What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Can I collect bank and sensitive information in a normal form?

    Asked by mlittaur on December 08, 2015 at 05:12 AM

    So if I add a signature and agreement field it's ok to collect bank and sensitive information in a normal form? We supply online organisers so accountant can help their client to get the information more efficient.

     

    Answered by david

    If you need to collect banking information, you could do so in a follow up email or over the phone.  Bank account numbers, social security/passport ID numbers, anything of that nature we do not allow to be collected through our forms.

  • Profile Image

    Answered by Carina on December 08, 2015 at 06:47 AM

    As stated by our manager on the original thread:

    "-Regarding to bank information: We allow this only through payment integrations."

    So to collect this kind of information you need to select one of our payment tools:

    What kind of other sensitive information would you need?

    Thank you

  • Profile Image

    Answered by mlittaur on December 08, 2015 at 07:45 AM
    Ok would this allow me to capture the full bank account nr ?
    Sent from my iPhone
    ...
  • Profile Image
    JotForm Support

    Answered by mert on December 08, 2015 at 08:55 AM

    With Payment Tools, you can collect bank routing and account numbers: but not the PINs and other sensitive bank information, this is also valid with credit card information like cc number, expiration date and security code (CVV), they are not allowed to collect.

    You can also check our Terms of use to get more information.

     

    If there are still some blank spots, please let us know.

    Thanks.

  • Profile Image

    Answered by mlittaur on December 08, 2015 at 09:45 AM
    Can I then also collect Social security nr’s?

    ...
  • Profile Image
    JotForm Support

    Answered by mert on December 08, 2015 at 09:56 AM

    Collecting social security number is also not allowed on JotForm, because of some security concerns.

    If you collect such data accidently, it will set off our phishing detector and automatically suspend the form and the user until a manual check can be made.

  • Profile Image

    Answered by mlittaur on December 08, 2015 at 10:45 AM
    It asks for a TIN which is the same as an SSN so I can’t use Jotform for that also not when using your payment form application?
    ...
  • Profile Image

    Answered by Mikellll on December 08, 2015 at 12:15 PM

    If I integrate your payment tools can I then ask people to list 10 bank accounts in one form?

    I've added paypal at the bottom. however I don't need people to pay for this service. Can I add your payment too; ensuring security but keep the service free?

     

  • Profile Image
    JotForm Support Manager

    Answered by Jeanette on December 08, 2015 at 12:38 PM

    @Mikellll and  @mlittaur

    First of all I apologize for the wrong and confusing information provided by the support staff.

    Our payment integration DO NOT "collect" bank information to be stored somewhere else.

    Carina quoted my explanation, but I never meant "to collect", what I said is that payment integrations  allow users to submit credit cards sensitive info in a secure way and this is not stored in your account nor displayed in any way, rather than that, it will travel encrypted directly to the payment gateway.

    On regards to bank account numbers and routing numbers, Mert also provided a wrong information to you. So please accept my apologies for this.

    This information is not and will not be collected in the payment integrations and cannot be collected nor stored on plain text fields in your forms. These are the following exceptions to storing bank accounts info on plain text fields:

    - If you send a proof that your business is related to : MORTGAGE BROKER, INSURANCE BROKER BANK, Real Estate Broker, LENDING INSTITUTIONS and the like. 

    In such case, collecting SSN or bank accounts can be allowed and it's not illegal. 

    However, many phishers will still use our form builder to steal this very sensitive information and there is no guarantee that your forms won't be marked as suspicious by our system, specially if the account is on free status.

    In the case of your business being in mentioned legal businesses above, we advise to build the form to gather this info , but a signature field must be added, so your clients will be signing to be in agreement with providing such information.

    To make this to work, your account must be on paid status , so the automated system will mark it still high, but won't be automatically suspended, and our Form Reviewers Team (who are in charge of manually checking forms on paid accounts) would set the form as exception. Otherwise the system will mark suspicious and suspend all forms on free accounts.

