Critical Security Update: Update Forms with Credit Cards, SSNs, PWs

Important: If you have #e-Sign forms with credit card numbers or government IDs (SSN, etc), it is important you use the specialized fields designated for these.

These fields are new as of February 2020.

The data within them will be…

  • Hidden in PDFs sent via email, (starred out)
  • Hidden in email data to the form-owner
  • Encrypted at the database level in a different way than other data.

The data within them will be *** out in transit (when the PDF is emailed). It is critically important that credit card numbers and sensitive data is NOT included in PDF attachments to email, as this is a security risk to the person who signs it.

Most if not all users are on secure emails (SSL / TLS), however, you cannot guarantee the person filling in your form is.

For that reason, we’ll soon dispatch a PDF receipt as usual, but credit card and SSNs (all gov IDs including Canada, etc) will show just the last few digits, with the rest showing as *.

For the form owner (you?) / subscriber, you will need to one-click-login to see the PDF with the full info. As long as you are logged in, you’ll be shown the full data.

We are in the early stages of working on PCI compliance. Sensitive data such as credit cards will be encrypted at the database level, and the encryption keys unique to every user. We take security seriously, and our growth has resulted in outdated policies we are now fixing.

What’s needed from you:

If you have any forms that include…

  • Government IDs such as Social Security Numbers
  • Credit Card numbers
  • Passwords to some external systems

…please contact us to update your forms, or use the shortcode generator to replace these fields immediately.

Was this article helpful?YesNo
Ah, sorry to hear this. We'll look into updating this item.
What could we do to improve this?