Is there a reasonably safe way to transmit a credit card number by e-mail without registering with and paying a commercial anonymizer service? Would sending partial numbers in multiple e-mails, maybe from different accounts, work? Or is it really like writing it on a postcard and dropping it in a mailbox?
Get http://www.pgp.com/products/personal/index.html PGP to encrypt your email, and get the person you’re sending the credit card number to to install PGP as well. Then just exchange keys with them, and encrypt your credit card number with their public key. They will be the only person who will be able to decrypt the email.
As Joe Random says, that’s free, but it’s not that easy, especially if you’re a novice. Expecting a merchant to install PGP is not unreasonable, but a merchant expecting customers to have PGP is.
So, the deal is, the onus should be on the merchant to make life easy (and secure) for their customers. This involves running a website that can accept data via a SSL connection (ie, encrypted) (indicated by the padlock icon on your status bar), and having a certificate issued by a respected provider (such as Thawte).
This is neither cheap nor easy for most merchants, especially smaller ones, to do this, tho there are companies out there that offer “one stop solutions”. It’s unfortunate that the internet is promoted as a free boon to merchants, when the truth is that like pretty much anything in life, you have to spend money to make money.
Your simile of emailing CC info being like dropping a postcard in a mailbox is a very good one. The chances (these days more than ever) of one particular person reading the specific postcard you sent on a certain day (as opposed to that person reading all the other mail out there) is very slim - there’s safety in numbers. So, if everyone started sending CC numbers through email, there’d be more fraud as a whole, but your chances of being caught (as an offender or a victim, ironically) are no greater.
You could fragment the CC number, and send from different accounts, but if someone can be bothered snooping you, it’s likely they’d do a decent job, and monitor all your accounts. This is paranoid talk, but why risk it?
Even more ironically, customers have absolute 100% protection from credit card fraud, so you have nothing to worry about anyway. If the merchant who runs the transaction does not have your signature on the chit, his bank simply takes the money away from him, and credits it back to the customer, leaving the merchant shit out of luck, cos 60 days later when the card holder sees they have been ripped off, the merchant has well and truly shipped the goods (another hidden expense of doing biz in the net).
For the geeks among us, soon, this will change, when all CC’s are assigned PINs and as a customer, you have to use your PIN as well as the CC# to buy. As a busy web merchant who has to deal with fraud every day, I say, bring it on!
Hope this helps understand the theory behind it, if it does not solve your particular problem.
abby
Ooops, of course, I meant that the merchant is shit out of luck if the legit card holder queries the amount with their bank. I am sure that plenty gets thru where the original card holder never notices.
abby
I have PGP but I find most people cannot be bothered. The easiest thing is to use the phone or fax to send the number as this is reasonably secure but if you want to use email AND cannot use encryption the, this is what I have done on ocassion: Suppose I need to send a 16 digit credit card number. First I disguise it in any way. I can add numbers at the beginning or the end. I can make up a list of 18 phone numbers and the last digits of the first 16 are the coded number etc. Then I make that a Graphic file (BMP, GIF, whatever) and send it with no instructions. Just a note saying “here is the information you need”. If you are paranoid enough you can do half the numbers from one email account and half from another. Then, from a different email account and to a different email account I send a message saying “the information is composed of the last digits of the first 16 numbers”. You can make this second message a graphic too.
Are you asking about a single, one-time exchange, or become a true merchant? If you do this regularly and with various people, it may be worth your time to setup Apache and SSL encryption (like a merchant would use) on your computer or a paid host. Create a simple PHP form (not PGP - don’t let the simularity confuse you) and you have simple, secure communication without having to make other people install PGP and whatnot.
Also single-use credit card numbers exist from some of the larger banks. For example, Citi will give you a one-time use credit card number. It could be intercepted in unencrypted email, and if the thief is fast enough they could use it before you, but you’d only be limited to the $50 liability (and I think Citi even waives that), and it only works a single time. In practical terms, though, once you receive the number you’re going to use it right away, pretty much meaning it won’t do a potential thief any good.
One technique I have seen recommended is to insert random alpha characters among the digits of your card number, as in
1R5B3Q7 8T6H5F0 3U1Q9P9 1V2Y7L5
Most programs which are used to sniff out card numbers from email are looking for a pattern of 16 numbers in a row, and would miss this pattern. It is then an easy matter for the recipient to remove the letters and have your card number.
Not 100% safe, but better than sending the number by itself.
I recommend you use PayPal or some other similar service. Much safer.
The problem with most schemes proposed in the OP is that all the emails sent, even from different accounts, all end up on the same server at the other end. And whoever has admin permissions (or can crack into it) can access all the emails, including the one with the decoding instructions, and get the number.
None of the methods proposed in the OP are at all safe. I would go with PGP first and foremost. Then next would be multichannel. Some info via phone/fax for example (as others have suggested).
And if the person at the other end doesn’t want to bother helping you protect your credit card info, this is A Very Bad Sign.
Why are you sending credit card information via email in the first place?
If this is a transaction, why are you not using a secure web site, or just contacting the merchant over the phone and providing the credit card number?
Oh for gosh sakes, sending your credit card number through email is by far safer than handing it to a nameless waiter in a restaurant. Among the many risks of identity theft, emailed credit card numbers have to be among the safest.
[sub]Now I’m just waiting for one of you to say, “Oh, I never give my credit card to waiters.” Right. [/sub]
Can anyone provide a cite for a case in which someone committed credit card fraud with a card number intercepted from e-mail? I think you have a much better chance of having your card number stolen by a waiter you hand it to in a restaurant than by sending it through e-mail.
How would someone intercept an e-mail with a CC number? Billions of e-mails are sent every day. How would anyone know which one had CC info? Sure you might be able to conceive of an algorithm that searched for strings of 16 digits, but how many false alarms would that pull up? How many false charges can you attempt before you call attention to yourself?
