3

I had hired a shipping company and now they want me to send my Visa Card information by email to pay them. The method of payment was never discussed prior to them shipping my boxes. They did a good job and I want to pay them but I'm concerned sending my credit card information by email is unsafe. Are my concerns founded? Would telling them the information over the phone be any safer?

SamK
  • 31
  • 1
  • 2
  • Yes, the phone would be a lot safer. In case they insist on email, it would be good to make sure what email is definitely the right one. Once the details are sent by email, and similarly on other occasions, it would be good to get new card within 6 months, like not keeping the same for next 2 years. – Aria Sep 09 '16 at 20:43
  • It would be preferable if the person had PayPal or something. You shouldn't send info over email, and preferably not phone calls either. – cutrightjm Sep 09 '16 at 20:48
  • depends on the email(s); gmail to gmail is fairly secure... – dandavis Sep 09 '16 at 20:54
  • i would link them to a place where they can fetch the info, then delete it asap. or you could meet up with them on something like https://nadachat.com and use chat to send them the PW without logging anything – dandavis Sep 09 '16 at 21:25

2 Answers2

6

It is a violation of their merchant agreement

All credit card merchants are required to conform to PCI-DSS which spells out rules for handing credit card data. If you check the PCI DSS standards, you'll find the following:

Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.).

(The "PAN" is the CC number, a.k.a. Primary Account Number).

They should not be asking you to send credit card information over email if they are a legitimate authorized merchant.

See also this answer.

See also this PCI DSS cheat sheet (check the sidebar on page 2).

If the vendor loses PCI-DSS compliance (and you can lodge a complaint and possibly trigger a painful PCI-DSS audit by calling Visa corporation) then they will lose their ability to process credit card transactions.

P.S. No, it's not safe.

Community
  • 1
John Wu
  • 9,101
  • 1
  • 28
  • 39
1

No. Is not safe.

If you already payed using an online payment service and they need to confirm that you are that person you cans send a picture of your credit card but: - send picture with only the front side that contains the card number and - cover the card number without the last 4 digits

You should not provide any information that could be used in a malicious way like full credit card number + ccv/cvc or other details like pin number.

If you have any trust issues then you should consider using another payment type, like bank transfer.

Using the phone would make it "safer", but this means that you trust the person over the phone.

That person may use a sticky note/paper to note your details and i think is not necessary to develop what could happen.

No one should be able to use the card if they don't have the proper credentials and no one should have your card credentials.

lauda
  • 136
  • 1
  • 8