Personal Info in Emailed Bill

My emailed RW bill contains my name, address, phone number, credit card name, last 4 digits of the credit card and the amount of my RW bill. --just TOO much personal ID that does not need to be sent out every month to be sifted and snooped by the email providers and hackers.
Emails are not private, Emails are hacked, Emails are not secure.
The RW bill simply contains too much Personally Identifying Info which is unnecessary. Our emails are unique and one of a kind and therefore should be sufficient for billing, if not assign an ID number which could be the last 4 digits of the credit card. The major credit card companies do not contain such detailed Personal data in their monthly statements, why the need for RW to reveal and release this data each month?
We know we have monthly RW bill and We know which credit card we use to pay it, We know our Address, We know our own name and We know our phone number --why have this exposed every month?
So I am hoping you are interested in joining forces to compel RW to curtail the use of our personal data in their monthly billing?

9 Likes

An email account can and should be secured by a strong password used for nothing else but that email account. Additionally, some email providers (Gmail as one example) offer multi-factor authentication. That said, I do agree email in transit is generally not secure. It might be best thought of as sending a postcard via snail mail.

Your bank or credit card issuer emails your statements? Mine don’t and I wouldn’t continue doing business with them if they did. All I receive via email is what amounts to a note saying my statement is available online at the bank’s secure website. I then sign into my account at my bank’s secure website. One should never click a link in an email purportedly sent by one’s bank. Even if the email turns out to be legitimate, it’s bad security practice.

Bottom line, I think you have a point. I would encourage Republic to consider following the practice most banks do (send email notice but one signs into their account via a secure website). For those wondering, Republic’s online account portal is a secure website using industry standard encryption.

4 Likes

I support this.

2 Likes

You may know your billing/line information, but not all people do. Believe me when I say that. Many members get confused about billing issues–especially when multiple family members have Republic accounts. This is one of the things that can help them keep accounts/lines straight.

Additionally, if RW were to remove this information, members would start reaching out for a statement with this information so they can use it for various purposes.

2 Likes

I support the suggestion that RW publish statements securely on the website and then email a notice to members that statements are available. Great observation, @birdphoneblue!

4 Likes

FWIW, I have a gmail account that my trade association, IEEE, forced on me. They went from email forwarding to gmail as an upgrade. IEEE told me if I didn’t like it to stop using the account.

A while back I read an article on how to retrieve all the information Goggle has on you. I did so. One of the items was a ZIP file with every ecommerce transaction I’d ever done. The date, the vendor, what I bought, how much it was. My name wasn’t on it. This is called aggregating data, and it’s legal.

So this is another reason Republic should put as little information in their emails as possible. I noticed Amazon has stripped out all the information about your purchases except the price.

2 Likes

I support. Minimum personal details. Other than telephone numbers and name eliminate other details

2 Likes

I have some serious and long complicated passwords for most of my electronic communications but once I have opened my Spectrum e-mail everything sent is pure plain text so I see the OP’s concern.

1 Like

I also support minimum personal data. However, I recommend just first name, last initial and just the last four digits of the telephone number. If RW would consider it necessary, then include the last four digits of the credit card also. I believe we all already know our street addresses and which credit card we are using for our accounts.

While some email providers offer multi-factor authentication, which is good, as it makes it extremely difficult for bad actors to break in, that does not stop Gmail and most other well-known email providers from having full access to the information in your emails. It’s not just your emails, but also your attachements (PDFs, Word documents, etc.) AND your images (pictures, etc.) they have full access to.

From the Restore Privacy website:

  • Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.

  • Advertisers have been allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”

  • Yahoo has been caught scanning emails in real-time for US surveillance agencies.

Also, in March, the big news was the ease with which hackers were able to compromise thousands of Microsoft Exchange email servers.

I strongly urge everyone to read this article.

You are correct, the majority of email providers use TLS 1.2 or 1.3 encryption to encrypt your emails while in-transit. While it’s somewhat decent encryption, it isn’t the best encryption out there. However, once they arrive at their destination, they are left unencrypted on their servers.

How do we get RW on-board with eliminating the Personal data in the monthly billing?
All good points made here and good to see, so how do we make this change happen?
A BIG thank you to bsquared, ceedee, sarmadouglas, rolandh, craigw.vkuxs3 and davidd.ak078j
To ravenrgg: excellent point: “all the information Goggle has on you. One of the items was a ZIP file with every e-commerce transaction I’d ever done”

We need to move away from the concept that the problem and solution is having a Strong Email Password. A ‘strong’ password does not necessarily prevent hacking, snooping or sifting.
The password isn’t the entry point. This is far more sophisticated than a ‘strong’ password.

The hacking and vulnerability lies in areas beyond the user’s control: the transmission (from point A to point B) and email deletion –emails aren’t truly deleted, they are stored somewhere. A deleted email is not permanently erased, it is stored and vulnerable to a hack, snoop and sift.

