How to Send Credit Card Information Safely

Precautions can reduce the risk of identity theft when sending card info by mail, email, text and other methods.

Ben LuthiJuly 17, 2015
On a similar note...
On a similar note...

Many or all of the products featured here are from our partners who compensate us. This may influence which products we write about and where and how the product appears on a page. However, this does not influence our evaluations. Our opinions are our own.

The credit card industry has bolstered its monitoring systems to try to catch fraud before it happens, but it's also essential that you take steps to safeguard your personal data. Preventing identity theft involves protecting your sensitive information, including whom you give your credit card information to and how.

Some methods are better than others. Here's how you can best protect yourself with each form of communication.

Email — High risk

Email was not created with data privacy in mind. Depending on where the message is sent, its contents can be stored on multiple servers along the way. Also, emails are stored in various folders in your account and the recipient's, making your credit card information vulnerable to hackers or someone else who has a way to access one of the accounts.

What you can do: If you've sent credit card or other sensitive information over email in the past, search through your sent folder and delete the information permanently. In the future, you can mitigate the risk by using encryption software (free online versions include VeraCrypt and AxCrypt) to scramble the information until the recipient unlocks it with a security password or code. But don't trust an encryption software without vetting it.

"It is important to understand whether emails are encrypted while on the server or just during transmission," says Shirley Inscoe, senior analyst at Aite Group, an independent research and advisory firm. "This is something to double-check, or the email content may still be accessed while stored on a server."

Postal mail — Medium risk

These days, there aren't many instances in which you would need to send credit card information through the mail, but you may occasionally receive a bill or order form that requests it. The United States has strict laws about mail theft, but sending sending sensitive information this way poses some risk. Not only can someone steal your information after you've put it in your mailbox and before the mail carrier picks it up, but also once it's been delivered.

What you can do: If you have to send your credit card information in the mail, avoid leaving it in your mailbox for the mail carrier to pick up.

"Raising that red flag on the mailbox just calls it to the attention of identity thieves," Inscoe says. Instead, hand it directly to the carrier or drop it in the letter slot at the post office. Also, consider using certified mail so you can confirm that the letter has been delivered to the intended recipient.

Fax — Medium risk

If both the sending and receiving fax machines operate over telephone lines, the threat of hacking is minimal. Anyone trying to access the line will only hear that familiar screeching sound.

However, if it's an email-based fax, your information is just as vulnerable as with an unencrypted email. Another risk to consider with phone-based fax is whether the intended recipient is the only one with access to the fax once it's delivered.

"A number of people may see the content of the fax while it is awaiting pickup by the intended recipient," Inscoe says. She also points out that "printed faxes may end up being misfiled or languishing on someone’s desk, with the content available to cleaning staff, security staff and other employees in the office."

What you can do: Before sending your credit card information, ask the recipient to stand by the fax machine to receive it as soon as it arrives and confirm they have received it. Additionally, ask whether their fax machine is email-based. If so, Inscoe recommends that you "ensure that the transmission is encrypted or upload the fax to a server via an encrypted web connection."

Secure websites — Low risk (with a catch)

A secured website is easy to spot because it will display "https" (with an "S") at the beginning of its URL. (Many times there will also be a lock icon.) Any information you send through a secured website is encrypted and safe. However, your credit card information is still susceptible to theft if you're a victim of spyware that has infected your computer or a public one. Hackers targeting the company operating the website may also access the information if it's stored on the company's servers.

What you can do: Make sure your malware protection is up to date. Avoid clicking on unfamiliar links in emails or pop-up ads. Learn to recognize if there is spyware on your computer. If you are suspicious, run a scan using legitimate anti-spyware software to detect and remove it.

Text — Low risk

In general, it's difficult for hackers to access text messages. But as long as a text containing credit card information sits in an inbox or sent folder, it's exposed. If your phone is stolen, or the phone of the person you sent the information to is swiped, the thief may be able to access the information.

What you can do: Consider installing a text message encryption app on your phone that has self-destruct functionality. That way, the text containing your credit card information will be deleted from both phones after a pre-set period of time, lessening the exposure. One such app is Signal, which is available for iPhone and Android.

Be proactive about protecting your credit card information. Consumers "should ask questions until they are reassured or not use that method for confidential data," Inscoe says. "If all consumers start asking more questions, companies will start to take security and privacy issues more seriously."

We want to hear from you and encourage a lively discussion among our users. Please help us keep our site clean and safe by following our posting guidelines, and avoid disclosing personal or sensitive information such as bank account or phone numbers. Any comments posted under NerdWallet’s official account are not reviewed or endorsed by representatives of financial institutions affiliated with the reviewed products, unless explicitly stated otherwise.