How much personal detail would you send via standard email?

Associate
Joined
27 May 2003
Posts
1,626
Would you be happy to give the following over standard email?

Full name, address, DOB, NI number, driving licence details, full credit card details, copies of proof of address (through bills, bank statments) etc?

A legit UK holiday car hire company has requested this from me.
Have said I'd give my name and address and last 8 digits of licence along with the code for them to do the DL check on gov.uk website and would pay a deposit via BT or paypal. The rest they can see on the day.
Doesn't sound unfair does it?

Fraudsters dream getting hold of such an email IMO.
OK, they can get info regardless but why make it so easy for someone or is it just me flapping? :eek:

I don't know much about email encryption btw!
 
Soldato
Joined
18 Oct 2002
Posts
9,160
That's not secure but I suspect if you want to hire the car you'll have little choice but to follow their rules. I'm sure the other person at the end of the email is just doing what they are told and doesn't care if you hire the car or not.
 
Soldato
Joined
22 Nov 2006
Posts
23,304
No chance lol

In fact banks tell you NOT to send that kind of information in an email. The email is NOT encrypted and your also relying on the company to secure it at the other end, which they most likely aren't.
 
Permabanned
Joined
13 Apr 2017
Posts
969
Location
scotland
where are you renting a car, Syria ?

Most car hire companies are happy with name, and Credit Card for a pre paid booking.

Driving Licence and proof of address to be shown at pick up time.

NI number ? They can eff off on that one.
 
Associate
Joined
17 Sep 2010
Posts
1,762
Last time I hired a car they just asked me for my license, a deposit and proof of address.
Can't imagine why they would ever need your NI. There is only 3 places I would ever give that out, a new job, HMRC or the jobcenter.
 
Man of Honour
Joined
17 Oct 2002
Posts
50,384
Location
Plymouth
The firm is actually in breach of pci dss regulation regarding card payments IMO asking for that. Essentially they will be storing unencrypted card details on their email server :eek:

http://www.theukcardsassociation.org.uk/security/what_is_PCI DSS.asp

I wouldn't even contemplate sending that level of data via email, even encrypted email, because encrypted email only covers the transport, once it decrypted at the other end anything can happen with it.
 
Man of Honour
Joined
30 Oct 2003
Posts
13,229
Location
Essex
The firm is actually in breach of pci dss regulation regarding card payments IMO asking for that. Essentially they will be storing unencrypted card details on their email server :eek:

http://www.theukcardsassociation.org.uk/security/what_is_PCI DSS.asp

I wouldn't even contemplate sending that level of data via email, even encrypted email, because encrypted email only covers the transport, once it decrypted at the other end anything can happen with it.

S/MIME does cover the data at rest as well not that it really changes things.
 

233

233

Soldato
Joined
21 Nov 2004
Posts
13,500
Location
Wishaw
we get it all the time in work,

send someone a secure payment like or even better a link to our website and the next thing you know you have pictures front and back of their corporate credit card
 
Soldato
Joined
22 Nov 2006
Posts
23,304
Or give a fake NI number and use one of those pre-paid CC numbers, but don't put any money on it yet. What are they even going to do with the NI number? No one they call will give them any info about you.
 
Associate
OP
Joined
27 May 2003
Posts
1,626
Nice to hear the input!

Am down south and picking up a vehicle up north so they're not near me.
Seems innocent enough, just the lack of security for the request.
If it's their standard method then most customers must just accept it I suppose.

For all you know someone may print it out and have it sat on their desk for months. As for diving licence details, cant they use the DVLA service? https://www.gov.uk/view-driving-licence.

That's the site I was referring to.
You as the DL holder get a code and pass that and the last 8 digits of the licence to the hire company and they get access to your DL history. So your full DL and NI need to be sent,

Not replied to my email. Prefer this as if it's not written (or typed) it never happened! ;)
Maybe they won't as they see me as PITA customer. :D
 
Soldato
Joined
1 Mar 2010
Posts
21,781
For a previous job ~2011 ('hi-tech domain') the company used a European refeencing company and they expected you to send filled pdf form with personal biography type details by email, and seen the same with referencing companies for accomodation rental.

Rang them both and protested that they did not have a secure delivery mechanism, or provide a pgp key to send an encryped email, also said I could send a selff-decrypting email (and telephone them with a password) .... but this fell on deaf ears ... bunch of morons.
 
Soldato
Joined
26 Aug 2018
Posts
3,324
Location
Outside your house
where are you renting a car, Syria ?
You'd be surprised.

When we lived in NZ the bank said various personal info could be emailed.

Some companies said payments could be made by CC ("just email your card number with the 3 digit security code"...).

Oh and when we asked one hotel how our CC details would be stored if we paid with it over the phone - "we keep them on an excel spreadsheet at reception"...

Yeah, the concept of internet security isn't the same everywhere.
 
Back
Top Bottom