Welcome to WebmasterWorld Guest from 54.226.246.160

Forum Moderators: buckworks

Message Too Old, No Replies

Ever get customers e-mailing you sensitive information?

     

ChanandlerBong

2:11 am on Oct 20, 2009 (gmt 0)

5+ Year Member



The mind boggles at some of the stuff I get sent through from customers. SSN's, credit cards (including security codes), bank account information, passwords, the lot.

I always take a minute of my time to try and educate them that they REALLY shouldn't be sending this stuff out.

any nightmare stories?

MrHard

3:06 am on Oct 20, 2009 (gmt 0)



No, people almost always phone with this type of info. Even then the hesitation is there in disclosure.

rachel123

4:24 am on Oct 20, 2009 (gmt 0)

5+ Year Member



I've gotten it before. Not the SSN but definitely the whole cc info.

I'm always paranoid that I am going to forget to redact that in my replies. I also try to nicely caution them against sending that info in an email.

caribguy

5:14 am on Oct 20, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



If I had a penny for every time someone mailed me: "Hi my useername is abc and password is xyz" - I'd be rich...

piatkow

11:28 am on Oct 20, 2009 (gmt 0)

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



There is definitely a subset of the human race who think it necessary to quote their password/pin at the slightest opportunity. That is balanced by the ones who imagine that the Russian mafia will empty their account if they ever use a card on-line.

jpman

12:50 pm on Oct 20, 2009 (gmt 0)

5+ Year Member



Got Paypal user ID and the password a few years back and full credit card info a few times..

rocknbil

6:24 pm on Oct 20, 2009 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Although it's not a "funny" thing . . . still made me chuckle . . . saw an RFP for a project on eLance a few days ago that included FTP access and password. They edited it rather quickly when a kind provider warned them, but still . . .

Yet, at the same time, the FTC is imposing a new act Nov 1 putting the thumbscrews on banks, creditors, and any business that manages sensitive data (see my thread in Professional Webmaster Issues.) Though it's the users that are usually the problem, the responsibility falls on us. So overwhelming . . .

ssgumby

6:54 pm on Oct 20, 2009 (gmt 0)

5+ Year Member



Wanna hear a worse story? We had a chargeback, we asked the bank for details of the chargeback. They emailed us the cc#, full billing address all in a PDF in email. YIKES

jsinger

5:49 am on Oct 21, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Less obvious...

When replying to a customer who emails potentially sensitive non-financial info such as telephone # (which may be unlisted) or a residence address, do you delete that info in your response to them?

We do, especially for female customers. I'll replace her phone number (123-456-7890) with 123-nnn-nnnn. We obliterate those numbers even though our shopping cart order confirmation email to her contained the phone and address she entered when placing her order.

What's the best practice for handling such info?

vijaysub

11:05 am on Oct 21, 2009 (gmt 0)

5+ Year Member



Most of my customers are ready to give their contact number. But there was one case where a customer gave his credit card details over email and i had to make sure that the email got purged and no one else got access to it.

Vijay
<snip>

[edited by: engine at 11:15 am (utc) on Oct. 21, 2009]
[edit reason] See WebmasterWorld TOS [/edit]

londrum

12:13 pm on Oct 21, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



i used to work for a travel company and they logged the full credit card number, expiry dates and name on the card on every booking. we had call centres up and down the country.. our technical support desk was based in india too. that's hundreds of different employees from all over the place all looking at the bookings and seeing the info.
if anyone had any criminal tendancies they'd be living in their dream world. how would the cops ever trace that? the bookings could have dated back years.

bwnbwn

4:05 pm on Oct 21, 2009 (gmt 0)

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Had a person I never met not a customer either but a writer on our article site send me there google log info to me. They had an adsense account I assume maybe more. I never signed into the account but sent him an email to NEVER EVER give that information out to ANYBODY and to change the password ASAP.

Now I know why I continue to get You just won 1 Pa Trillion dollar emails all day long. A Pa Trillion is more than a billion but less than a Ma Trillion

sabrok

6:48 pm on Oct 22, 2009 (gmt 0)

5+ Year Member



A few years ago at another job i did this sort of thing for a client who was used to getting CC#s via email and was reluctant to change the way he handled them. I insisted that the emails at the least, be encrypted.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month