Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: LifeinAsia
Send the credit card sign up page back to the prospect and ask him to enter the details? Or do I just go ahead and enter the details myself?
Also, do you think it is wise for me to "educate" this guy on the dangers of sending the credit card details by email? Or do I just forget about it?
First you'd have to gain access to an email server (it seems you would either need intercept the emails en-route or gain access to all the accounts on the server... not sure on that point), and then find some efficient way of scanning through the messages looking for 16 digit numbers, and if and when you found a message with a CC number in it, you'd only have one number to show for your efforts.
If you compromise a company's ecommerce system, and can get their online database of client CC numbers, you may spend slightly more time getting in (assuming the company has secured their ecom servers better than the ISP has done with the mail server), but you'll have a huge collection of numbers to show for it if you succeed.
I think the biggest danger of sending CC info by mail is that someone at the receiving end might be snooping on your intended recipient's computer...
But, to actually answer your question -- hehehe -- I'd just input the info he sent you into your processing page yourself.
* broken the number over three e-mails
* spelt out several of the numbers (2 becomes two)
Unless someone was monitoring a mail box I think it would be hard to get to.
I recently had a credit card number used fraudulently, when the person only had the card number, and made their purchase over the phone. I also had a big hassle with a phone bill, when I accidentally entered my boss' visa number with my own billing address on the phone co's online payment form.
The store where my number was used fraudulently did not check the number against any billing info, and neither did the phone company (as my billing address definitely does NOT match my boss' card number)... so ALWAYS use some kind of verification system to check if a CC number actually matches the address/cardholder information given for it.
If you send an email unencrypted, anyone on your local network(university, company, cable modem line), anyone at your ISP(including the intern there for the summer), anyone at the ISP of the company that hosts the recipients mail server, anyone who has access to that mail server, and anyone on your recipients local network or ISP can potentially snoop that data depending on how the network is set up. Thats a potentially long list.
If you've already recieved such an email, fine, use it. On the other hand, using email for credit card transactions is potentially dangerous.
Nothing you can do about that sort of thing except not use any CCs online.
At my company, we had a fradulent telephone transaction where the guy apparently got the CC number off a discarded receipt at a business convention in New York... that woman might never have shopped for anything online in her life, much less emailed her CC info to anyone, but she still got scammed.
Nothing you can do about that sort of thing, except not use any CCs anywhere.
But, as a cardholder, it is a piece of cake to get fraudulent transactions removed from your account, so there's no real benefit in being paranoid. Check your accounts online once a week, and you'll be able to report them even before you get your paper statement. And as a business owner (since they're the ones who get stuck with the losses in most fraudulent transactions) you can check and double check any suspicious orders you receive.
You should be scared if someone's doing this. Normally all they will disclose is the last 4 digits if even that. I would not do business with a company e-mailing out credit card numbers over the internet. I dont email mine out to people I dont accept them from people.
I see all the time clients just emailing me saying 'Charge my card my # is ......' oOoo I tell them stories upon stories. :)
The VISA site includes The Digital Dozen [usa.visa.com] where #4 is "Encrypt data sent across public networks"
If they catch you using email for CCs they will shut off your merchant account.
joined:Jan 27, 2003
>>Also, do you think it is wise for me to "educate" this guy on the dangers of sending the credit card details by email? Or do I just forget about it?
C'mon, do the guy a favour :)
I send a terse email explaining that this is incredibly dumb and pointing them at a fraud info page.