Revealing credit card details through e-mail

taless

Hi,

Sometimes we have to make bookings through e-mail, for example rental cars/hotel bookings.

For all the bookings that I have made so far, they normally require two things, the 1st of which is the 15/16 digit card number at front, and 2ndly usually the expiry date of the card. One that I have dealt with does not require the expiry date, but requires the billing address of the card.

Sometimes, I know it is necessary to give card details through e-mail. But I was wondering, should these info fall into the wrong hands, won't the fraudsters be able to do fraudalent purchases etc. with the two infos that I gave in the e-mail? Or should I be less paranoid and know that I will be safe?

Thanks!

jonesMUFCforever

I agree.
Is a No No.
Always do it via an encrypted source.
Anyone could hack into e-mail systems.

simongregson

If they can't receive the information via secured website, it would be better to telephone or fax them through. If they aren't willing to allow you to do this, be wary!

taless

Hey Simongregson,

My question actually is more about the technicalities behind the '2 info from card' thing - is it a rule?

I have faxed my credit card details to the other party before too. I wonder, isn't it unsafe as well, just like giving it through the e-mail? It can well fall into the wrong hands (i.e. some workers who work at the same company write down the card details)

Don't really know how to put my question across, but I am really just wondering about the technicalities aspect.

simongregson

The problem with email is that it can be intercepted en-route as it will pass through other computers on the way to the recipient. Information sent via a secure website would need to be decrypted before use, which would be quite difficult. There is the possibility of faxes and phone details being used at the company fraudulently, but it is unlikely to be intercepted en route as the information will not have entered a public network.

However, at the end of the day you would not be liable for unauthorised charges of more than £50 even if you emailed the details, as long as you used a credit card and not a debit card. But of course you've got the hassle of sorting out any fraudulent transactions, and any fraud ends up costing everyone in terms of increased fees etc.

Biggles

On the few occasions that it has been necessary to send CC details by email, I have sent them in two or three parts (at the very least, the CC number followed by the expiry date in a separate email, sometimes the CC number in two 8-digit chunks followed by the expiry date in a third separate email).

Obviously, if someone has access to the recipient's emails once they've arrived I will be covered, just the same as if they steal the piece of paper they wrote in down on, but at least it prevents a single email being intercepted with all the necessary info.

taless

Thanks.

What I am really interested in is how does the banks determine that a purchase was indeed fraudalent, or is it as a result of the credit card owner 'regretting' about the purchase and claiming that it was fraudalent.

Is it by keeping a record of what info was provided when the purchase was made - hence if only 2 info are provided, the banks will more likely believe that it is fraudalent, as opposed to if all details were correct (Name on Card, Expiry, CVV2, Billing Address - all matched)?