Skip to content
Naked Security Naked Security

Advent tip #12: Don’t email your credit card details!

If you're in search of that perfect gift, but are having trouble paying for it, you might be tempted to email your card details...

During the holiday season, you, along with many other people, may use your credit card more than usual.

You might well end up buying various unusual items while you’re about it, by way of getting that perfect gift – something sought-after that you can’t just walk into any old shop and buy, or order online in the normal way.

And if you and the seller can’t figure out a conventional way to handle the payment, you may be tempted to fall back on emailing them your card details so they can process the transaction at their end.

It’s easy to convince yourself that “it’ll probably be OK.”

After all, if you’ve ever done a credit card transaction over the phone, you’ve taken a calculated risk:

  • What if the other end writes the information down and doesn’t securely dispose of the paper once they’ve used your data?
  • What if they process the transaction on their own PC, unseen, untrusted, and perhaps unpatched?
  • What if they just type the data into an email to a third party anyway?

All of those scenarios are worth avoiding, but at least in the case of the first two, you can ask the seller how they plan to process the transaction, and decide whether to risk it on that basis.

On the other hand, no matter how much you trust the seller, you can’t reliably control an email once it leaves your email program or your browser.

That email could end up in the hands of cybercrooks, even if the seller handles it with care once they’ve received it.

Remember: if in doubt, don’t give it out!

Images of Christmas tree and Advent calendar courtesy of Shutterstock.


I must admit I chuckled when I saw the title of this article. Didn’t the head of one of the US security agencies recently get his AOL account hacked, and it was discovered he had sent his Social Security number in an e-mail. I teach computer security classes and say that an e-mail message is like a postcard, anyone who can get to it, can read it, except that you can never really destroy it with any certainty.


Don’t do it is a fine recommendation but if you have to do it, you should use limited balance (often pre-paid) credit card. This is the type of card I use for online purchases and for Xbox and iTunes accounts. Limited risk!


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!