Sending Credit Card Information over Email



PCI DSS are standards which all organisations that transact via credit card must abide by regardless of your business size. You can’t partially comply.

One of its requirements is that credit card information must not be captured, transmitted, or stored via email. This is because a standard email is considered to be unprotected being in clear text and it leaves a trail of copies (in the ISP store-and-forward gateway, in inboxes, sent folders, drafts folders, email trash, web browser caches, computer recycle bins.

It goes on to state that it is a violation to request or transmit credit card information by email.

Although our software makes no such request, we are making a change to our software over this to specify this requirement.

If a person was to send you an email with their credit card details say

Visa Card 

Card Number: 4550064304232410
Expire Date: 01/2023
CVV 322

You have not done anything wrong unless you requested this information but if you were to reply to that email, you have to change the text to something like this.

Visa Card 

Card Number: ************2410
Expire Date: **/****
CVV ***

before you can reply.

I actually suggest that you use a payment gateway like paypal


Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA
Enter the characters shown in the image.