A few nights ago I ordered dinner from my favorite Thai restaurant. Having a cold, I needed spicy tom kha gai to clear my sinuses and soothe my sore throat. Having a toddler, who is also under the weather, I needed that food delivered to my door step.
After ordering via the surprisingly user friendly website I received an email confirmation of my order. I glanced over the email and nearly archived it when I saw what literally made my jaw drop. My credit card number. Not XXXX XXXX XXXX ####. The whole thing, in clear text. And what else? The CVV code and the expiration date. All of this was sent unencrypted, over the internet for everyone to see.
I was shocked and I was exposed. My first thought was to send a stern email to the restaurant owner explaining that their systems are highly susceptible to fraudulent activity and that if the card brands find out about this, they're going to be in serious trouble! But that kinda makes me sounds like a crazy person.
I have to help. I have a responsibility to help (and not just because they are one of the best Thai restaurants in the LA/Orange county and I cannot lose them) but because I do not want a merchant who runs a fabulous restaurant risk their passion and livelihood.
So what do I do? No, seriously, what do I do? What would you do?