Is it safe to share your IBAN?

What freelancers can and can't send, detail by detail, without the scare stories.

By Julian Fella, co-founder of Folio · Updated July 12, 2026

The short answer.

Yes, sharing your IBAN with someone who's paying you is safe in normal circumstances and it's exactly what the IBAN is for. Nobody can walk into your account with an IBAN alone. The details that actually unlock your money are your card number with its code, your PIN, your online banking login and one-time codes, and no real client ever needs those. The rest of this page goes detail by detail.

IBAN alone.

An IBAN identifies your account the way an address identifies your house. People can send things to it, they can't take things out of it. The one theoretical misuse is a fraudulent SEPA direct debit set up in your name, and that's the risk banks already planned for: direct debits in the SEPA system are refundable, no questions asked, for eight weeks, and unauthorized ones for over a year. Check your statements occasionally and that risk is close to zero.

IBAN plus BIC, or plus your name.

Adding the BIC changes nothing, it just names your bank, which the IBAN already encodes. Your name plus IBAN is also what every invoice in Europe carries, millions of times a day. The combination matters only to a scammer building a convincing impersonation of you, which is a reason to keep details out of public places, not a reason to fear sending an invoice.

UK: account number and sort code.

Same logic as the IBAN: fine to share privately with a payer. The known misuse is setting up a direct debit, and the UK's direct debit guarantee refunds fraudulent ones. What you shouldn't share is anything beyond that pair, no card details, no login, no codes from your banking app, no matter how official the request looks.

US: routing and account number.

The US is the one place to be a bit more careful. Routing plus account number can be used to initiate ACH debits, and while fraudulent ones can be disputed, the windows are shorter than in Europe and the process is more annoying. Share them privately with clients you've verified, prefer a gated channel over email, and glance at your statements monthly. If a US client can pay by another method you already use, like PayPal or Wise, that's a fine alternative.

PayPal, Wise and Revolut details.

Your PayPal.me link, PayPal email, Wise details or Revolut tag are designed to be shared with payers, that's their whole job. The risks here aren't the identifiers, they're the surrounding scams: fake "you've received a payment, click to accept" emails and requests sent as "for goods and services" refund traps. Money arriving in these apps doesn't need you to click anything. If a message says otherwise, it's phishing.

Over email, in a DM, with strangers.

Now the part that actually matters, because the channel carries more risk than the detail. Email and DMs are fine right up until an inbox on either side is compromised, which is how invoice-redirection fraud works: the scammer edits the payment details in a thread the client already trusts. Public places are worse, anything in a bio, comment or story is permanent and scrapeable. And "strangers" is really a question about verification: a paying client you've checked out is not a stranger, someone who approached you with an overpayment story is.

The clean setup is a channel with access control: your details behind a password, shared at the moment of payment with the person paying. That's what Folio's Pay-Me is, a free, password-gated page with your payment methods, encrypted, off your public page, with Folio never touching the money.

The never-share list.

For completeness, the details that do unlock your money: full card number with expiry and CVC, your PIN, online banking passwords, recovery phrases and any one-time code your bank or payment app sends you. Receiving a payment never requires any of them. Anyone who insists otherwise, however patient and official they sound, is running a script.

Questions

Can someone take money from my account with my IBAN?

Not directly. The only vector is a fraudulent direct debit, which SEPA rules make refundable, eight weeks no questions asked, longer for unauthorized ones. Checking statements covers you.

Is it safe to share my IBAN and BIC together?

Yes. The BIC only identifies your bank and adds no new risk beyond the IBAN itself.

Is it safe to give my IBAN and my full name?

Yes, privately, that's what every invoice contains. Just keep the pair out of public bios and comments where it can be scraped for impersonation.

Is it safe to share my account number and sort code?

With a verified payer, yes. The UK direct debit guarantee covers the main misuse. Never share card details or logins on top.

Is it safe to give out my routing and account number?

Privately and to verified clients, generally yes, but US ACH debits make this the pair to treat most carefully. Prefer a gated channel and watch your statements.

Should I send bank details by email or text?

It works, but it's the channel scammers exploit through compromised inboxes. If the amount matters, use an access-controlled page and confirm any detail changes on a call.

Is it safe to share my PayPal email or PayPal.me link?

Yes, they exist to be shared. Ignore any email asking you to click to accept a payment, real payments arrive on their own.

What details does a client need to pay me?

Bank transfer: your name and IBAN, or account number with sort or routing code. Apps: your handle or email. Nothing else, ever.

One link away from your next client.

Claim your handle and give clients one link with everything they need to hire you.

folio.link/

100% Free