How to send bank details securely (and verify them before paying)

Learn which bank details are safe to share, which credentials must stay private, and how to verify payment instructions before money changes hands.

The short answer: send only the account information needed for the payment, use an encrypted channel, and verify the recipient or payment instructions through a trusted second channel. Encryption protects the details in transit and storage; verification helps prevent you from securely sending them to an impostor.

Bank details are often shared for payroll, direct deposits, invoices, or wire transfers. The safest process depends on whether you are giving somebody information to pay you or receiving instructions to pay them. In either case, treat the details as sensitive and keep banking credentials out of the message entirely.

Bank details are not banking credentials

A payer may legitimately need details such as the account holder's name, financial institution, transit or routing number, and account number. Ask the payer or financial institution exactly what the transaction requires, then share only those fields.

Never send your online-banking password, PIN, card security code, security-question answers, recovery codes, or one-time verification codes. Those are credentials used to access or authorize activity on an account, not payment-routing details. A legitimate request for deposit information does not require them.

The Canadian Centre for Cyber Security's online-banking guidance warns against sharing credentials and recommends contacting your bank immediately if fraud may have occurred.

A secure five-step process

1. Confirm what is actually needed

Start with the recipient's official instructions or ask your financial institution. A domestic direct deposit, an electronic transfer, and an international wire can require different fields. Do not send a full bank statement when a few account fields or an official direct-deposit form will do.

2. Verify the person and the request

Use contact information you already trust, not a phone number or link contained only in the request. If a supplier, lawyer, employee, landlord, or client announces new banking details, call a known contact before changing the payment destination.

This step is not theoretical. The Canadian Anti-Fraud Centre warns about payment redirection fraud, in which criminals impersonate trusted contacts and substitute fraudulent banking instructions. Its advice is to verify instructions independently and confirm banking changes using trusted contact information.

3. Use the right secure channel

  • Short account details: use an end-to-end encrypted message or secure portal with expiry and revocation.
  • A void cheque, direct-deposit form, or statement: use an approved encrypted file-transfer service or the recipient's secure document portal.
  • A banking password or verification code: do not send it through any channel.

Avoid ordinary email or SMS for bank details when a secure alternative is available. They can leave long-lived, searchable copies on multiple systems and devices.

4. Separate access information

If the secure message uses a link and a passphrase, deliver them through different channels. For example, send the link by email and provide the passphrase during a phone call. Set the shortest practical expiry and view limit, then revoke the message once the recipient confirms receipt.

5. Confirm before money moves

The person sending the payment should read back or otherwise confirm the account details through a trusted channel, especially for a first payment or any changed instructions. Keep established approval controls for business payments; an encrypted message does not replace dual approval or call-back procedures.

Where Secure Send fits

Privatt Secure Send is for confidential text messages, not file attachments. It encrypts text in your browser before upload. The recipient opens the message with a passphrase that Privatt never receives, and you can set an expiry, limit views, or revoke the link.

That makes it suitable for the few account fields needed for a payment. If the recipient requires a void cheque, bank form, statement, or other document, use a secure file-transfer service instead.

Explore Secure Send

If the details went to the wrong person

Revoke the message immediately if the tool allows it. Contact your financial institution using the number on its official website, app, or your bank card; explain exactly what was exposed and follow its instructions. If a password, PIN, or code was included, treat the account as potentially compromised rather than merely misdirected.

If money was sent to fraudulent instructions, contact the sending financial institution immediately and report the incident to local police and the Canadian Anti-Fraud Centre. Acting quickly can improve the chance of stopping or recovering a payment.

The two controls that matter

Use encryption to protect bank details from unnecessary exposure, and independent verification to confirm they belong to the intended person. You need both: a perfectly encrypted message can still deliver fraudulent instructions with perfect confidentiality.