The vendors should have a public encryption key and if they do not I would not place an order through them. Post the vendors name in case there is a problem later.