homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

Ever get customers e-mailing you sensitive information?

 2:11 am on Oct 20, 2009 (gmt 0)

The mind boggles at some of the stuff I get sent through from customers. SSN's, credit cards (including security codes), bank account information, passwords, the lot.

I always take a minute of my time to try and educate them that they REALLY shouldn't be sending this stuff out.

any nightmare stories?



 3:06 am on Oct 20, 2009 (gmt 0)

No, people almost always phone with this type of info. Even then the hesitation is there in disclosure.


 4:24 am on Oct 20, 2009 (gmt 0)

I've gotten it before. Not the SSN but definitely the whole cc info.

I'm always paranoid that I am going to forget to redact that in my replies. I also try to nicely caution them against sending that info in an email.


 5:14 am on Oct 20, 2009 (gmt 0)

If I had a penny for every time someone mailed me: "Hi my useername is abc and password is xyz" - I'd be rich...


 11:28 am on Oct 20, 2009 (gmt 0)

There is definitely a subset of the human race who think it necessary to quote their password/pin at the slightest opportunity. That is balanced by the ones who imagine that the Russian mafia will empty their account if they ever use a card on-line.


 12:50 pm on Oct 20, 2009 (gmt 0)

Got Paypal user ID and the password a few years back and full credit card info a few times..


 6:24 pm on Oct 20, 2009 (gmt 0)

Although it's not a "funny" thing . . . still made me chuckle . . . saw an RFP for a project on eLance a few days ago that included FTP access and password. They edited it rather quickly when a kind provider warned them, but still . . .

Yet, at the same time, the FTC is imposing a new act Nov 1 putting the thumbscrews on banks, creditors, and any business that manages sensitive data (see my thread in Professional Webmaster Issues.) Though it's the users that are usually the problem, the responsibility falls on us. So overwhelming . . .


 6:54 pm on Oct 20, 2009 (gmt 0)

Wanna hear a worse story? We had a chargeback, we asked the bank for details of the chargeback. They emailed us the cc#, full billing address all in a PDF in email. YIKES


 5:49 am on Oct 21, 2009 (gmt 0)

Less obvious...

When replying to a customer who emails potentially sensitive non-financial info such as telephone # (which may be unlisted) or a residence address, do you delete that info in your response to them?

We do, especially for female customers. I'll replace her phone number (123-456-7890) with 123-nnn-nnnn. We obliterate those numbers even though our shopping cart order confirmation email to her contained the phone and address she entered when placing her order.

What's the best practice for handling such info?


 11:05 am on Oct 21, 2009 (gmt 0)

Most of my customers are ready to give their contact number. But there was one case where a customer gave his credit card details over email and i had to make sure that the email got purged and no one else got access to it.


[edited by: engine at 11:15 am (utc) on Oct. 21, 2009]
[edit reason] See WebmasterWorld TOS [/edit]


 12:13 pm on Oct 21, 2009 (gmt 0)

i used to work for a travel company and they logged the full credit card number, expiry dates and name on the card on every booking. we had call centres up and down the country.. our technical support desk was based in india too. that's hundreds of different employees from all over the place all looking at the bookings and seeing the info.
if anyone had any criminal tendancies they'd be living in their dream world. how would the cops ever trace that? the bookings could have dated back years.


 4:05 pm on Oct 21, 2009 (gmt 0)

Had a person I never met not a customer either but a writer on our article site send me there google log info to me. They had an adsense account I assume maybe more. I never signed into the account but sent him an email to NEVER EVER give that information out to ANYBODY and to change the password ASAP.

Now I know why I continue to get You just won 1 Pa Trillion dollar emails all day long. A Pa Trillion is more than a billion but less than a Ma Trillion


 6:48 pm on Oct 22, 2009 (gmt 0)

A few years ago at another job i did this sort of thing for a client who was used to getting CC#s via email and was reluctant to change the way he handled them. I insisted that the emails at the least, be encrypted.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved