My question is not "why does Etsy ask for the last 4 of my SSN?" I completely understand why they are requesting that info. My question is, "why does Etsy think it is safe to transmit the last 4 of your SSN (and bank and bank card info) via UNSECURED email?"'

What is "standard" is that you don't transmit that kind of information over a gmail account. I had requested (redacted) statements from my bank and THEY won't even send a statement to me via email that only contains the last 4 of my account number. They cite the "insecurity of email" as their reason for not doing so. What do they know that Etsy apparently doesn't?

I had the same one, when I was locked out of my account

it comes as an actual e-mail from etsy,

it does not come through a message and e-mailed onwards

Excellent point and, yes, I think it is coming from Etsy (they responded to my help request) but you certainly need to vet it.

However, even if it is coming from a "reliable" source, my issue is not with providing this info to Etsy, it's the fact that I am being required to send it over a standard email account (mine) that has no extra protections. Email accounts are hacked all the time or intercepted during transmission, which is why it's been the standard for decades that you do not transmit sensitive information over email (and, yes, even the last 4 of your SSN are considered "sensitive."  If they weren't, why are they using them for authentication?).

You are only giving the last 4 digits, that's not sensitive

If you want to have a more secure e-mail you can, you could have set it up that way to begin with, however to change it, you will have to be verified, BEFORE you can change it.

otherwise that would be a wide open door for scammers. much less secure than asking for the last for digits

@CraftyCornishMaids Yes, I have no problem with Etsy having a verification process. That process itself is a protection and much appreciated. What's not appreciated is them using 1990's security standards for communication for that process.

ANY part of your SSN is sensitive, as far as most professional organizations are concerned (at least my bank, attorney, Realtor, accountant, etc...). If my bank won't send statements via email that simply contain the last 4 of my account number (and they actually sit in a position to lose money over a breach of banking info, unlike Etsy who doesn't stand to lose anything if my SSN is compromised) then that is very telling.

And, that is a good point - I guess I should presume that companies like Etsy will not respect my information or privacy and set up a Proton Mail account to begin with. Or, how about Etsy follows industry standards of all other reputable companies in the 2020's and refuse to ask for this type of information over email? Maybe they could set up a functioning help portal that allows you to communicate securely and upload files as needed for support tickets. Maybe they could actually make an effort to support their sellers, without whom they have no platform. Just an idea that will likely never be brought up at the Board Room table.

personally, I think that's overkill

I even have the last 4 digits of my bank account on supermarket receipts,

last 4 digits on my Nino wouldn't worry me.

If I was worried, then I would have a more secure e-mail and encryption in the first place.

I just think of all the hard copy tax forms that are sent back to the tax office in the postal service., which has full numbers of everything, including national insurance number, DOB, bank account, earnings, address, etc etc

Whatever security you think you should have, then you should ensure you have it on your end.

If you don't like the security companies have, don't use them, including your e-mail provider.

@CraftyCornishMaids You and I do have two different ideas of the world we would like to live in (and the one we actually live in) and that's great, as we are all entitled to our opinions.

I tend to have a higher standard for organizations and people that I engage with, versus taking on responsibility for that which other's should be doing.  It has served me well.  I do hold myself to those same standards and try to afford that same level of quality and respect within my business and as an employee (i.e. I would not intentionally ask for or transmit the sensitive information of others without proper authority and security). I plan to continue that approach as I don't see any signs that issues of information security are going to improve anytime soon.  However, society's tolerance for others having access to more and more information about us certainly will increase.  I will not be among those who look the other way or excuse it away.

I have worked in IT, in very secure industries,

basically, there are things we can do, to keep us safe from the general scammers, and the last 4 digits of a number is fine for that.

If you want higher security, online anything isn't secure for normal people, if someone wants to get to your stuff, they will,

also, selling online, we are treated as a business. I believe it is wise to think of it that way, so all my business stuff is separate from my personal stuff, and if you want a more secure e-mail system for your business, you can get one - but don't be fooled that it can't be hacked.

those in the usa can set themselves up with an ein, if they are that worried about ssn

of course I treat others data properly, and we have GDPR legislation to prompt us, for that. 

Thank you for your response. I tried Etsy chat support as well, hoping that I could give the info to them there, as it's probably more secure than my email but they would not take it and referred me to support via email.

As mentioned above, I have no problem with Etsy having the information. I have a problem with the unsecured communication channel they are demanding I use, especially in 2024 when we have secure portals, secure email, help portals that allow you to upload secure documents, etc. (I have used these many times when signing legal documents, etc.).  Also, I am more concerned about the last 4 of my SSN than the last 4 of my bank account.

@DigiDelights 

what could happen, if somebody knew the last 4 digits?

Could they figure out the rest too?

And then do what?

If you are very concerned, share your concerns with Etsy by replying to this email and ask them to replace this question with another question, as I said before, I was asked at least 10 questions, so they can surely offer you another one as well.

@AnnaleasFinest I'm going to skip the first 3 questions and just say that, as an experiment, we could all put our SSN's on our license plates and see what happens?

As far as your suggestion, I did reply several times asking for alternatives and was either ignored or told that I "failed the verification process" and that they "hope I understand" and, of course, that I should "have a fantastic day!" 

@DigiDelights 

I had to google SSN, because our system works differently.

Hoping you find a good solution.

Perhaps mark a moderator here to escalate your case.

Thank you for your response!

It seems as though my original question is getting lost and translated into, "why do I have to provide my last 4 of my SSN???"

That is not what I asked. Please re-read the question again.

I agree!  I have asked for a call and they either ignore my request or just keep routing me back to email. That's also what's so strange about the whole thing. I'm pretty confident I'm talking with Etsy but it still feels so scammy and, for sure, email is not the way to go. I'm shocked that this is now their standard!

You used to be able to work around the help area to eventually ask them to call you but it doesn't seem to work anymore, at least not for my account.

Yes!  Thank you!  Been meaning to set up a Proton Mail account and I think that is a good idea. Etsy was willing to accept the verification info via an alternate email (since the one attached to my account wasn't working) so I think I would be comfortable using Proton.

I am with you on those security approaches and I am NOT a Google fan either, for those reasons and more.

People are so lackadaisical about their data these days and then they wonder why they get piles of data breach notices in the mail (to be fair, many of those are coming from other sources but, still...). 

Thank you for that suggestion! So refreshing to see a few cognitive thoughts beyond the standard "just accept it" low-hanging fruit responses!

@DigiDelights    Give them a try!  Their user interface isn't quite as friendly as others, but it's OK once you get used to it a bit.  I ponied up for the paid version because I want to support their model of good, secure service at a very affordable cost.

So much on the web is free, but as they say, when the product is free, then YOU (and your precious data) are the product.

Think how much different social media would be if people had to pay, say, even $20 a year to maintain an account. I would pay that if there was no advertising, no data mining/selling, and effective and fair content moderation.  But as it is, I avoid most of it like the plague that it's become.