- ERCCAsked on July 19, 2014 at 10:37 AM
- JotForm Support ManagerJeanetteAnswered on July 19, 2014 at 07:23 PM
- mxpiAnswered on November 24, 2014 at 01:14 PM
I'm confused - your terms say not to request SS#s but there are plenty of other replies from JotForm support which suggest ways to collect social security #s.
Are SS#s supported or not?
If not then please revise all of the other support replies regarding this.
- BenAnswered on November 24, 2014 at 02:42 PM
This depends on several factors which is why you saw this on forum, as you say, answered differently.
SSN collection is not illegal.
According to this site https://www.privacyrights.org/my-social-security-number-how-secure-it#11 in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.
However, some States have imposed restrictions on a business soliciting the SSN.
Online form builders, including JotForm have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms will mention SSNs are considered as a Phishing activity.
Therefore, when you do request SSN, chances are that our automated phishing detector will flag the form(s) and suspend the account. If this happens you'll have to contact our support to white list the form and reactivate the account, explaining the purposes of the form(s).
These are some examples of businesses that require a Social Security number for legitimate purposes and we will do our best to help you reactivate the account if you are one of them.
Moreover, you need to know that since we do store the information in your account, anyone with access to it, would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue and would be your sole responsibility.
Please follow these recommendations in order to help us to whitelist your forms:
1. Embed the form using SSL method
2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.
Here are some widgets you can add to the form (signature fields):
In conclusion: If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list that can collect such details and if you follow the recommendations; then all this will surely make your forms not be considered as guilty of phishing activities.
Hope this gives you a better insight into the question of collecting Social Security Numbers on your jotforms.
- mxpiAnswered on November 24, 2014 at 03:24 PM
It appears that the entire form, including the fields with the sensitive data, are submitted to my email servers via your third party email service provider - Amazon Web Services (Amazon SES).
It also appears that Amazon SES is using TLS 128 bit encryption (which, luckily my email servers accept - but some will not and pass that data on as plain text).
However - is there a way where the fields which contain the sensitive data (or any data in the form) are not passed through email at all?
This option would allow me to be notified to check my JotForm account to get the data - which would be more secure than forwarding it through third party email servers (and save JotForm cost on that transfer as well!)
- mxpiAnswered on November 24, 2014 at 03:32 PM
- BenAnswered on November 24, 2014 at 04:09 PM
I have replied to your first question here since it could also benefit the thread owner.
Since you have asked 2 different questions now, I have moved each of them to a new thread where we will be answering you shortly.
Please post any further questions and responses that you might have there, or if you have another question please open a new thread instead since we can only provide answers to one question/issue per thread.
Your question about hiding certain info from emails can be seen here: http://www.jotform.com/answers/464162
Your question about the secure form submission can be found here: http://www.jotform.com/answers/464163