Is it safe to email credit card info?
January 27, 2010 1:26 PM   Subscribe

Is it safe to send credit card info by email to Asia? The intended recipient is totally trustworthy; it's hackers I'm worried about.
posted by yarly to Computers & Internet (22 answers total) 2 users marked this as a favorite
 
Could you be a little more specific? If you're referring to the actual number, then no. Never, ever email your credit card number in plaintext to anyone, ever.
posted by griphus at 1:29 PM on January 27, 2010


Sending credit card information by email is never safe.

You could put the relevant info into a .txt file and then encrypt that with something like TrueCrypt to prevent it from being opened. Of course, you'd also need to communicate the means to open the encrypted file to your intended recipient.

Is email your only form of contact? I think Skype has ways to encrypt its communication, so you could "call" your recipient that way.
posted by Lifeson at 1:32 PM on January 27, 2010


Agreed, never email it in plaintext. Why not open up a Skype phone call and transmit it verbally?
posted by camworld at 1:32 PM on January 27, 2010


No. This is never OK, regardless of recipient.
posted by odinsdream at 1:35 PM on January 27, 2010


Asia's a pretty big place. Many parts of Asia as safe as or even safer than wherever it is that you're from. But yeah, emailing or storing your CC number unencrypted on any computer anywhere is a bad idea.
posted by randomstriker at 1:42 PM on January 27, 2010


It has nothing to do with Asia, or who the recipient is. It's unsafe to e-mail your credit card number to your next door neighbor, even.

E-mail is inherently unsafe, because by its very nature it's a bunch of text info that passes through many computers and routers on the way to its destination... and you can't control or know what those other computers do, or even where they are.

If you do not have a secure internet channel available (https website, encrypted file, something), a regular old voice phone call or even a fax is much safer.
posted by rokusan at 1:44 PM on January 27, 2010


stupid question....what if I PDF'd it? What if both ends used https?
posted by yarly at 1:48 PM on January 27, 2010


for what it's worth, many third-party AIM/MSN/Yahoo!/etc. clients (for example, Pidgin with OTR Messaging) will do encryption between you and your recipient, which you can use to accomplish this task fairly securely. never send anything sensitive in email though - even if you connect to your mail servers securely, it may bounce around the internet in an insecure/unencrypted way.
posted by mrg at 1:52 PM on January 27, 2010


You could put the relevant info into a .txt file and then encrypt that with something like TrueCrypt to prevent it from being opened. Of course, you'd also need to communicate the means to open the encrypted file to your intended recipient.

This is the reason why public key encryption was created. In a public key system, the person you want to send the information to sends you their public key, and you use that to encrypt the data in a way that ensures that only they can decrypt it. That's basically what is happening when you use a secure order form on a website like Amazon to send your credit card number. There are various forms of secure email and other secure Internet communication methods that use this method.

stupid question....what if I PDF'd it? What if both ends used https?

PDF might eliminate people stealing tons of emails and doing text searches for credit card numbers, but you're still sending it in a way that many people have a chance to intercept it. Also both sides using https would help eliminate people from using WiFi sniffers or similar local network exploits to see the information get sent or received, but normal email is by its nature unencrypted so it will not be safe as it travels through the Internet to the recipient.
posted by burnmp3s at 1:54 PM on January 27, 2010


stupid question....what if I PDF'd it? What if both ends used https?

I'm no IT guy but AFAIK, the HTTPS stuff stops mattering after the email is shot out. It still goes through way too many places it can be intercepted. PDFing it wouldn't matter. If you really insist on doing this over email, encrypt it somehow. This is exactly what encryption is for: sending sensitive information over quasi-public pipes.
posted by griphus at 1:57 PM on January 27, 2010


You could encrypt it with OpenPGP and then you know that only the intended recipient will be able to read it.
posted by asharchist at 2:17 PM on January 27, 2010


This is not 100% safe, but its better than nothing: You could zip it. (right click on the file, sent to, zip folder in XP) After you zipped it, you can password protect the zip file. (Double click on the zip file, file menu, password protect in XP).
Then you mail the password to your friend in a different email.

This is not that safe either. The only really safe way would be for both of you to use opengpg (pgp) or one of the aforementioned direct messaging clients. Isn't skype supposed to be favoured by drug dealers since the calls are not easy to eavesdrop on during transmission? (Or it's just a nice urban legend.)
posted by mmkhd at 2:18 PM on January 27, 2010


If it was me, I'd figure out a simple code to use with the other person (via another method of communication). For example, if I wanted to send the digits 2468, I'd send "To help sister Lizabeth". They count the letters in each word to decode the numbers, and it just looks a weird message to anyone else.
posted by soelo at 2:34 PM on January 27, 2010


I've also sent it as separate little bits of information scattered throughout the email:

Hi how are you? I was wondering if you have ever seen 1234 birds on a telephone wire, but after you see 5678 of them you might understand how the other 9012 were able to get there. Once you have all that then you might be ready to 3456.

Don't use the words credit or card.

This is probably not at all safe, but it seemed ok to me.
posted by CathyG at 3:43 PM on January 27, 2010


How well do you know this person - well enough to make up an obscure code?

It's the month of your sister's birthday, the number of dogs you own, sister's birthmonth again, how many boyfriends you had in highschool, etc. etc.

That's the only way I would feel remotely ok w/ this. You should just say it verbally over skype.
posted by Solon and Thanks at 4:01 PM on January 27, 2010 [1 favorite]


Hmm. I'm going to break a bit from the consensus. If you both use the same email server (such as gmail), and you both connect to this email server via a secured connection (https is now enabled by default for gmail), and you not only completely trust this person, but you also trust them to be savvy enough to keep their computer free of spyware/malware - then realistically I don't see any real risk. The first point is key - email servers talk to one another over plain unencrypted text, but if you both use the same server it shouldn't actually ever have to travel anywhere.
posted by kickingtheground at 4:18 PM on January 27, 2010


Use gpg, or jabber. Email is as private as a postcard.
posted by idiopath at 4:39 PM on January 27, 2010


nth-ing PGP.
posted by cyniczny at 5:06 PM on January 27, 2010


This is why SendItCertified was invented. It avoids email completely, using only https secure connections to your web browser (and the recipient's also).
posted by exphysicist345 at 5:17 PM on January 27, 2010


Why not break it up into several e-mails, last numbers first? Over multiple email accounts sender and recipient. They'd have to put each part together in the proper order.
posted by Ironmouth at 5:56 PM on January 27, 2010


How well do you know this person - well enough to make up an obscure code?

It's the month of your sister's birthday, the number of dogs you own, sister's birthmonth again, how many boyfriends you had in highschool, etc. etc.


You don't even have to do the whole number this way, just replace 6 or 8 of the digits with private info.
posted by Rock Steady at 6:32 PM on January 27, 2010


Encrypt it. That's what the tech was invented for.
posted by nihraguk at 8:16 PM on January 27, 2010


« Older I want my Dragon Age!   |   How do I move a mattress with a pickup? Newer »
This thread is closed to new comments.