I keep getting a message that my form is disabled

  • Profile Image
    johnhelms
    Asked on May 17, 2017 at 03:27 PM
  • Profile Image
    Welvin
    Answered on May 17, 2017 at 04:11 PM

    Your forms have been flagged down as a phishing forms with 90+% phishing score. I think this is because of the personal information fields such as the SSN. Note that we have guidelines for collecting SSN. I'll share it with you later.

    I have reactivated your account, but I will have to consult our manager regarding the phishing score. I'll let you know.

  • Profile Image
    Welvin
    Answered on May 17, 2017 at 04:13 PM

    For the SSN:

    SSN collection is not illegal. According to this site https://www.privacyrights.org/consumer-guides/my-social-security-number-how-secure-it in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.

    However, some states in the USA have imposed restrictions on a business soliciting  SSN's

    Online form builders, including JotForm, have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms will mention SSNs are considered as a Phishing activity.

    Therefore, when you do request SSNs,  chances are that our automated phishing detector will flag the form(s)  and suspend the account.  If this happens you'll have to contact support to whitelist the form and reactivate the account, explaining the purposes of the form(s).

    However, we recognize that there are businesses that require a Social Security number for legitimate purposes, here are some:

    • Insurance companies

    • Credit card companies, lenders, and any other company receiving a credit application from you

    • The three main credit reporting agencies: TransUnion, Equifax, and Experian

    • Any company that sells products or services that require notification to the IRS, including:

    - Investment advisors

    - Banks

    -Real estate purchases

    -Financial transactions over $10,000, such as automobile purchases; and other financial transactions

    Nevertheless, you must know that since we do store the information in your account, anyone with access to it would also have access to social security numbers. So, in the event of a security breach of your account, this could be an issue.

    So, having this in mind, we encourage you to follow these recommendations:

    1. Make sure that SSL is used in your form. This is the default in the form. You may also consider enabling the encryption in the form (https://www.jotform.com/help/344-What-are-Encrypted-Forms-and-how-to-use-them-as-expert).

    2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.

    Here are some widgets you can add to the form (signature fields):

    http://widgets.jotform.com/search/signature 

    You can also add this Terms of use widget (for the agreement)

    http://widgets.jotform.com/widget/scrollable_text 

    In conclusion:  If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list above and if you follow the recommendations; then all this will surely make your forms not to be considered as guilty violating our Terms of Use.

  • Profile Image
    johnhelms
    Answered on May 18, 2017 at 05:11 PM

    I am the Chief Marketing Officer for a Consumer Finance Company.  I am attempting to create an online credit application which requires SSN in order to pull a credit report from Equifax.  You can see our website here www.solutionsfinance.us.  My objective is to replace the existing online application with this form.  Please let me know if this is not possible.

  • Profile Image
    Kevin_G
    Answered on May 18, 2017 at 07:26 PM

    Based on the information on your website, it seems you're not asking SSN number for ilegal purposes. 

    You might also want to upgrade your account, since your account is currently on free status it gets automatically suspended by our anti-phishing system, paid accounts are not automatically suspended, instead we are alerted about it and we can check your account.