Web Hosts and Your Sensitive Information

If I asked you if you would purchase from a shop which stored your credit card details, would you still do business with them? I am fairly certain that most people would hesitate, regardless of how good their service is. It also would probably make no difference to your opinion if I told you how securely this was stored (be it in physical form in a safe location or encrypted).

Some businesses actually do this and the web hosting arena is no different. Included below are types of private information which web hosts commonly store in their billing system:

  • Your control panel username and password
  • Your credit card information

The first point is far more common then the second. The average non – technical web hosting operation (believe me, they make up the majority of service providers) would not even consider this as a security concern. Let me use an analogy:

Many people hide a second set of keys to their household under a potplant or rock as to avoid being locked out. What if I were to tell you that your web host was doing the exact same thing but with access to your e – mail and files? This is because the web host in question assumes it is more convenient for the customer to login to control panel via their customer portal instead of accessing it directly. Is it really worth the risk of having every single customer’s control panel username and password revealed in the event of a security breach?

There is absolutely no reason for any web host to store usernames and passwords in their billing or portal areas. It’s careless. There must only be one copy of a username and password and that is on the server itself.

My next point concerns storing credit card information. There is only one instance where this argument has a leg to stand on but is still unacceptable in my opinion: Cloud Computing. Cloud computing allows for hourly billing and in such a circumstance it would not be possible for a customer to re – enter their unsaved credit card information to make payment every hour. There is a solution to this, though and that is to rather have these hourly billing customers make lump sum deposits to their account.

Many web hosting customers pay yearly for their service – is it really worth while storing their credit card information simply so that payment can be more convenient once per year?

Ask your web host if they store your credit card information and / or control panel authentication details. If they answered yes then point them to this blog post.

One comment

Leave a Reply

Your email address will not be published.