Precautions can reduce the risk of identity theft when sending card info by mail, email, text and other methods.
Updated May 31, 2023 7:55 p.m. PDT · 3 min read Written by Ben LuthiBen is a former credit card specialist for NerdWallet who wrote card reviews and comparisons and covered credit-related issues affecting consumers.
Erin Hurd
Credit cards, rewards, personal finance
Erin is a former writer and assigning editor on the NerdWallet Content team who now heads NerdWallet's travel business. She's a credit card and travel rewards expert at NerdWallet, based in Baltimore, Maryland. She has spent nearly two decades showing readers unique ways to maximize their investments and personal finances. Prior to joining NerdWallet, Erin worked on dozens of newsletters and magazines in the areas of investing, health, business and travel with Agora Publishing. Her love of travel led to a passion for credit card and loyalty rewards to subsidize trips, and she thrives on teaching others how to harness the power of credit card rewards. When she's not helping NerdWallet readers find the best travel value, Erin is planning her next adventure for her family of four using points and miles.
Fact Checked
Many, or all, of the products featured on this page are from our advertising partners who compensate us when you take certain actions on our website or click to take an action on their website. However, this does not influence our evaluations. Our opinions are our own. Here is a list of our partners and here's how we make money.
The credit card industry has bolstered its monitoring systems to try to catch fraud before it happens, but it's also essential that you take steps to safeguard your personal data. Preventing identity theft involves protecting your sensitive information, including whom you give your credit card information to and how.
Some methods are better than others. Here's how you can best protect yourself with each form of communication.
Email was not created with data privacy in mind, though some email providers are adding security measures. Depending on where the message is sent, its contents can be stored on multiple servers along the way. Also, emails are stored in various folders in your account and the recipient's, making your credit card information vulnerable to hackers or someone else who has a way to access one of the accounts.
What you can do: If you've sent credit card or other sensitive information over email in the past, search your sent folder and delete the information permanently. In the future, you can mitigate the risk by encrypting your email or using an email provider that encrypts messages automatically.
"It is important to understand whether emails are encrypted while on the server or just during transmission," says Shirley Inscoe, senior analyst at Aite Group, an independent research and advisory firm. "This is something to double-check, or the email content may still be accessed while stored on a server."
According to Google, for example, Gmail messages are “encrypted at rest and while in transit between data centers.” You can also turn on Confidential Mode, which removes the recipient’s ability to forward, copy, download or print your email and allows you to set an expiration date for your message. Microsoft Outlook has a feature that lets users encrypt individual messages as well.
Encryption software is another option (free online versions include PreVeil and SecureMyEmail). But don't trust an encryption software without vetting it.
Stop fraud in its tracksWith a NerdWallet account, you can see all of your credit card activity in one place and easily access your credit report to spot any red flags quickly.
GET STARTED
In general, it's difficult for hackers to access text messages. But as long as a text containing credit card information sits in an inbox or sent folder, it's exposed. If your phone is stolen, or the phone of the person you sent the information to is swiped, the thief may be able to access the information.
What you can do: Consider installing a text message encryption app on your phone that has self-destruct functionality. That way, the text containing your credit card information will be deleted from both phones after a pre-set period of time, lessening the exposure. One such app is Signal, which is available for iPhone and Android.
Also, set up your phone’s screen to lock when idle. This is an easy way to keep your phone, and everything on it, more secure.
These days, there aren't many instances in which you would need to send credit card information through the mail, but you may occasionally receive a bill or order form that requests it. The United States has strict laws about mail theft, but sending sensitive information this way poses some risk. Not only can someone steal your information after you've put it in your mailbox and before the mail carrier picks it up, but also once it's been delivered.
"Raising that red flag on the mailbox just calls it to the attention of identity thieves," Inscoe says. Instead, hand it directly to the carrier or drop it in the letter slot at the post office. Also, consider using certified mail so you can confirm that the letter has been delivered to the intended recipient.
What you can do: If you have to send your credit card information in the mail, avoid leaving it in your mailbox for the mail carrier to pick up. Sign up for Informed Delivery through the USPS, which gives you a preview of your mail so you can tell if anything that may contain personal information doesn’t actually make it into your mailbox.
A secure website is easy to spot because it will display "https" (with an "S") at the beginning of its URL. (Many times there will also be a lock icon.) Any information you send through a secured website is encrypted and safe. However, your credit card information is still susceptible to theft if you're a victim of spyware that has infected your computer or a public one. Hackers targeting the company operating the website may also access the information if it's stored on the company's servers.
What you can do: Make sure your malware protection is up to date. Avoid clicking on unfamiliar links in emails or pop-up ads. Learn to recognize if there is spyware on your computer. If you are suspicious, run a scan using legitimate anti-spyware software to detect and remove it.
A "secure" website can still be dangerous. When you see the "S" in "https" or the lock icon in the address bar, it just means that the connection to the website itself is secure. It doesn't tell you anything about the people running the website. In other words, criminals might be unable to intercept your credit card data when you provide it to the site — but it the site itself is run by criminals, your data is still compromised.
If both the sending and receiving fax machines operate over telephone lines, the threat of hacking is minimal. Anyone trying to access the line will only hear that familiar screeching sound.
However, if it's an email-based fax, your information is just as vulnerable as with an unencrypted email. Another risk to consider with phone-based fax is whether the intended recipient is the only one with access to the fax once it's delivered.
"A number of people may see the content of the fax while it is awaiting pickup by the intended recipient," Inscoe says. She also points out that "printed faxes may end up being misfiled or languishing on someone’s desk, with the content available to cleaning staff, security staff and other employees in the office."
What you can do: Before sending your credit card information, ask the recipient to stand by the fax machine to receive it as soon as it arrives and confirm they have received it. Additionally, ask whether their fax machine is email-based. If so, Inscoe recommends that you "ensure that the transmission is encrypted or upload the fax to a server via an encrypted web connection."
Be proactive about protecting your credit card information. Consumers "should ask questions until they are reassured or not use that method for confidential data," Inscoe says. "If all consumers start asking more questions, companies will start to take security and privacy issues more seriously."
You’re following Ben Luthi
Visit your My NerdWallet Settings page to see all the writers you're following.
On a similar note.
Download the app
Disclaimer: NerdWallet strives to keep its information accurate and up to date. This information may be different than what you see when you visit a financial institution, service provider or specific product’s site. All financial products, shopping products and services are presented without warranty. When evaluating offers, please review the financial institution’s Terms and Conditions. Pre-qualified offers are not binding. If you find discrepancies with your credit score or information from your credit report, please contact TransUnion® directly.
NerdUp by NerdWallet credit card: NerdWallet is not a bank. Bank services provided by Evolve Bank & Trust, member FDIC. The NerdUp by NerdWallet Credit Card is issued by Evolve Bank & Trust pursuant to a license from MasterCard International Inc.
Impact on your credit may vary, as credit scores are independently determined by credit bureaus based on a number of factors including the financial decisions you make with other financial services organizations.
NerdWallet Compare, Inc. NMLS ID# 1617539
California: California Finance Lender loans arranged pursuant to Department of Financial Protection and Innovation Finance Lenders License #60DBO-74812
Insurance Services offered through NerdWallet Insurance Services, Inc. (CA resident license no.OK92033) Insurance Licenses
NerdWallet™ | 55 Hawthorne St. - 10th Floor, San Francisco, CA 94105
