“Secure Web Forms” is an EmailMeForm blog series that will guide you on how to collect sensitive information securely online.
Data breach.
For the past years, we have seen explosive news about this. Here’s a bubble graph from “Information is Beautiful” of the world’s biggest data breaches over the past 2 years.
Yes, you can see familiar apps that you’re using everyday—they’re not bulletproof from these things.
Here at EmailMeForm, we’re doing the best we can to keep your data secure. We’re educate our users on how to create secure online forms for websites and advise them on which precautions to take to protect their form data.
Included in these precautions is keeping form fields that collect sensitive information masked or encrypted.
But, which should you do? Mask or encrypt? Let’s figure out what’s the best thing for you to do.
Let’s define them first
We know that these two things give an extra layer of protection of your data, but how exactly? Okay, let’s learn this first.
Masking is hiding original data and replacing it with similar-looking, but fake data.
Think about it like putting an invisibility cloak on your data. Your data is unchanged underneath, it’s just not seen by unpermitted people.
Encryption is the method wherein any type of data is converted from a readable form to an encoded version, which can only be decoded by another entity.
It’s like casting a spell on your data so it will be transfigured into something else. But it can be turned back into its original state when you know the counterspell, err, the decryption key rather.
Okay, so if this Harry Potter magic reference didn’t clear the technical distinction up, read on.
Masked vs. Encrypted Data In Real Life
Now that you have an idea of how these two data security techniques differ from each other, let’s see how a masked and an encrypted field behave when used on your forms.
What effect do they have on your data?
Masking a field on your forms will only replace the sensitive data as asterisks (** ** **) in the notification email. So instead of a birth date, for example, you’ll only see “ ** / ** / ** ” in the email. You can still view the data in your Data Manager.
Encrypting a field, on the other hand, will make the entry in that field absent in submission emails and the data is stored with encryption. You can only view the data in your Data Manager. However, they can’t be searched or filtered in Data Manager. They’re only viewable.
You also have to remember that once you have encrypted a field, you cannot remove the encryption later.
When to use which?
Let’s not make this one complicated. Down below are lists of applications that are appropriate for each.
Use Field Masking when…
✔ ️Testing sensitive data on sensitive projects
✔ ️Developing applications or building program extensions
✔ ️Representing production data in a test environment
Here’s one application: Call center operators cannot view certain personally identifiable data (PID) like ID card numbers on their terminal screens, depending on their allowed security permissions.
Use Field Encryption when…
✔ Protecting files on a local, network or cloud drives
✔ ️Making sure data is safe when transferred via networks
✔ ️Protecting data from breaches
So, if you want to tighten the security measures on your form and ensure secure form submission, go with field encryption.
In terms of the security, encryption is at a higher level compared to masking.
💡 Pro Tip: Decide early on if you want to encrypt which data. And encrypt it immediately after the field is added to the form. Once you have saved your EmailMeForm form, a field cannot be encrypted.
If you need to encrypt a field after the form has been saved, you can do it by:
- Duplicating the field you wish to encrypt.
- Encrypt the newly duplicated field.
- Don’t delete the old field. Just set it to be viewable by admin only.
It’s important that you don’t delete the old field if you still want to save all the data that the field has collected before. This way, you can still go back to your Data Manager and view the data.
Our recommendation is to use both masking and encryption for a higher level of data security. Apply both to your form fields for extra secure forms.
What fields can they be applied to?
They both can be applied to the fields below:
- Number fields
- File uploads (documents, photos, audio, etc)
- Digital signatures
- Any single line text
But for the following fields, only masking is allowed:
- Name
- Emails
- Addresses
- Phone numbers
How to apply them to my form fields?
Just click on the form field that you want to mask or encrypt and check the appropriate boxes.
Can I use data encryption when gathering credit card information?
Well, in a way, you are protecting the credit card information, but not totally.
There is a special rule when collecting credit card information online—the Payment Card Industry Data Security Standard (PCI DSS) or simply PCI.
PCI requires entities to follow a set of guidelines when collecting, storing and transmitting these sensitive data online.
So if you’re gathering credit card information online,
encryption alone doesn’t guarantee safety.
And even if you turn SSL on, that wouldn’t be enough.
You can reach out to our customer support team if you have specific questions about collecting sensitive information, especially credit card numbers on your form.
Moreover, here are more security-related EmailMeForm articles:
- Create Online Forms That Help You Meet GDPR Compliance with EmailMeForm
- What is GDPR and How to Prepare Your Business in 6 Steps
- Smart Captcha to Take Over Google and Your Forms
- Tips on Collecting Sensitive Data
Aiza Coronado
Aiza is a Content Developer and Marketer at EmailMeForm. She easily gets upset when random dogs don't bark back at her hello's.
