Would you send your credit card details by e-mail?

Taz · 16-08-2006, 09:11 AM

I've just been gobsmacked by a conversation I had with my company's travel agent. I'm not going to name the travel agent as they are a global company.

I travel a lot for my job and my admin books my flights through our travel agent. They hold my credit card details in my profile and they charge all my flights directly to my credit card. They then send me an invoice and I use that as a receipt for my expenses to claim the cost of the flight back from my company.

Although that might seem strange, it works well for me as I get loads of BA miles on my BA/AmEx card.

Anyway, i've got a new credit card now and I need to provide the travel agent with my new credit card details. Unfortunately, the only way that they are accepting profile changes is via e-mail! Hence, they are asking me to send full details of the new credit card via e-mail.

Naturally, I refused and they are refusing to update my profile. Am I wrong in refusing to provide details of my credit card via e-mail or are they wrong for being so lax in their IT security procedures? They told me that this process has been approved by their IT and finance departments!

dangel · 16-08-2006, 09:12 AM

Me? Yes - but then i'm covered for fraud anyway so it's not my problemo if things go south

nichomach · 16-08-2006, 09:24 AM

Originally Posted by Taz

They told me that this process has been approved by their IT and finance departments!

Then their IT and finance departments need a swift kick up the arse. The ONLY way that your CC details should be allowed over t'Internet is via a secured, encrypted process, like a secure http (https) session with their web server. Electronic mail is grossly insecure for this purpose. It's plain, unencrypted text which may be stored at any number of mail relays in its path to them. It's practically inviting someone to commit fraud.

Spud1 · 16-08-2006, 09:31 AM

No - i just wouldn't do it. It's not secure, and while the risk is tiny in reality, it's still there, and in todays current culture it wouldnt surprise me if any claims you made over losses were refused due to negligence on your part..

take it up with your employer if you have to

Taz · 16-08-2006, 09:34 AM

Yes, I will take it up with my employer. Originally we were asked to fill in a paper form and that was posted to the travel agent. It now appears that they only accept e-mail.

AmEx will point-blank refuse to honour any claim of fraud if i've been negligent enough to send the information via e-mail.

**directhex** · 16-08-2006, 09:49 AM

Originally Posted by Taz

I've just been gobsmacked by a conversation I had with my company's travel agent. I'm not going to name the travel agent as they are a global company.

I travel a lot for my job and my admin books my flights through our travel agent. They hold my credit card details in my profile and they charge all my flights directly to my credit card. They then send me an invoice and I use that as a receipt for my expenses to claim the cost of the flight back from my company.

Although that might seem strange, it works well for me as I get loads of BA miles on my BA/AmEx card.

Anyway, i've got a new credit card now and I need to provide the travel agent with my new credit card details. Unfortunately, the only way that they are accepting profile changes is via e-mail! Hence, they are asking me to send full details of the new credit card via e-mail.

Naturally, I refused and they are refusing to update my profile. Am I wrong in refusing to provide details of my credit card via e-mail or are they wrong for being so lax in their IT security procedures? They told me that this process has been approved by their IT and finance departments!

email is slightly less secure than a postcard, in terms of keeping details hidden.

anything you wouldn't write on a postcard for everyone at Royal Mail to gawk at, you don't put in email.

SilentDeath · 16-08-2006, 10:14 AM

phone them?

or encrypt the email.

Mike Fishcake · 16-08-2006, 10:56 AM

Do
not
do
it.

mallett · 16-08-2006, 11:01 AM

you should never put any sort of persoanl details in emails as god knows who has access to them, id change travel agents if they dont sort it out

Funkstar · 16-08-2006, 11:10 AM

i had to email or fax credit card info to the US for a subscription to a Banjo magazine (present for my cousin). Used a one time only card number from Cahoot and faxed it across. Not exactly practical for you though

Taz · 16-08-2006, 11:29 AM

I've asked for a fax number that will go to one person at the travel agent (i.e. not a general fax machine sitting by the water dispenser for example). If they can ensure reasonably secure receipt of a fax then i'm happy to do that.

The problem is that this global travel agent is used by my company as the official travel agent. Hence, I cannot just go to another travel agent. Also, they won't accept a profile change over the phone.

My best bet is to just post a letter to them (as I did before), assuming they will accept this but it seems that they *only* accept profile changes via email, which is truly incredible!

Mike Fishcake · 16-08-2006, 11:48 AM

Taz - I seriously think you need to write the company a letter of complaint, and quote several official documents that highlight the insecurity of email, and the gross misinformation that has the potential to endanger the financial details of all of their customers that have used the scheme.

Encouraging someone's customers to email credit card details is surely corporate negligence?

Bazzlad · 16-08-2006, 12:00 PM

Is this a joke?
I'd prefer to find a shaddy looking man in a pub and hand him £100. Don't be dumb.

**Stoo** · 16-08-2006, 12:10 PM

I've done it before, but I've split the details into 3 separate emails, better than nothing, but still not recommended..

**Agent** · 16-08-2006, 12:17 PM

Dont they have anything like PGP ?

Bazzlad · 16-08-2006, 12:26 PM

if it's going to the IT department write it in binary.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)