This Pizza Joint Sent My Credit Card Info Around Via Email

Andrew blogs about how he ordered pizza online and it came with an unwanted topping — fraud risk.

He accidentally discover over the phone that the place had discovered his credit card info on the company’s email — a violation of Payment Card Industry (PCI) standards.

Here’s how he found out:

Caller: “This is Joe from the local pizza place, calling to confirm your order”.
The order and delivery location was confirmed.

Caller: “And how do want to pay for this?”

Me: “Um, well I just entered all my credit card info into your website like I usually

Caller: “oh”. A moment of pause. “Oh I see your credit card info now in the email.”

Me, with a definite tone of anger: “My credit card was sent to you in email?!”

Caller: “um, I’ll get that pizza delivered ASAP.”


Andrew is distressed that he knows of no way to report the company or alert others to the security risk. Any suggestions?

How does a consumer report PCI non-compliance? [360 Security]
(Thanks, Wendy!)