Why Sending Credit Card Info via Email Is Risky

Collecting payment information is part and parcel for business, but giving your customers no choice but to email you their credit card information is bad for business. Sending credit card info via email is incredibly risky, and you shouldn't expect it of your customers. In this post, we break down the risks and how to mitigate them.

Is it safe to email credit card info? No – here's why:

❎ Legal and Compliance Issues

There is no such thing as a PCI compliant email. PCI DSS requirement 4.2 states that credit card information must not be captured, transmitted, or stored via email. Violating these terms can result in potential legal repercussions and fines up to $100k per month.

❎ Lack of Encryption

Standard email communication is not inherently encrypted, so the contents of emails, like your customer's credit card number, can potentially be intercepted and read by cybercriminals during transmission.

❎ Data Breaches

Email servers can be vulnerable to data breaches, and if yours is compromised, hackers can gain access to the email accounts and the information contained within them.

❎ Phishing Attacks

Phishing emails may appear to be from legitimate sources, but they are designed to deceive and steal information, especially credit card information. customers may accidentally get phished if they're used to seeing credit card requests emailed from you. Even worse, the attack email may appear to be coming from you.

❎ Unintended Recipients

It's really easy to accidentally send emails to the wrong person (by both you and your customers). You don't want sensitive information getting in the wrong hands.

❎ Lack of Control

Once you send an email, you lose control over how it's handled and where it's stored. It could be stored indefinitely on multiple servers, increasing the chances of unauthorized access over time.

❎ Extended Storage

Emails are often stored for extended periods of time by both the sender and the recipient, as well as any email service providers involved. This extended storage increases the window of opportunity for cybercriminals to access the information.

Sertifi's Secure Online Portal

Sertifi provides a secure, PCI-compliant portal from which to collect credit card information securely.

Here are some benefits you can expect:

✅ PCI Compliance

Sertifi is a validated PCI Compliance Level 1 service provider. For example, per PCI DSS mandates, Sertifi does not store verification codes like CVVs for increased protection.

✅ Tokenization & Unmasking

Every card number, expiration date, and type gets tokenized for protection, and only select staff members can unmask the information when needed.

✅ Custom-Branded Communications

customers know your custom-branded Sertifi emails are safe to respond to and get redirected to a secure payment form directly in Sertifi.