How to Send Credit Card Information Safely
Precautions can reduce the risk of identity theft when sending card info by mail, email, text and other methods.
Many or all of the products on this page are from partners who compensate us when you click to or take an action on their website, but this does not influence our evaluations or ratings. Our opinions are our own.
The credit card industry has monitoring systems to try to catch fraud before it happens, but there are steps cardholders can take to protect themselves and make fraud less likely. A big part of preventing identity theft is just being careful with your sensitive information, including whom you share your credit card information with, and how you share it.
When it comes to sending credit card information, some methods are better than others. Here's how you can best protect yourself with each form of communication.
Email wasn't created with data privacy in mind, although many email providers do employ aggressive security measures. Depending on where an email is sent, its contents can end up stored on multiple servers along the way. Emails are also stored in folders in both the sender's and the recipient's accounts. A data breach anywhere along the chain can expose any credit card information you've sent by email.
What you can do: If you've sent credit card or other sensitive information over email in the past, search your sent folder and delete the information permanently. In the future, you can mitigate the risk by encrypting your email or using an email provider that encrypts messages automatically.
"It is important to understand whether emails are encrypted while on the server or just during transmission," said Shirley Inscoe, former senior analyst at Aite Group, an independent research and advisory firm. "This is something to double-check, or the email content may still be accessed while stored on a server."
When using Gmail, for example, “encryption in transit makes it harder for others to read your email when it travels between you and your intended recipients,” Google says. Microsoft Outlook has a feature that lets users encrypt individual messages as well.
Encryption software is another option (free online versions include PreVeil and SecureMyEmail). But don't trust encryption software without vetting it.
Text
In general, it's difficult for hackers to access text messages. But as long as a text containing credit card information sits undeleted in a conversation, it's exposed. If your phone is stolen, or the phone of the person you sent the information to is swiped, the thief may be able to access the information.
What you can do: Consider installing a text message encryption app on your phone that has self-destruct functionality. That way, the text containing your credit card information will be deleted from both phones after a pre-set period of time, lessening the exposure. One such app is Signal.
Also, set up your phone’s screen to lock when idle. This is an easy way to keep your phone, and everything on it, more secure.
Postal mail
These days, there aren't many instances in which you would need to send credit card information through the mail, but you may occasionally receive a bill or order form that requests it. The United States has strict laws about mail theft, but sending sensitive information this way poses some risk. Not only can someone steal your information after you've put it in your mailbox and before the mail carrier picks it up, but also once it's been delivered.
"Raising that red flag on the mailbox just calls it to the attention of identity thieves," Inscoe said. Instead, hand it directly to the carrier or put it in an official postal letter drop. Also, consider using certified mail so you can confirm that the letter has been delivered to the intended recipient.
What you can do: If you have to send your credit card information in the mail, avoid leaving it in your mailbox for the mail carrier to pick up. Sign up for Informed Delivery through the USPS, which gives you a preview of your mail so you can tell if anything that may contain personal information doesn’t actually make it into your mailbox.
» MORE: How to freeze your credit
Secure websites
A secure website is easy to spot because it will display "https" (with an "S") at the beginning of its URL. (Many times there will also be a lock icon.) Any information you send through a secured website is encrypted and safe. However, your credit card information is still susceptible to theft if you're a victim of spyware that has infected your computer or a public one. Hackers targeting the company operating the website may also access the information if it's stored on the company's servers.
What you can do: Make sure your malware protection is up to date. Avoid clicking on unfamiliar links in emails or pop-up ads. Learn to recognize if there is spyware on your computer. If you are suspicious, run a scan using legitimate anti-spyware software to detect and remove it.
A "secure" website can still be dangerous. When you see the "S" in "https" or the lock icon in the address bar, it just means that the connection to the website itself is secure. It doesn't tell you anything about the people running the website. In other words, criminals might be unable to intercept your credit card data when you provide it to the site — but it the site itself is run by criminals, your data is still compromised.
Fax
If both the sending and receiving fax machines operate over telephone lines, the threat of hacking is minimal. Anyone trying to access the line will only hear that familiar screeching sound.
However, if it's an email-based fax, your information is just as vulnerable as with an unencrypted email. Another risk to consider with phone-based fax is whether the intended recipient is the only one with access to the fax once it's delivered.
"A number of people may see the content of the fax while it is awaiting pickup by the intended recipient," Inscoe said. She also pointed out that "printed faxes may end up being misfiled or languishing on someone’s desk, with the content available to cleaning staff, security staff and other employees in the office."
What you can do: Before sending your credit card information, ask the recipient to stand by the fax machine to receive it as soon as it arrives and confirm they have received it. Additionally, ask whether their fax machine is email-based. If so, Inscoe recommended that you "ensure that the transmission is encrypted or upload the fax to a server via an encrypted web connection."
Be proactive about protecting your credit card information. Consumers "should ask questions until they are reassured or not use that method for confidential data," Inscoe said. "If all consumers start asking more questions, companies will start to take security and privacy issues more seriously."
Find the right credit card for you.
Whether you want to pay less interest or earn more rewards, the right card's out there. Just answer a few questions and we'll narrow the search for you.