email and credit card fraud

growler

One of the busy body accountant types in my head office just sent me a ranting email because a credit card number wass included in an attachment I had emailed.

I'm a bit ambivalent about this, fair enough I shouldn't have sent it in an email I know, but what , realistically are the chances that the card number would fall into a fraudsters' hands ? And even if it did, wouldn't we be covered anyway ?

I think he's way overeacting and just wondered if anyone knew the likelihood of such info being intercepted.

cheers

Chipboard

Nope, you wouldn't be covered. You are covered for fraud except in the case of 'card not present' transactions like where you give your card details to someone on the phone. I'd say emailing the details would come under this description.

I have to laugh at the way some people won't use their credit cards on perfectly legit internet sites but they have no problem giving it over the phone to some yound lad in the cinema, who after his shift is probably planning heading to the local park on his moped for a few tins of cider...

secret_squirrel

The accountant is in the right - especially if it was one of your customers credit cards. You have left your company wide open to liability if it is abused. Some companies would rate it a disciplinary offence.

At my company credit card details have to be encrypted in a secure repository with severe access restrictions.

We have pulled a number of IT projects with 3rd parties because they havent kept our staff and customers Postal addresses secure - let alone credit cards.

Its far to easy for an email to get in the public domain.

RainyDay

growler wrote:

One of the busy body accountant types in my head office just sent me a ranting email because a credit card number wass included in an attachment I had emailed.

Was the email sent via an external network (i.e. to an external Internet address) or via a private network (i.e. purely internal email)?

Would you mind if I sent out your credit card details on the back of a postcard?

growler

Chipboard wrote:

Nope, you wouldn't be covered. You are covered for fraud except in the case of 'card not present' transactions like where you give your card details to someone on the phone. I'd say emailing the details would come under this description.

I have to laugh at the way some people won't use their credit cards on perfectly legit internet sites but they have no problem giving it over the phone to some yound lad in the cinema, who after his shift is probably planning heading to the local park on his moped for a few tins of cider...

I get your point, but, should the spotty youth in the cinema take note of your card number, go online and buy a load of DVDs, then that is a fraudulent transaction, so one would be covered ,.... no ? There must be some protection.

Rainy Day, naturally I wouldn't send my credit card on the back of a postcard, but a better analogy would be to send it in an envelope by post , which I do all the time, without worry. TO make the analogy, to send it by postcard would be the same as posting it up here, to send it in an attachment in an email is more like sending it on a piece of paper inside an envelope, just one more piece of paper amongst millions. The chances of this being intercepted and used by the bad guys must be fairly slim , and I'm not convinced that we wouldn't be covered against any misuse anyway.

dahamsta

Assuming the credit card belongs to the company or a customer, the accountant is absolutely right. The risk isn't that high but there is a risk, and assuming the above, it's not your risk to take.

adam