On Thu, Jul 08, 2010 at 12:27:42PM +0100, Chris Jack wrote: [...] > It's a long time since I sent credit card details by email and whilst I > think it is obviously a very bad thing... > If you have to do it, can I suggest you try to avoid putting the whole 16 > digits in "1234 5678 1234 5678" style format as this would be a very easy > thing to parse for. Rather think up something like:
An unencrypted credit card number sent over the Internet is highly unlikely to be compromised while in transit. There's just too much other traffic and it's too much effort while there is lower-hanging fruit. The real risk here is that the hotel apparently doesn't have a clue about security of credit card numbers. For example, they may just print out the email, and then shuffle over to reception to enter the number into their PDQ machine. The printout quickly gets lost in the pile of other paper clutter there, for any passing scrote to help themselves to. Obfuscation won't help you there.