How to safely send credit-card information via e-mail

• When you send an e-mail, you have no control over who handles the message, how many copies are stored and how long those messages get stored.
• Some mail services like Gmail and Yahoo automatically encrypt the transmissions (https:) between you and their servers.
• Have a question? Send them to AzCentral@DataDoctors.com.

Question:

What's the best way to send credit-card information via e-mail when a business contract requires me to fill out a form and send it?

Answer: In general, anything you send via e-mail is plainly viewable by any mail server that handles the message all along the way (and any individuals that have access to those servers), so sending a regular message with sensitive information is not recommended.

When you send an e-mail message, you have no control over who handles the message, how many copies are stored along the way and how long those messages get stored on mail systems along the way.

Depending upon how and where you send the message, there may be three or four mail servers that take part in delivering the message.

Some mail services like Gmail and Yahoo automatically encrypt the transmissions (https:) between you and their servers, but once it goes to another mail server that does not, your message is back to being in plain view.

If you use Gmail and your recipient uses Gmail, Google keeps your messages encrypted the entire way as it moves from your machine through its various systems and data centers, but it creates another point of exposure.

If your e-mail account ever gets compromised, all of those sensitive messages and attachments would be a treasure trove for a hacker. If you're going to be realistic about security, it's much more likely that your account will be compromised than it is to have your message randomly read by a third party.

If a hacker compromises your e-mail account, all he has to do is scan your sent messages for every sensitive document that you've ever sent in one place, so that's another reason to avoid sending sensitive information and documents via e-mail.

If you've already sent a lot of sensitive information via your e-mail account, you might want to take a few minutes to scan through and delete those messages to avoid this scenario.

There are a host of methods for encrypting your e-mail messages using the PGP (Pretty Good Privacy) protocol at www.pgpi.org, but for most people, it's too technical and is better suited to those who need to exchange information on a regular basis.

If you need to send something securely to a person only one time, finding a less technical and more convenient method of getting the information to her makes more sense.

If you both still have old-school, non-computerized fax machines, that certainly keeps your information off the unsecured Internet, but be careful with e-mail-based fax services, because you're right back in the same boat again.

If you both have an account on Google Drive (google.com/drive), DropBox www.dropbox.com or any other of the numerous file-sharing services, you can share the document instead of sending it via e-mail.

If you don't know what the receiving party has or you have never used a file-sharing service, you can look to web service such as https://www.sendinc.com to get the job done.

With Sendinc, there's nothing to download, install or set up; the basic service is free. It allows you to send up to 20 encrypted messages a day with a maximum size of 10Mbs.

All messages are sent to your recipient using military-grade security, and the free service will automatically delete the message after seven days.

If you want more control over when the message gets deleted or you send a large volume of sensitive documents and messages, the Pro account costs $5 per month and increases your sends to 200 per month and up to 100Mbs in size.

Colburn is founder/CEO of Data Doctors. Send him questions at AzCentral@DataDoctors.com.