    I hope this is clearer.

  • Profile Image
    JotForm Support Manager

    Answered by Jeanette on December 08, 2015 at 12:48 PM

    Just to clarify:

    Bank accounts info is solely related to: Account numbers and routing numbers.

    Credit card sensitive information like number, expiration date and security code (CVV) won't be allowed to be collected on forms in any way,  a payment integration is a must if you want to accept payments with credit cards and the information will be sent encrypted straight to the payment gateways.

  • Profile Image

    Answered by mlittaur on December 08, 2015 at 01:45 PM
    Relief! Thank you for the clear answer! It took a day but hé you win some you lose some ;) So to be 200% sure in my own words:
    1.
    I’m a legitimate business nd allowed to collect sensitive information such as SSN and bank account information. The only requirement from Jotform is to take a paid account and create a signature field, correct?
    2.
    Our customers aren’t very computer savvy so don’t want to make it complicated. Is a checkbox that says ‘agree to the terms and conditions’ ok or are there other requirements to the signature box?
    Thank you.
    ...
  • Profile Image

    Answered by mlittaur on December 08, 2015 at 01:45 PM
    Dear Jeanette,
    What kind if proof would you like? I can sen you our chamber of commerce registration in the Netherlands?
    - If you send a proof that your business is related to : MORTGAGE BROKER, INSURANCE BROKER BANK, Real Estate Broker, LENDING INSTITUTIONS and the like.
    ...
  • Profile Image
    JotForm Support

    Answered by Boris on December 08, 2015 at 03:49 PM

    > I’m a legitimate business nd allowed to collect sensitive information such as SSN and bank account information. The only requirement from Jotform is to take a paid account and create a signature field, correct?

    The requirements by JotForm are actually three-fold:

    1. You must provide us with a proof that your legal business requires or relies on SSN and similar information for the operation of your business. I believe that the registration with your Chamber of Commerce in Netherlands would help, if it shows that your business is related to mortgages, insurance, a brokerage firm, or anything similar that would explain the need for your business to collect SSN.

    For sending documents or attachments to us, you can send them to our email address support@jotform.com

    2. You must get consent of the people submitting the info, that they allow you to collect their SSN. You can do this by adding a signature field, or a terms and conditions checkbox. Your form must state that by selecting the checkbox or signing the signature field, they (your users) are giving you permission to collect their SSN.

    3. You should use a paid JotForm account, because we have very strict filters on our end which would certainly disable a free account if the filters detected that you are collecting SSN details.

    Online form builders, including JotForm, have been used for identity theft in the past. We go to great lengths to prevent this. That is why we are so strict about these things, and the above criteria must be met in order for SSN and similar information to be collected through our forms

    > Our customers aren’t very computer savvy so don’t want to make it complicated. Is a checkbox that says ‘agree to the terms and conditions’ ok or are there other requirements to the signature box?

    It doesn't have to be complicated, but the field should clearly mention that they are allowing you to collect and process their SSN. As an example, the field can state something like:

    "I give my consent to [your company name] for collection and processing of my SSN details."

    Where you would replace [your company name] with the actual name of your company.

     

    Important: You need to know that since we do store the information in your JotForm account, anyone with access to your JotForm account would also have access to social security numbers. So, in the event of a security breach of your account, this could be an issue.

    If you need any further clarifications, please do let us know, and we will be happy to assist you.

  • Profile Image
    JotForm Support Manager

    Answered by Jeanette on December 08, 2015 at 03:53 PM

    In addition to what Boris has explained, I would recommend you to add this Scrollable widget to your form:

    http://widgets.jotform.com/widget/short_scrollable_terms

    You can add it while on edit mode by simply searching in the widgets menu:

     

     

  • Profile Image

    Answered by mlittaur on December 09, 2015 at 04:45 AM
    thank you!
    ...