What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Can customers safely submit credit card information?

    Asked by Jolanda Arts on August 17, 2011 at 04:12 PM

    I'm creating a form to sell gift certificates online. I want to put in a field that asks for my customers' credit card information. Is this "legal" or safe? How can I make it safe, and how can I let my customers know that it is safe to send this information? I don't need paypal or other payment integration, I just need the info so I can process the information in my store.

  • Profile Image

    Answered by allanftd on August 18, 2011 at 06:01 AM

    Hi Jolanda,

    Thanks for asking. The usual way to obtain and process credit card information is through the Payment Tool integration with Paypal, 2CO, Authorize.net, and other 3rd party payment processors we have pertnered with. Saying this, your idea of getting the credit card number using regular text fields is something that we would not strongly recommend and may in fact even violate the terms of use of JotForm. While you have the option to make it secure by adding an https:// prefix in the form URL, this only guarantees secure transmission of data from your form to your email server. The problem arises when an unauthorized person gets access to your inbox. Note that the email notifications reveal complete, unencrypted responses from your customers once it arrives your inbox. This is beyond the scope of JotForm and we cannot guarantee the integrity and security of the credit card information. You must inform your customers about this as a disclaimer notice.

    In conclusion, we would still encourage you to use the Payment Tool in order to protect your business and your customer's financial data. Please let us know if we can be of further assistance.

    Thank you and enjoy using JotForm!

    JOTFORM SUPPORT

  • Profile Image
    JotForm Support

    Answered by abajan on August 18, 2011 at 10:20 PM

    Hi Jolanda

    When I was about to post the following reply (below the dashed line) this morning (Barbados time) my colleague Allan posted the above response first. After I reading it, the points made seemed reasonable and I decided against posting my own response but copied it in case I changed my mind for some reason.

    Subsequently, upon searching the Net, I discovered that about eight years ago someone posted a remarkably similar query on another forum and a couple of the responses lead me to think that it might not be so risky to request credit card info on a form, provided that field was removed from all email alerts (notifications and autoresponses) belonging to the form and the precautions outlined in my reply were adhered to:


    ---------------------------------- My earlier reply follows -----------------------------------

    Hi Jolanda

    Thanks for your query. It's perfectly legal to ask for credit card information, on your end (at least, nothing in our TOS prohibits it) and safe, on the user's end, to provide such particulars, provided certain precautions are followed by you, the form's creator:

    1. Be sure to refer your users to the secure version of your form. To do that, append an "s" to the protocol (the "http" part of the URL). In other words, if your form's URL is https://www.jotform.com/form/12345678901, simply changing it to https://www.jotform.com/form/12345678901 will encrypt any information submitted by users and thus prevent interception by malevolent entities: people with bad intentions. If using the Embed Form Wizard, when the the Secure form box is checked, all of the codes provided by the wizard, including the direct link, will be the secure version of your form.

    2. Make sure that the source(s) of any images included on the form are also at secure URLs. This can be done using the method outlined by Aytekin, one of our co-founders, in this thread.

    Hopefully you have found this information useful. If you require clarification on anything, please let us know. Our team will be happy to assist you however we can.


    ~ Wayne

    ---------------------------------- End of earlier reply -----------------------------------


    So, there you have it. That's probably ample information from the other forum, Allan and myself for you to make a decision as to the wisdom (or folly) of including the field on your form.


    ~ Wayne

  • Profile Image

    Answered by Jolanda on August 20, 2011 at 04:40 PM

    Thank you so much for your clear answers to my question. I have decided against asking for credit card information. Instead, I will ask for a phone number and call customers to obtain credit card information.

     

    Thanks again.

  • Profile Image

    Answered by allanftd on August 20, 2011 at 04:51 PM

    Hi Jolanda,

    We're thrilled to have helped you make a sound decision today. I personally believe that's a better way of doing it. Telephone orders are quite common, and at least you have the consent of the customer regarding obtaining their credit card information in such manner.

    Please let us know if we can be of further assistance. Thank you and enjoy using JotForm!

    JOTFORM SUPPORT