I just don’t think sending CC info by e-mail is a real security problem. And I have real world experience to back up the claim. I accept credit cards for payment of the newsletter I publish, and over the past six years dozens of people have paid by credit card via e-mail. No reported problems. Yes, it’s a small and anecdotal sample. But I think it’s more concrete than the opposite claim.
Yes and no. I agree with you and commasense that having an email intercepted in route is fairly unlikely and, in answer to commasense’s question, I can’t provide any cases where this has been a means of credit card fraud. However, I think the blanket statement that sending your credit card info by email is safer than handing the card to a waiter ignores the real vulnerabilities.
The waiter is going to run your card and hand it back, and pretty much has to decide right then whether to steal from you. In many cases, the merchant will still have your credit card number on a receipt but, unlike online merchants, the credit card number is fairly unlikely to go into permanent electronic storage. Online merchants save your email and archive it with every backup. They plug your credit card number into their accounting system and it then resides in their database forever (or until the next catastrophic crash). In many cases, these databases are not sufficiently firewalled, much less air-gapped, from the Internet, and outsiders are able to gain access. This is the real vulnerability for online merchants because no smart criminal is going to bother sniffing individual emails when he can crack a back-end db and get thousands of digits in one fell swoop.
If the merchant you’re dealing with is not technically savvy enough to make secure transmission of your data transparent to you (e.g. by using SSL), then I’d worry about their ability and committment to protect your data once they’ve got it. Granted, running an SSL server doesn’t guarantee they’re doing the back-end right, but if they’re not running SSL, it’s a good bet they’re loose about the rest of the process too. With that in mind, I’d recommend a one-time credit card number or a service like PayPal so the merchant’s lack of security doesn’t pose an ongoing threat.
Not if you send the emails TO different accounts. Send half the information to a POP3 account in graphic form and the other half to a web-based account, also in graphic form, and you are pretty safe.
Safety is a relative thing but, as has been said, compared to handing your card to waiters and store clerks this is extremely safe.
I would not buy from a merchant who did not provide a secure means of communication but I have been in the situation of having to supply sensitive information (not necessarily credit card numbers) to some private person around the world. Just a couple weeks ago I needed to give some banking information to someone who was traveling and I could not reach by phone. I just sent half and half in graphic form from/to different email accounts and it is reasonably safe.
I have and use PGP but I find most people do not want to bother installing and learning PGP for a one time event.
(Regarding sending via two accounts in the OP.)
Huh? So the person at the other end needs two email accounts? And has to avoid saving both emails to his local network server, and … .
Doesn’t sound plausible or safe to me.
I’m not talking McDonalds here, I’m talking restaurants where the waiter brings your check in a leather folder and takes it away with your credit card. He returns 5-10 minutes later with a receipt to sign. Anything can happen in those 10 minutes, but few people worry about it. I don’t worry about people spying on my email either.
That’s exactly what I was talking about. The waiter has your card in his sole possession, but only for a matter of minutes. He can easily steal it, but that means stealing cards one at a time while supposedly involved in other tasks. That’s much riskier and much lower return than cracking the accounting db to get thousands of card numbers in one pass. That waiter can easily steal your number and I’m not trying to say that transaction is very secure. I’m just saying that if the waiter wants to steal card numbers, he’d quit his job as a waiter and become a peon clerk at a web merchant and wait for an opportunity to glom the whole db.
The point (at least in context of this thread) is that getting your credit card number to the merchant is only one link in the chain, and if the merchant is making you jump through hoops to get that first step done properly, it probably means all the other steps in his process are shoddy too. The OP’s question has been answered by the fact that email is relatively safe due to volume and can easily be made safer still by encryption. However, if the OP thinks “email is safe” == “transaction is safe”, he’s ignoring the vulnerabilities that actually get exploited in the real world.
Yeah, like most waiters have the technical expertise to do that. Here on the SDMB, we tend to forget that there is still a significant portion of the population with no computer experience whatsoever.
C’mon, if you want to find fault with my opinions, at least be reasonable. Do you think that every person who works for a dot-com is a technical genius? Do you think they don’t have secretaries, receptionists, mailclerks, and janitors who don’t know their keyboard from a tea tray? Do you think that technical companies who can’t bother to set up an SSL website or provide a convenient mechanism for sending secure info are going to bother with locking out-of-use terminals, securing physical backups, or shredding db reports? I work as a consultant for these companies, and I’ve seen countless instances where a minimum-wage low-skill employee could walk off with the entire contents of the database without needing to know anything more than how to recognize a valuable printout or save an open file to a disk on an unattended PC.
No. The safest thing is to avoid having credit cards and just live in a cave.
Two email accounts? I think I don’t know anybody who does not have at least two email accounts. Network server? What network server? I just told you I used this method to send information to a friend who was traveling. She got one email on her POP3 account one day in one city and the other email using her browser from another city and using dial-up on both ocassions. What are the chances of both being intercepted?
And, if someone has installed spying software in your computer then all the encryption in the world isn’t going to do you any good. We are talking transmission on the internet, not whether your boss or your husband are snooping on you.
Lets consider if she had been in her office. First you need some bad guy searching for information. He has to check all the attachments personally and visually because I sent it as a graphic attachment. Now he sees ten digits and no other comment. What are the chances he will figure these are the ten last digits of a credit card and not a phone number or something else? Suppose he figure something interesting is at hand. Now he has to scan every other email and every single web page that person has visited and try to make the connection when he sees a few other numbers. You really think that is at all probable? The chances of that happening are infinitesimal when compared to your chances of being mugged or the chances of your credit card number being stolen a thousand other ways. Let’s get real.