How much personal detail would you send via standard email?

[gort]

Would you be happy to give the following over standard email?

Full name, address, DOB, NI number, driving licence details, full credit card details, copies of proof of address (through bills, bank statments) etc?

A legit UK holiday car hire company has requested this from me.
Have said I'd give my name and address and last 8 digits of licence along with the code for them to do the DL check on gov.uk website and would pay a deposit via BT or paypal. The rest they can see on the day.
Doesn't sound unfair does it?

Fraudsters dream getting hold of such an email IMO.
OK, they can get info regardless but why make it so easy for someone or is it just me flapping?

I don't know much about email encryption btw!

 

[Diddums]

Mine? None.

Yours? Ev.er.y.thing.

 

[wedrum]

cant you just book online ? or like you said do the rest on the day.

 

[Adam]

That's not secure but I suspect if you want to hire the car you'll have little choice but to follow their rules. I'm sure the other person at the end of the email is just doing what they are told and doesn't care if you hire the car or not.

 

[iamdjdz]

I'd at least ask if you can call and pay over the phone, it's probably a little safer.

 

[Nasher]

No chance lol

In fact banks tell you NOT to send that kind of information in an email. The email is NOT encrypted and your also relying on the company to secure it at the other end, which they most likely aren't.

 

[Shocky-FM]

By email? No, definitely not.

If they're a legit company can't you goto them and complete the relevant paperwork there?

 

[Wizardskills]

There is absolutely no way I would send credit card details via email. For all you know someone may print it out and have it sat on their desk for months. As for diving licence details, cant they use the DVLA service? https://www.gov.uk/view-driving-licence

The fact that are asking for all of this information is very odd and would put me off doing business with them.

 

[Roland Butter]

where are you renting a car, Syria ?

Most car hire companies are happy with name, and Credit Card for a pre paid booking.

Driving Licence and proof of address to be shown at pick up time.

NI number ? They can eff off on that one.

 

[Freakbro]

I've had customers email full credit card details over before *face palm*

 

[omnomnom]

Breaking PCI compliance I believe so no, I wouldn't and no they shouldn't ask.

 

[stopper]

Last time I hired a car they just asked me for my license, a deposit and proof of address.
Can't imagine why they would ever need your NI. There is only 3 places I would ever give that out, a new job, HMRC or the jobcenter.

 

[Dolph]

The firm is actually in breach of pci dss regulation regarding card payments IMO asking for that. Essentially they will be storing unencrypted card details on their email server

http://www.theukcardsassociation.org.uk/security/what_is_PCI DSS.asp

I wouldn't even contemplate sending that level of data via email, even encrypted email, because encrypted email only covers the transport, once it decrypted at the other end anything can happen with it.

 

[Vince]

The firm is actually in breach of pci dss regulation regarding card payments IMO asking for that. Essentially they will be storing unencrypted card details on their email server

http://www.theukcardsassociation.org.uk/security/what_is_PCI DSS.asp

I wouldn't even contemplate sending that level of data via email, even encrypted email, because encrypted email only covers the transport, once it decrypted at the other end anything can happen with it.

S/MIME does cover the data at rest as well not that it really changes things.

 

[233]

we get it all the time in work,

send someone a secure payment like or even better a link to our website and the next thing you know you have pictures front and back of their corporate credit card

 

[Nasher]

Or give a fake NI number and use one of those pre-paid CC numbers, but don't put any money on it yet. What are they even going to do with the NI number? No one they call will give them any info about you.

 

[gort]

Nice to hear the input!

Am down south and picking up a vehicle up north so they're not near me.
Seems innocent enough, just the lack of security for the request.
If it's their standard method then most customers must just accept it I suppose.

For all you know someone may print it out and have it sat on their desk for months. As for diving licence details, cant they use the DVLA service? https://www.gov.uk/view-driving-licence.

That's the site I was referring to.
You as the DL holder get a code and pass that and the last 8 digits of the licence to the hire company and they get access to your DL history. So your full DL and NI need to be sent,

Not replied to my email. Prefer this as if it's not written (or typed) it never happened!
Maybe they won't as they see me as PITA customer.

 

[jpaul]

For a previous job ~2011 ('hi-tech domain') the company used a European refeencing company and they expected you to send filled pdf form with personal biography type details by email, and seen the same with referencing companies for accomodation rental.

Rang them both and protested that they did not have a secure delivery mechanism, or provide a pgp key to send an encryped email, also said I could send a selff-decrypting email (and telephone them with a password) .... but this fell on deaf ears ... bunch of morons.

 

[adidan]

where are you renting a car, Syria ?

You'd be surprised.

When we lived in NZ the bank said various personal info could be emailed.

Some companies said payments could be made by CC ("just email your card number with the 3 digit security code"...).

Oh and when we asked one hotel how our CC details would be stored if we paid with it over the phone - "we keep them on an excel spreadsheet at reception"...

Yeah, the concept of internet security isn't the same everywhere.

 

[Terminal_Boy]

NI number and proof of address? What are you renting, Lewis Hamilton’s F1 car?