Welcome to WebmasterWorld Guest from 54.162.172.144

Forum Moderators: buckworks

Message Too Old, No Replies

Ever get customers e-mailing you sensitive information?

     
2:11 am on Oct 20, 2009 (gmt 0)

Preferred Member from GB 

5+ Year Member

joined:Sept 29, 2009
posts:442
votes: 16


The mind boggles at some of the stuff I get sent through from customers. SSN's, credit cards (including security codes), bank account information, passwords, the lot.

I always take a minute of my time to try and educate them that they REALLY shouldn't be sending this stuff out.

any nightmare stories?

3:06 am on Oct 20, 2009 (gmt 0)

Preferred Member

joined:Jan 12, 2009
posts:392
votes: 0


No, people almost always phone with this type of info. Even then the hesitation is there in disclosure.
4:24 am on Oct 20, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Jan 7, 2008
posts:176
votes: 0


I've gotten it before. Not the SSN but definitely the whole cc info.

I'm always paranoid that I am going to forget to redact that in my replies. I also try to nicely caution them against sending that info in an email.

5:14 am on Oct 20, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 16, 2007
posts:846
votes: 0


If I had a penny for every time someone mailed me: "Hi my useername is abc and password is xyz" - I'd be rich...
11:28 am on Oct 20, 2009 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3312
votes: 16


There is definitely a subset of the human race who think it necessary to quote their password/pin at the slightest opportunity. That is balanced by the ones who imagine that the Russian mafia will empty their account if they ever use a card on-line.
12:50 pm on Oct 20, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Apr 29, 2007
posts:49
votes: 0


Got Paypal user ID and the password a few years back and full credit card info a few times..
6:24 pm on Oct 20, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Although it's not a "funny" thing . . . still made me chuckle . . . saw an RFP for a project on eLance a few days ago that included FTP access and password. They edited it rather quickly when a kind provider warned them, but still . . .

Yet, at the same time, the FTC is imposing a new act Nov 1 putting the thumbscrews on banks, creditors, and any business that manages sensitive data (see my thread in Professional Webmaster Issues.) Though it's the users that are usually the problem, the responsibility falls on us. So overwhelming . . .

6:54 pm on Oct 20, 2009 (gmt 0)

Full Member

5+ Year Member

joined:Aug 31, 2006
posts:317
votes: 0


Wanna hear a worse story? We had a chargeback, we asked the bank for details of the chargeback. They emailed us the cc#, full billing address all in a PDF in email. YIKES
5:49 am on Oct 21, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 28, 2002
posts: 1763
votes: 0


Less obvious...

When replying to a customer who emails potentially sensitive non-financial info such as telephone # (which may be unlisted) or a residence address, do you delete that info in your response to them?

We do, especially for female customers. I'll replace her phone number (123-456-7890) with 123-nnn-nnnn. We obliterate those numbers even though our shopping cart order confirmation email to her contained the phone and address she entered when placing her order.

What's the best practice for handling such info?

11:05 am on Oct 21, 2009 (gmt 0)

New User

5+ Year Member

joined:Oct 21, 2009
posts:2
votes: 0


Most of my customers are ready to give their contact number. But there was one case where a customer gave his credit card details over email and i had to make sure that the email got purged and no one else got access to it.

Vijay
<snip>

[edited by: engine at 11:15 am (utc) on Oct. 21, 2009]
[edit reason] See WebmasterWorld TOS [/edit]

12:13 pm on Oct 21, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 12, 2006
posts:2545
votes: 42


i used to work for a travel company and they logged the full credit card number, expiry dates and name on the card on every booking. we had call centres up and down the country.. our technical support desk was based in india too. that's hundreds of different employees from all over the place all looking at the bookings and seeing the info.
if anyone had any criminal tendancies they'd be living in their dream world. how would the cops ever trace that? the bookings could have dated back years.
4:05 pm on Oct 21, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3496
votes: 6


Had a person I never met not a customer either but a writer on our article site send me there google log info to me. They had an adsense account I assume maybe more. I never signed into the account but sent him an email to NEVER EVER give that information out to ANYBODY and to change the password ASAP.

Now I know why I continue to get You just won 1 Pa Trillion dollar emails all day long. A Pa Trillion is more than a billion but less than a Ma Trillion

6:48 pm on Oct 22, 2009 (gmt 0)

New User

5+ Year Member

joined:Oct 22, 2009
posts:6
votes: 0


A few years ago at another job i did this sort of thing for a client who was used to getting CC#s via email and was reluctant to change the way he handled them. I insisted that the emails at the least, be encrypted.