Credit Card Security: Why Emailing Information Is Risky

Collecting payment information is part and parcel for business, but giving your guests no choice but to email you their credit card information is incredibly risky. In this post, we explain why.

The Risks of Emailing Credit Card Information

❎ Legal and Compliance Issues

Sending credit card information via email may violate legal and compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS), leading to potential legal repercussions.

❎ Lack of Encryption

Standard email communication is not inherently encrypted, so the contents of emails, like your guest's credit card number, can potentially be intercepted and read by cybercriminals during transmission.

❎ Data Breaches

Email servers can be vulnerable to data breaches, and if yours is compromised, hackers can gain access to the email accounts and the information contained within them.

❎ Phishing Attacks

Phishing emails may appear to be from legitimate sources, but they are designed to deceive and steal information, especially credit card information. Guests may accidentally get phished if they're used to seeing credit card requests emailed from you. Even worse, the attack email may appear to be coming from you.

❎ Unintended Recipients

It's really easy to accidentally send emails to the wrong person (by both you and your guests). You don't want sensitive information getting in the wrong hands.

❎ Lack of Control

Once you send an email, you lose control over how it's handled and where it's stored. It could be stored indefinitely on multiple servers, increasing the chances of unauthorized access over time.

❎ Extended Storage

Emails are often stored for extended periods of time by both the sender and the recipient, as well as any email service providers involved. This extended storage increases the window of opportunity for cybercriminals to access the information.

Sertifi's Secure Online Portal

Sertifi provides a hotels a secure, PCI-compliant portal from which to request and receive payment details.

Here are some benefits you can expect:

✅ PCI Compliance

Sertifi is a validated PCI Compliance Level 1 service provider. For example, per PCI DSS mandates, Sertifi does not store verification codes like CVVs for increased protection.

✅ Tokenization & Unmasking

Every card number, expiration date, and type gets tokenized for protection, and only select staff members can unmask the information when needed.

✅ Custom-Branded Communications

Guests know your custom-branded Sertifi emails are safe to respond to and get redirected to a secure payment form directly in Sertifi.

✅ Integration to Travel Management Companies

Sertifi offers a free e-confirmations portal to hotels, from which you can instantly and securely receive a traveler's payment information from travel providers at no cost to you. More and more providers are signing up to make this process more secure and convenient for everyone involved, eager to take email and fax out of the equation.