- Jim HAsked on January 21, 2015 at 03:26 PM
I see creating a form that collects a SSN violates your terms of service. However, in order to open client accounts in my industry a social security number and date of birth is required. Is there a way to do this without violating your terms of service? Thank you.
- JotForm SupportMikeAnswered on January 21, 2015 at 05:23 PM
Thank you for contacting us.
If you need to collect the social security numbers for legitimate activities, you can do this with JotForm. We do not allow collecting credit card details, but SSNs are allowed.
- You will need to make sure to use the form over secure SSL connection.
- Form email alerts are not encrypted by default. If you accept the sensitive information, you can remove it from the email template, or send the email alerts with your own secure SMTP details.
- You might also want to access our form builder via SSL to browse the submission data in a more secure way.
Please feel free to contact us if you need any further assistance.
- selvecchio85Answered on February 06, 2015 at 11:35 AM
Can you explain why sensitive information like a Social Security # is allowed, but credit cards are not? Alerts from a secure form don't transmit the form information, they only send an alert that a secure form has been submitted and we have to go to the Jotform submissions to view it.
Also, can you point me to where the terms outlines the cc restriction?In my industry the cc information is needed to purchase goods from the suppliers portal. If I create a form how can I collect this information?
- ShadaeAnswered on February 06, 2015 at 02:02 PM
It is actually against our terms to collect Social Security Numbers on your form.
"You agree that Company may terminate your JotForm Service immediately if a form is created or JotForm is found to be used to: Obtain credit cards sensitive information, get social security numbers, show content with child pornography. Or if a form was made to steal user login credentials. All these activities are considered as Phishing and any account along with the guilty forms will be suspended immediately."
You can view out full terms here: http://www.jotform.com/terms/
I have moved your question regarding collecting payments on your form to a new thread: http://www.jotform.com/answers/511342
Your question will be addressed there.
- NGHSAnswered on February 12, 2016 at 12:08 PM
Shadae, your comments seem to directly contradict the comments of your colleague, Mike. Are SSN# allowed for legitimate activities or not? Thanks!
- JotForm Support ManagerJeanetteAnswered on February 12, 2016 at 04:07 PM
SSN collection is not illegal. According to this site https://www.privacyrights.org/my-social-security-number-how-secure-it#11 in most States, there is no law that prevents businesses from requesting SSN, and there are few restrictions on what businesses can do with it.
However, some states in the USA have imposed restrictions on a business soliciting SSN's
Online form builders, including JotForm, have been used for identity theft in the past. We go to great lengths to prevent this. That is why our Terms will mention SSNs are considered as a Phishing activity.
Therefore, when you do request SSNs, chances are that our automated phishing detector will flag the form(s) and suspend the account. If this happens you'll have to contact support to whitelist the form and reactivate the account, explaining the purposes of the form(s).
However, we recognize that there are businesses that require a Social Security number for legitimate purposes, here are some:
• Insurance companies
• Credit card companies, lenders, and any other company receiving a credit application from you
• The three main credit reporting agencies: TransUnion, Equifax, and Experian
• Any company that sells products or services that require notification to the IRS, including:
- Investment advisors
- Real estate purchases
- Financial transactions over $10,000, such as automobile purchases; and other financial transactions
Nevertheless, you must know that since we do store the information in your account, anyone with access to it would also have access to social security numbers. So, in the event of a security breach of your account this could be an issue.
So, having this in mind, we encourage you to follow these recommendations:
1. Embed the form using SSL method (http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions)
2. Add a sort agreement and/or an e-signature field to the form, so your customers will agree to provide their SSN along with personal info.
Here are some widgets you can add to the form (signature fields):
- KentAnswered on February 13, 2016 at 12:10 AMJeanette, please make sure that all Jorform employees who reply to the forum are well-informed about this critical and sensitive policy. We've seen uncalibrated and conflicting responses from your support desk and this will lead to a lot of misinformed users that can also lead to inintentional breaches from the account holders' end. Along with technical knowledge / skills, it is imperative that all employees knows and fully understands all existing policies as well.
- BenAnswered on February 13, 2016 at 12:33 PM
Thank you for your comment Kent.
Please do note that our manager - Jeanette - does in deed teach us of these things, but sometimes the forms, or questions are different and could lead to somewhat different answers.
There are many things to consider when it comes to SSN, because as mentioned by my manager, form builders have been, and still are, used often to trick people into giving the same.
Similar applies to specific bank records and credit card details.
As such our system will look for anything suspicious and suspend the account and so will we - which results in a form that can be filled out to explain the usage of the same data.
It is also common for us to find different forms within the account of the person asking questions on the forum than what someone from the outside could see, allowing us to see that the person is indeed collecting information with ill intentions as the main drive. Also allowing us to see that the things said on forum are not entirely true.
We will however always support those that require the same for legitimate requirements and JotForm system is built with that in mind.
Of course, if anyone thinks that they should not be suspended, they can always reply back to their forum thread on the same issue - or send us an email for a re-consideration at which time we would be happy to reply back with the issues causing the same.
Hope that this helps.