What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    How to keep a Social Security Number hidden, ie. only show last 4 digits?

    Asked by ERCC on July 19, 2014 at 10:37 AM
    security number
  • Profile Image
    JotForm Support Manager

    Answered by Jeanette on July 19, 2014 at 07:23 PM

    We consider the social security number it's a critical information, as such, making a form for gathering this information would be considered a phishing activity. Please refrain from doing that. For more information, please read our Terms of Use

  • Profile Image

    Answered by mxpi on November 24, 2014 at 01:14 PM

    I'm confused - your terms say not to request SS#s but there are plenty of other replies from JotForm support which suggest ways to collect social security #s. 

    Are SS#s supported or not?

    If not then please revise all of the other support replies regarding this. 

     

  • Profile Image

    Answered by Ben on November 24, 2014 at 02:42 PM

    Hi,

    This depends on several factors which is why you saw this on forum, as you say, answered differently.

    SSN collection is not illegal.


    According to this site https://www.privacyrights.org/my-social-security-number-how-secure-it#11  in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.

    However, some States have imposed restrictions on a business soliciting the SSN.

    Online form builders, including JotForm have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms will mention SSNs are considered as a Phishing activity.

    Therefore, when you do request SSN,  chances are that our automated phishing detector will flag the form(s)  and suspend the account.  If this happens you'll have to contact our support to white list the form and reactivate the account, explaining the purposes of the form(s).

    These are some examples of businesses that require a Social Security number for legitimate purposes and we will do our best to help you reactivate the account if you are one of them.

    Moreover, you need to know that since we do store the information in your account, anyone with access to it, would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue and would be your sole responsibility.

    Please follow these recommendations in order to help us to whitelist your forms:
    1. Embed the form using SSL method
    2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.
    Here are some widgets you can add to the form (signature fields):

    Signature Widgets

    You can also add this Terms of use widget (for the agreement)

    Scrollable Text

    In conclusion:  If your purpose is not to collect SSN from the general public, but from your own customers; if your business is among the list that can collect such details and if you follow the recommendations; then all this will surely make your forms not be considered as guilty of phishing activities.

    Hope this gives you a better insight into the question of collecting Social Security Numbers on your jotforms.

    Best Regards,
    Ben

  • Profile Image

    Answered by mxpi on November 24, 2014 at 03:24 PM

    Thanks Ben,

    It appears that the entire form, including the fields with the sensitive data, are submitted to my email servers via your third party email service provider - Amazon Web Services (Amazon SES). 

    It also appears that Amazon SES is using TLS 128 bit encryption (which, luckily my email servers accept - but some will not and pass that data on as plain text). 

    However - is there a way where the fields which contain the sensitive data (or any data in the form) are not passed through email at all?

    This option would allow me to be notified to check my JotForm account to get the data - which would be more secure than forwarding it through third party email servers (and save JotForm cost on that transfer as well!)  

    Thanks

  • Profile Image

    Answered by mxpi on November 24, 2014 at 03:32 PM

    But wait...

    It doesn't look like the JotForms summsions page is secure. 

    <!http://www.jotform.com/submissions/[page-id]!>

    What's up with that?

    If those pages aren't secure then none of this matters and I'll have to go with another form provider. 

    Please advise,

    Thanks

  • Profile Image

    Answered by Ben on November 24, 2014 at 04:09 PM

    Hi,

    I have replied to your first question here since it could also benefit the thread owner.

    Since you have asked 2 different questions now, I have moved each of them to a new thread where we will be answering you shortly.

    Please post any further questions and responses that you might have there, or if you have another question please open a new thread instead since we can only provide answers to one question/issue per thread.

    Your question about hiding certain info from emails can be seen here: http://www.jotform.com/answers/464162

    Your question about the secure form submission can be found here: http://www.jotform.com/answers/464163

    Best Regards,
    Ben