I made a purchase over internet on a secure website. The company then e-mailed a confirmation of the purchase, which included all of my credit card details, the number, exp date, security code, and card holder name. I'm agast they would do such a thing on an non-secure e-mail. I called and e-mailed the company and of course they are ignoring me. I had to cancel my card, then advise all automatic payment merchants of the new number. My question is, who do I report this to. There must be some regulations the are violating. The company is in Chicago, Il.

Thank You,

Elizabeth

You canceled your card only because of an email? Do you have evidence that someone actually got your account details and tried to use it? Remember that you aren't responsible for any charges made to your account that are fraudulent (as long as you report it within 60 days), so there really was no risk to you to simply wait and see if there was an issue or not.

As for security, most email systems are pretty secure - if the communication is encrypted using secure sockets (i.e. "https" in the email's URL) then the only issue is if someone breaks into your email account by stealing your password. But even then - if you've already deleted the offending email then that's not an issue.

To answer your specific question- no, I am not aware of any regulation governing transmittal of credit card information in emails.

Hi ebaines,
Thanks for your response. I know that my e-mail is not secure, and when I spoke to the credit card company they suggested I cancel my card.

There is no requirement that a encryption system be used, and some sites you pay on, are more secured than others. Even with that, no purchase system is beyond being hacked.

Next few emails are hacked, they would have to be looking for your email. I really find it hard to believe you would do that much since they merely emailed he details, seems very extreme and somewhat over worried about security.

Sydney: I'm not surprised that once you called the credit card company they suggested reissuing the card. It's painless for them and reduces their risk. The fact that it creates work for you without reducing your risk (since you didn't have any in the first place) is not their concern. It's good to be vigilant about things like this, but in my opinion there really was no need to call them.

This company did nothing wrong other than exhibit questionable business practices. So you tell the company you will never do business with them again.

But cancelling your card was a drastic step. You should, in this day and age, monitor your accounts carefully. If you see any questionable charges you report it and then make the decision to reissue.