- Jolanda ArtsAsked on August 17, 2011 at 04:12 PM
I'm creating a form to sell gift certificates online. I want to put in a field that asks for my customers' credit card information. Is this "legal" or safe? How can I make it safe, and how can I let my customers know that it is safe to send this information? I don't need paypal or other payment integration, I just need the info so I can process the information in my store.
- allanftdAnswered on August 18, 2011 at 06:01 AM
In conclusion, we would still encourage you to use the Payment Tool in order to protect your business and your customer's financial data. Please let us know if we can be of further assistance.
Thank you and enjoy using JotForm!
- JotForm SupportabajanAnswered on August 18, 2011 at 10:20 PM
When I was about to post the following reply (below the dashed line) this morning (Barbados time) my colleague Allan posted the above response first. After I reading it, the points made seemed reasonable and I decided against posting my own response but copied it in case I changed my mind for some reason.
Subsequently, upon searching the Net, I discovered that about eight years ago someone posted a remarkably similar query on another forum and a couple of the responses lead me to think that it might not be so risky to request credit card info on a form, provided that field was removed from all email alerts (notifications and autoresponses) belonging to the form and the precautions outlined in my reply were adhered to:
---------------------------------- My earlier reply follows -----------------------------------
Thanks for your query. It's perfectly legal to ask for credit card information, on your end (at least, nothing in our TOS prohibits it) and safe, on the user's end, to provide such particulars, provided certain precautions are followed by you, the form's creator:
1. Be sure to refer your users to the secure version of your form. To do that, append an "s" to the protocol (the "http" part of the URL). In other words, if your form's URL is https://www.jotform.com/form/12345678901, simply changing it to https://www.jotform.com/form/12345678901 will encrypt any information submitted by users and thus prevent interception by malevolent entities: people with bad intentions. If using the Embed Form Wizard, when the the Secure form box is checked, all of the codes provided by the wizard, including the direct link, will be the secure version of your form.
2. Make sure that the source(s) of any images included on the form are also at secure URLs. This can be done using the method outlined by Aytekin, one of our co-founders, in this thread.
Hopefully you have found this information useful. If you require clarification on anything, please let us know. Our team will be happy to assist you however we can.
---------------------------------- End of earlier reply -----------------------------------
So, there you have it. That's probably ample information from the other forum, Allan and myself for you to make a decision as to the wisdom (or folly) of including the field on your form.
- JolandaAnswered on August 20, 2011 at 04:40 PM
Thank you so much for your clear answers to my question. I have decided against asking for credit card information. Instead, I will ask for a phone number and call customers to obtain credit card information.
- allanftdAnswered on August 20, 2011 at 04:51 PM
We're thrilled to have helped you make a sound decision today. I personally believe that's a better way of doing it. Telephone orders are quite common, and at least you have the consent of the customer regarding obtaining their credit card information in such manner.
Please let us know if we can be of further assistance. Thank you and enjoy using JotForm!