Hackers get in using a weaknesses or compromised software and/or storage area. They are not getting in through the ‘front door’ with a password hack. And fancy-sounding multi-factor authentication makes using a front door entry more difficult But, again, they aren’t using the front door they are getting through the back door of vulnerable software, cloud, etc points of entry. Anyway you put it, strong passwords and multi-factor authentication are attempting to fix the wrong end of the horse. The point is RW is publishing our sensitive data on a regular monthly basis nicely packaged with a bow on top.

Do note, Trackers are on emails, DuckDuckGo has a beta email system that will wipe email trackers before & after the email is delivered & received. What are these Trackers doing with the personal data on our RW bill.?.?.?.

Regarding mb2x comment: “You may know your billing/line information, but not all people do…Many members get confused about billing issues–especially when multiple family members have Republic accounts. This is one of the things that can help them keep accounts/lines straight. Additionally, if RW were to remove this information, members would start reaching out for a statement with this information so they can use it for various purposes.”

What solutions can you offer to members who “get confused about billing issues”?
Define how many members have difficulty understanding their monthly bill.
Would you be willing to write a step-by-step article on billing to assist them?
What, exactly, in detail, are the issues that would ‘confuse’ a member should RW remove a member’s name, address, credit card name & digits, and replace it with the last 4 digits of the phone number to use as a billing ID?
Take another look at bsquared’s solution: “RW publish statements securely on the website and then email a notice to members that statements are available.”
What and where is the problem with “members would start reaching out for a statement” and the second part of your sentence “ if RW were to remove this information, members would start reaching out for a statement with this information so they can use it for “’various purposes.’”

Would you please consider the “various purposes” hackers will be using our name, address, phone number, credit card name & digits and the dangerous impact upon all members? For the members who “get confused about billing issues” why is the concern and risk to every other member unimportant and deemed irrelevant?
And to take it a step further, if “billing issues” are a hurdle to figure out, are you aware of what it takes to repair credit card theft or correct identity theft? Repairing credit card & identity theft can take years of letter writing, phone calls, mountains of paperwork, can affect your employment and housing, auto insurance and may ultimately require hiring an attorney. It is just endless what can happen and why risk our private info and safety? This is a very serious issue.
Please take a look at the “Mind Your Own Business Act” sponsored by the Oregon Senator Ron Wyden who introduced privacy legislation: “Mind Your Own Business Act” to create the strongest-ever protections for Americans’ private data.
So back to how do we get RW’s attention regarding this matter? How do we keep this topic on top of the forum list? Thank you to each of you.

Hi @birdphoneblue,

Thanks for bringing your concern about the amount of private information in your bill to our attention. I agree, there’s a lot of info in the invoice, and I understand the concern about both the insecure nature of e-mail and the possibility that certain e-mail providers may not be above scraping such information in order to somehow monetize it.

Please understand as you read this, that I am making no promises. However, we are at an interesting crossroads as we are working closely with our colleagues at DISH to integrate certain systems, and there may be an opportunity somewhere in this process to update our invoice template.

What I’d like to ask of those who have chimed in on this topic, and even others who may be watching it with interest is that you share a screenshot of an example billing statement you currently receive that you appreciate as you see it as having the perfect combination of the information you need and the privacy you prefer.

If your sample invoice does contain some private info, please be sure to redact that info before sharing the screenshot.

I look forward to seeing some examples and bringing them to the appropriate teams for consideration.

I’ve edited out my last name and the last 4-digits of the payment method.

Last name, address, order number and 7-digit phone number redacted.

I wouldn’t characterize either as perfect but they do contain a lesser amount of personal info. :slightly_smiling_face: My preference would be not receiving an email invoice at all.

Mobi sends a reminder via text message that payment is due with no personal info. Tello doesn’t send a reminder. My preference would be to receive a reminder via either email or text message though I suspect many folks would prefer a text message that payment is due. Once payment is made, I’d prefer either an email or text message letting me know payment was received rather than an actual invoice. Then, as with my bank, if I want to see the invoice/statement, I sign into a secure website.

Just to be clear and not set anyone’s expectations too high, the focus of this fact-finding mission is improving the e-mail template, not overhauling the notification methodology. Such an overhaul would be an entirely different request, with a far greater scope requiring the work of additional teams and going far beyond the opportunity that may be at hand.

Thank you for the examples of other invoices. It looks like Tello provides nearly as much info as we currently do.

1 Like

Last call for example screenshots! (Please!)

I couldn’t find an example in the few minutes I looked, but I agree that removing the physical address, deprecating the phone number to the last 4 digits, and possibly removing the credit card info would help. I could see leaving the last 4 of the credit card as I’m sure a lot of people forget what card they’re using.

Personally, I would prefer just having the total amount charged and the date with a link to the full details online. However, I suspect the less savvy RW customers may want the email details so they don’t have to go online to figure out the details.

Here is an edited sample from my craptastic internet provider:
Statement

1 Like
Message an
Expert customer