contact merchant button
Remove the Contact Merchant button from online invoices or allow the business to change the reply email to the business email, not the user email.
If a customer uses the 'Contact Merchant' button on an invoice, the reply email is sent to the individual user login email address and not the reply email address that has been specified in the business settings.
This is a breach of data protection and needs urgent attention.
If a customer uses the 'Contact Merchant' button on an invoice they are unaware that they are sharing their data with an individual's email address and not the business email address.
If a customer chooses to respond to an invoice by using the 'Contact Merchant' button and give their credit card details to pay that invoice in their response, then that information is not protected. As a business, we have to certify each year that our card payment systems are robust, but we cannot guarantee that a customer will not use the contact merchant button to send us payment information, even if we ask them not to.
We should, at the very least, be able to switch this function off.
Xero, you need to get a grip on this one and not say this is something you are not looking at at the moment.
You are breaching the data protection act by not allowing a business to prevent personal customer information being shared with people who it shouldn't be shared with.
Denise Bannister
shared this idea
Thanks for submitting your idea on Xero Product Ideas. We appreciate you taking time to let us know how we could improve Xero for you.
Your feedback will soon be reviewed by our Community team, and in the meantime this can begin to build support with votes from other community members.
If you're interested to see recent releases or get a pulse on what's coming soon see The Long and Short of it. 🙂