Contact Us Today!
One of the greatest things about websites is how they open up lines of communication between business owners and their customers. Contact Us forms have been a staple of websites since the earliest web pages were being built and have allowed for customers to submit everything from raving compliments to simply inquires. Forms started off simple enough; a name, email address, and a short message would be gathered by a website and sent via email to someone on the other side to read and respond to.
Though you may often still find simple contact forms like that today, you’re just as likely to run into multi-page employment applications or behemoth forms used for gathering a wide assortment of information from customers. In addition to the traditional email this data is often stored as a semi-permanent record for future reference in the website’s database.
Website Forms and Sensitive Data
Online forms are capable of receiving any kind of information you can imagine which can lead to some tricky situations if you’re not careful about what kind of information you’re asking for. When building an online form consider the 3 biggest areas where that information can be stolen.
MYTH BUSTING: An SSL is all you need to collect sensitive information from customers on your site. TRUTH: While SSLs are an important part of the equation, there are many other things to consider.
First, the email
If you are collecting sensitive information such as social security numbers, birth dates, or medically related information, the first thing to consider is; are you emailing any of this information to someone? Many forms will send the filled out form data via an email to designated email addresses often configured during the creating of the form. This can open up huge gaps in the security of that information.
For example do you connect to your email provider using an SSL encrypted connection? Is the email being sent encrypted? What about your computer itself; can you guarantee that no one will ever have unauthorized access to your computer and thus your email? What about when you get a new computer, are you properly destroying your old hard drives? Simply deleting files is often not enough to prevent a data breach. Storing any kind of sensitive information is a big responsibility and for the safety of your customers and your business it’s not something that should ever be taken lightly.
Second, the storage
Most modern web forms are built with some kind of database based storage system to keep a record of the data associated with every form submission. Much like storage on your local computer (we talked about above), storage of sensitive data at the website itself must be handled properly. Ensuring that your database is encrypting any sensitive data with a industry standard level of encryption is paramount.
This type of feature is not something you often find on typical form generating plugins, so make sure what every tool you’re using explicitly states that it is encrypting your customer’s data when storing it. At a minimum the encryption should be at least 256-bit.
Third, the transmission
If your collecting any kind of sensitive information your site must have an SSL installed and active. SSLs create a secure connection between a website and the user. Any information exchanged between the two, in this example a form submission, is encrypted which prevents someone from intercepting it while it’s in transit. SSLs also go a long way in reassuring your customers and let them know that you take the security of their information seriously.
While being able to accept sensitive information like credit cards and social security numbers via a website’s online form can go a long way in increasing the overall usefulness of your website, it’s extremely important that you know how to do it safely. One breach of data can cost you and your customer financially and permanently damage your reputation. Trust between a business and its customers is vital, and once broken may take years to restore-if ever it can be.
For securely collecting sensitive data we often recommend a company like Formstack. If you’re thinking about collecting any kind of sensitive information be sure to have a discussion about it with your Vivid Image account director who can offer insight and advice on how to move forward and what your best options are.