- smooreSCFCUAsked on November 30, 2017 at 08:35 AM
We are considering this product for some of our internal form collection. We are a credit union so we would be potentially collecting sensitive information.
I see we can use your encrypted service. Would our type of industry be acceptable use for your system? I don't want to hit your anti-phishing rules all the time.
Also as far as encryption, who has the keys? Can other employees get the keys? And have you gone through and external audits for due diligence purposes?
- JotForm SupportTREVONAnswered on November 30, 2017 at 11:02 AM
You can be able to use our form to collect information. It will also depend on the kind of sensitive information you want to collect. For instance if you want to collect Social Security Numbers or bank account numbers or routing numbers you will need to provide prof that you are MORTGAGE BROKER, INSURANCE BROKER BANK, Real Estate Broker, LENDING INSTITUTIONS etc where collecting SSN or bank accounts can be allowed and it's not illegal.
Once we receive prof that you company is allowed to collect SSN and bank details we will advise you to build the form to gather this info , but a signature field must be added, so your clients will be signing to be in agreement with providing such information.
However, card number, expiration date, security codes and card holder name are considered critical information. The only services allowed to collect such data are those that are DSS/PCI certified.
Bank accounts info is solely related to: Account numbers and routing numbers.
Credit card sensitive information like number, expiration date and security code (CVV) won't be allowed to be collected on forms in any way, a payment integration is a must if you want to accept payments with credit cards and the information will be sent encrypted straight to the payment gateways.
To make this to work, your account must be on paid status , so the automated system will mark it still high, but won't be automatically suspended, and our Form Reviewers Team (who are in charge of manually checking forms on paid accounts) would set the form as exception. Otherwise the system will mark suspicious and suspend all forms on free accounts.
I hope the information above is helpful. Kindly do let us know if you need further assistance.