Forum

In my recent purchase from DynaDot I was very shocked to see that the order processing & confirmation emails  all contained, unencrypted, the first & last four digits of my credit card, i.e. 8 out of the 16 digits, and complete billing address information.

This is far more information than I would ever want to be divulged over email. Anyone with a technical understanding of email knows that unencrypted email is effectively about as secure as a postcard, and, worse, often cached/stored on whatever mail servers it travels through. And this is sufficient information to give identity thieves and criminals a really good start.

As someone conscious of the (increasingly likely) possibility of identity theft and years of associated effort required to fix it, I'm very disappointed that DynaDot is careless enough to make this mistake. I certainly hope that they have taken more care in designing other parts of their infrastructure, from storing CC info to performing security audits of their implementation.

To add insult to injury, they also sent me a follow-up email requesting confirmation of my card details, suggesting that I fax or email(!) back a photocopy of my credit card.

I am now in the process of finding another registrar and may decide to have my bank issue me with a replacement card. Needless to say, I will not be doing business with DynaDot again without a sincere apology and assurance that they have fixed this hole and performed an audit of other places they store/use CC info.

First, thanks to the Dynadot team for taking the issue seriously and working quickly to resolve it (although the 4 digits + billing still doesn't make me feel completely safe). Good to know about the prepay option -- I'd probably use that in the future rather than have any CC details at all being sent over email.

BTW, I hope that your card verification email has also been updated to clarify that sending a fax copy is far superior to an email attachment, for the same security reasons.

Will you be supporting Google Checkout any time soon? It addresses several of the privacy & data security issues in this thread (and, I believe, may even save DynaDot a bit on processing fees).

We did update the credit card verification email to indicate that fax is more secure than email.

We just created a thread about payment methods. We would be interested in your thoughts on the matter:

http://www.dynadot.com/resource/forums/topic_view.html?p_id=85

A number of merchants (such as GoDaddy, Dotster & NetSol) request the last 4 digits of a credit card number, in order to authenticate you when you call them up. And when you provide it to them, they discuss ANYTHING regarding your account with them. This dubious authentication method is their their problem, of course. But DynaDot isn't making matters any better by providing the last 4 digits of a credit card number in each order confirmation EMail -- in free and open text, where it can be stored on any server it passes through, or viewed by anyone with access to your PC.

I just looked at the last 5 or 6 EMails confirmations that I received from merchants. None of them included the last 4 digits of a credit card number in their EMail, except for the DynaDot order I just placed.

Really now! Shouldn't the 4 digits just be removed from order confirmation EMails? Can't we all get along? <g>

You make some good points.

We could remove the last 4 digits of the card number from the order emails. I will ask around on Monday, and see what people think.