate them that they REALLY shouldn't be sending this stuff out.

any nightmare stories?

 

MrHard



 
Msg#: 4009798 posted 3:06 am on Oct 20, 2009 (gmt 0)

No, people almost always phone with this type of info. Even then the hesitation is there in disclosure.

rachel123

5+ Year Member



 
Msg#: 4009798 posted 4:24 am on Oct 20, 2009 (gmt 0)

I've gotten it before. Not the SSN but definitely the whole cc info.

I'm always paranoid that I am going to forget to redact that in my replies. I also try to nicely caution them against sending that info in an email.

caribguy

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4009798 posted 5:14 am on Oct 20, 2009 (gmt 0)

If I had a penny for every time someone mailed me: "Hi my useername is abc and password is xyz" - I'd be rich...

piatkow

WebmasterWorld Senior Member piatkow us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4009798 posted 11:28 am on Oct 20, 2009 (gmt 0)

There is definitely a subset of the human race who think it necessary to quote their password/pin at the slightest opportunity. That is balanced by the ones who imagine that the Russian mafia will empty their account if they ever use a card on-line.

jpman

5+ Year Member



 
Msg#: 4009798 posted 12:50 pm on Oct 20, 2009 (gmt 0)

Got Paypal user ID and the password a few years back and full credit card info a few times..

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4009798 posted 6:24 pm on Oct 20, 2009 (gmt 0)

Although it's not a "funny" thing . . . still made me chuckle . . . saw an RFP for a project on eLance a few days ago that included FTP access and password. They edited it rather quickly when a kind provider warned them, but still . . .

Yet, at the same time, the FTC is imposing a new act Nov 1 putting the thumbscrews on banks, creditors, and any business that manages sensitive data (see my thread in Professional Webmaster Issues.) Though it's the users that are usually the problem, the responsibility falls on us. So overwhelming . . .

ssgumby

5+ Year Member



 
Msg#: 4009798 posted 6:54 pm on Oct 20, 2009 (gmt 0)

Wanna hear a worse story? We had a chargeback, we asked the bank for details of the chargeback. They emailed us the cc#, full billing address all in a PDF in email. YIKES

jsinger

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4009798 posted 5:49 am on Oct 21, 2009 (gmt 0)

Less obvious...

When replying to a customer who emails potentially sensitive non-financial info such as telephone # (which may be unlisted) or a residence address, do you delete that info in your response to them?

We do, especially for female customers. I'll replace her phone number (123-456-7890) with 123-nnn-nnnn. We obliterate those numbers even though our shopping cart order confirmation email to her contained the phone and address she entered when placing her order.

What's the best practice for handling such info?

vijaysub

5+ Year Member



 
Msg#: 4009798 posted 11:05 am on Oct 21, 2009 (gmt 0)

Most of my customers are ready to give their contact number. But there was one case where a customer gave his credit card details over email and i had to make sure that the email got purged and no one else got access to it.

Vijay
<snip>

[edited by: engine at 11:15 am (utc) on Oct. 21, 2009]
[edit reason] See WebmasterWorld TOS [/edit]

londrum

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4009798 posted 12:13 pm on Oct 21, 2009 (gmt 0)

i used to work for a travel company and they logged the full credit card number, expiry dates and name on the card on every booking. we had call centres up and down the country.. our technical support desk was based in india too. that's hundreds of different employees from all over the place all looking at the bookings and seeing the info.
if anyone had any criminal tendancies they'd be living in their dream world. how would the cops ever trace that? the bookings could have dated back years.

bwnbwn

WebmasterWorld Senior Member bwnbwn us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4009798 posted 4:05 pm on Oct 21, 2009 (gmt 0)

Had a person I never met not a customer either but a writer on our article site send me there google log info to me. They had an adsense account I assume maybe more. I never signed into the account but sent him an email to NEVER EVER give that information out to ANYBODY and to change the password ASAP.

Now I know why I continue to get You just won 1 Pa Trillion dollar emails all day long. A Pa Trillion is more than a billion but less than a Ma Trillion

sabrok

5+ Year Member



 
Msg#: 4009798 posted 6:48 pm on Oct 22, 2009 (gmt 0)

A few years ago at another job i did this sort of thing for a client who was used to getting CC#s via email and was reluctant to change the way he handled them. I insisted that the emails at the least, be encrypted.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved