The credit card information was replaced by # char

  • Profile Image
    Asked on August 18, 2016 at 10:44 AM
    I have been with Jotform from the beginning and it WAS great. This change with collecting data has affected all of my forms and has created turmoil in my business. Making this change to XXXX information and not notifying users is just poor business. I'll be moving back to using free Google forms.
  • Profile Image
    Answered on August 18, 2016 at 12:23 PM

    Sorry for inconvenience this may caused you. However collecting of credit card on plain text fields is against Jotform Terms of use. Because of that we have scanned all of our database and replaced part of the CC numbers with # hash symbols. Also before this change was applied, it was also prohibited to collect credit card info on plain text fields. Account with this type of fields are usually automatically suspended by our Phishing system. 

    From now on data in credit card fields will be replaced with # hash symbols. 

    If you want to have payment fields inside of your form you have to use one of Jotform payment tools. 

    Inside of this articles you can find out more about payment tools and how to set payment form: 

    If you want to charge your users manually at later date, I would suggest you to use on of payment tools that has built in credit card fields like PayPal Pro, Stripe,, Dwolla.

    How to Enable Payment Authorization

  • Profile Image
    Answered on August 18, 2016 at 12:58 PM

    Here's the problem with setting up a payment authorization. 

    Here's a scenario. I have a client booked on a Carnival Cruise vacation. I am the agent for Carnival Cruise Line. Clients like the convenience of not having to call me with credit card payments that are going to be processed by carnival Cruise Lines. They loved the convenience of sending their credit card information in a secured form at their convenience. I would then process the payment with the cruise lines within 24 hrs.

    With your idea enabling payment authorization ... the client would see that someone other then Carnival Cruise Line has been authorized payment with their information. This would create far to much confusion. 

    It's a shame that your system cannot transmit personal information securely such as birthdates, social security numbers, passport numbers, etc.

    We keep that personal information in house on our system with password protection. Jotform may want to look at adding a field that is password protected and can only be opened by the account manager(s). Much like the security Apple has put into their phones.

    I am currently shopping for a form app that is secure. It appears that many others are having the same issues with Jotform that I am having

  • Profile Image
    Answered on August 18, 2016 at 02:00 PM

    Unfortunately we can not allow you to collect credit card info on plain text fields. Like I mentioned from now on, submitted data from credit card fields will be replaced with # hash symbols. 

    If you do not want to have payment authorization set inside of your form, I can only suggest you to contact your users and to ask them to provide you credit card info over the phone, email of fax.

    Feel free to contact us if you have any other questions.

  • Profile Image
    Answered on August 22, 2016 at 03:02 PM

    I am in the same boat as cruisesetc, I have been successfully using Jotform for years for my cruise business. I am unable to use 'payment tool' as credit card numbers are manually processed by the cruiseline.

    It's a shame that now I must find an alternate form provider; jotform has been so good, but sadly this no longer works for my business model as I cannot call every single person who books for their credit card information.

    So sad and disappointed at the lack of appropriate notice.

  • Profile Image
    Answered on August 22, 2016 at 04:17 PM

    We have not allowed for the collection of credit card details for quite some time now.  I believe we updated our terms of use last December to reflect the policy.  We recently have become PCI compliant and as a part of the process were required to removed any stored credit card numbers from our system.  We did not have much time to do so and it required taking much more strict action than we had previously.  This obscured credit card data will remain and the policy is something we cannot make exceptions for and still remain PCI compliant.