contact merchant button
Remove the Contact Merchant button from online invoices or allow the business to change the reply email to the business email, not the user email.
If a customer uses the 'Contact Merchant' button on an invoice, the reply email is sent to the individual user login email address and not the reply email address that has been specified in the business settings.
This is a breach of data protection and needs urgent attention.
If a customer uses the 'Contact Merchant' button on an invoice they are unaware that they are sharing their data with an individual's email address and not the business email address.
If a customer chooses to respond to an invoice by using the 'Contact Merchant' button and give their credit card details to pay that invoice in their response, then that information is not protected. As a business, we have to certify each year that our card payment systems are robust, but we cannot guarantee that a customer will not use the contact merchant button to send us payment information, even if we ask them not to.
We should, at the very least, be able to switch this function off.
Xero, you need to get a grip on this one and not say this is something you are not looking at at the moment.
You are breaching the data protection act by not allowing a business to prevent personal customer information being shared with people who it shouldn't be shared with.
Denise Bannister
shared this idea
Hi 👋 your idea is being looked into by our Community team. We'll be in touch soon to update you once your idea has been reviewed.
Did you know you can join our Xero Research panel to be involved in early testing and research? Find out more and sign up through our website 🙂
