Today I had to deal with the Tourism Office of the city of Strasbourg, which asked me in their email to send them my credit card details (card number, expiry date and CVV code) by email!
I sent back an angry email telling them they should never ask people to send such sensitive information by email. I immediately got called back by this angry (but polite) lady saying the usual stuff («no one else seems to have a problem», «we’ve always done it like this», «our system is secure»). What’s more, the number she was calling me from was hidden. I tried in vain to explain to her that it was the email system I did not trust, not her personally, that a website can be encrypted but email travels and is stored unencrypted, but nothing came out of it.
In the end I gave her the details over the phone, but only after I called her back. At least this way if someone hacks into their (or our) mail server, they will not find my credit card details sitting there in cleartext…
Here’s a relevant article on PCWorld: http://www.pcworld.com/article/223787/mailed_credit_card.html