Collecting payment information is part and parcel for business, but giving your customers no choice but to email you their credit card information is incredibly risky. In this post, we explain why.
The Risks of Emailing Credit Card Information
❎ Legal and Compliance Issues
Sending credit card information via email may violate legal and compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS), leading to potential legal repercussions.
❎ Lack of Encryption
Standard email communication is not inherently encrypted, so the contents of emails, like your customer's credit card number, can potentially be intercepted and read by cybercriminals during transmission.
❎ Data Breaches
Email servers can be vulnerable to data breaches, and if yours is compromised, hackers can gain access to the email accounts and the information contained within them.
❎ Phishing Attacks
Phishing emails may appear to be from legitimate sources, but they are designed to deceive and steal information, especially credit card information. customers may accidentally get phished if they're used to seeing credit card requests emailed from you. Even worse, the attack email may appear to be coming from you.
❎ Unintended Recipients
It's really easy to accidentally send emails to the wrong person (by both you and your customers). You don't want sensitive information getting in the wrong hands.
❎ Lack of Control
Once you send an email, you lose control over how it's handled and where it's stored. It could be stored indefinitely on multiple servers, increasing the chances of unauthorized access over time.
❎ Extended Storage
Emails are often stored for extended periods of time by both the sender and the recipient, as well as any email service providers involved. This extended storage increases the window of opportunity for cybercriminals to access the information.
Sertifi's Secure Online Portal
Sertifi provides a secure, PCI-compliant portal from which to request and receive payment details.
Here are some benefits you can expect:
✅ PCI Compliance
Sertifi is a validated PCI Compliance Level 1 service provider. For example, per PCI DSS mandates, Sertifi does not store verification codes like CVVs for increased protection.
✅ Tokenization & Unmasking
Every card number, expiration date, and type gets tokenized for protection, and only select staff members can unmask the information when needed.
✅ Custom-Branded Communications
customers know your custom-branded Sertifi emails are safe to respond to and get redirected to a secure payment form directly in Sertifi.
