When typing some emails for my boss recently, I was alarmed to find a request for a credit card number. I consulted him and made him aware of the security risk involved, however he assured me that everyone was doing it and that it was safe. I told him that people with physical access to the machines at the internet service provider could easily access these numbers as the emails were unencrypted. He told me to include other options such as ph/fax that the customer could optionally use. As I previously said, there are many people doing this. How can we make people understand that unencrypted email is completely insecure?