Do NOT Put Your Gift Recipient’s Email Address in an Online Order or It May Associate YOUR Credit Card with Them!

Do NOT Put Your Gift Recipient's Email Address in an Online Order or It May Associate YOUR Credit Card with Them!
Share the knowledge

If you are ordering a gift for someone online, and most especially if that website uses the Shop app from Shopify, do not, Not, NOT put their email address as the email address associated with the order, as when you complete the order Shop “helpfully” will add YOUR credit card to THEIR Shop account associated with their email address!

That’s right, Shop by Shopify apparently runs solely by email address, and simply adds your credit card to whatever Shop by Shopify account is associated with whatever email address you put while creating an order on a site that uses Shop by Shopify!

How do we know? Because it happened to a friend of ours who created a gift order coming to us!

Here’s what happened: Our friend wanted to send us a gift (what a lovely gesture!) Because it was something being shipped, and with tracking, our friend (let’s call her Joan) put one of our email addresses (let’s call that test@example.com) in the email address spot, so that we would get the tracking updates.

Got it? Joan was ordering us a gift online, and she put our email address, test@example.com, in the email address space so that we could get the shipping and tracking updates.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

So far so good.

However, a few days later we went to place an order online – a completely unrelated order, at a completely unrelated website – and when we went to check out, we dutifully input our email address, test@example.com, and immediately received a popup from the Shop app saying “Hi Joan! (Continue with Shop)”

HUH???

We immediately went to the Shop by Shopify website to log into the account associated with test@example.com. Nope, no go, we had to download the freaking app.

So we downloaded the app, logged in, and went to the payment methods section, and this is what we saw:

Do NOT Put Your Gift Recipient's Email Address in an Online Order or It May Associate YOUR Credit Card with Them!

That’s right – JOAN’S CREDIT CARD WAS NOW A PAYMENT METHOD IN OUR ACCOUNT!!

In fact, it was the first payment method in our account, meaning what if we hadn’t caught it, when we completed our order Joan’s credit card would have been charged!

And what if we had caught it – but were bad actors who didn’t really care? We could have had a wild spending spree on Joan’s credit card, and guess what? Would she even have been able to recover that money? Maybe not, because she is the one who added her credit card to our account, so it wasn’t technically fraudulent!

There are a host of reasons that you should never give someone else’s email address out for any reason (at least not without the consent of that person), but this is a big one.

Of course, in our mind the ultimate responsibility is on Shop by Shopify! What a huge privacy and security hole. Shame on you, Shop by Shopify, this should never have been allowed to happen.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Get New Internet Patrol Articles by Email!


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.