How to send banking documents securely over e-mail

When you’re getting a loan, sometimes you have to send documents like bank statements electronically. If you want the money in those bank accounts to actually stay there, you need to protect those documents before you send them.

There are three relatively easy ways to do it, depending on what software you and the person on the other end have.

If you have the full version of Adobe Acrobat or another PDF creator, save the file in Acrobat 7 format (minimum) and password protect it. Acrobat 7 uses AES-128 encryption to protect the file. Acrobat X uses AES-256, which is even better.

If you have at least Office 2007, copy and paste the content into a Word document, then password-protect it. Select AES-256 protection if it’s available. Don’t use anything less than AES-128.

Failing both of those, WinZip and most similar programs (I use 7-Zip) have the ability to protect archives with AES-256 encryption. 7-Zip puts the option right on the create archive screen. Don’t select the old ZipCrypto/PKZIP 2.0 option–that encryption is so weak as to be useless today.

AES-256 is currently the gold standard in encryption. Spies and other shadowy people trust and use it–that’s why most commercial products have it built in, these days–so if it’s good enough for them, it’s good enough for us. AES-128 is currently impractical to break, but when there’s something better available, there’s no good reason not to use it.

Use a reasonably strong password to protect what you’re sending–more than 8 characters certainly, and include numbers and symbols. The person on the other end is going to copy and paste it in, most likely.

Speaking of that, you have to get the password there somehow. One approach is to e-mail in advance–avoid using the word “password,” and just say you’re sending the requested files, and here’s what you’ll need to open them.

Then, using a different e-mail account, send the encrypted file(s).

An even better approach is to call the person and tell him or her the password.

You can’t control what they do with the files after decryption, but government regulations require them to encrypt it to protect you. The bigger problem is delivering those documents securely in the first place. And don’t count on the person on the other end to know how to do that, or even to know what encryption is.

If you found this post informative or helpful, please share it!