Privacy January 2026 · 14 min read

Is It Safe to Send a Photo of Your Driver's License?

Someone asked for your ID. Maybe it's a landlord, maybe it's a Craigslist seller, maybe it's a new job. Here's how to know if it's legit—and how to protect yourself if you decide to share.

Sources verified against FTC, ITRC, and FBI IC3 data

Your driver's license is a master key to your identity. It contains your full legal name, date of birth, home address, license number, a photograph of your face, your height, weight, eye color, and — on the back — a machine-readable barcode that encodes all of this in a format any scanner can extract in seconds. In the wrong hands, that's enough to open credit cards, file fraudulent tax returns, take over your phone number, or create a convincing fake ID.

So when someone asks you to send a photo of it, your instincts are right to hesitate. The question isn't whether sharing your license is risky — it always is. The question is whether the risk is justified by the situation.

150M+
U.S. licenses compromised since 2017
ITRC
1.1M
identity theft reports in 2024
FTC
25%
of 2024 data breaches involved license data
LifeLock

The Quick Answer

It depends entirely on who's asking, why they need it, and how they plan to handle it.

  • Legitimate businesses with secure processes: Generally okay with precautions — redact what they don't need, use secure transmission, ask about data retention
  • Random person on the internet: Almost always no. There are very few legitimate reasons a stranger needs your government ID
  • Someone you haven't verified: Verify their identity first — confirm they are who they claim to be, then decide

The rest of this guide walks through exactly how to make that decision: what to look for, what to redact, and what to do if you've already shared your ID with someone you shouldn't have.

The 9 Data Points on Your Driver's License

What to redact before sharing

STATE OF ILLINOIS — DRIVER LICENSE PHOTO Keep visible NAME SMITH, JANE A ADDRESS REDACT DOB 01/15/1990 DL NUMBER REDACT SIGNATURE REDACT HT: 5-06 WT: 135 EYES: BRN ISS: 03/2024 EXP: 03/2028 ⚠ ALWAYS REDACT BARCODE = Redact before sharing

Most people think of their license as just a name and photo. In reality, every U.S. driver's license contains at least nine pieces of personally identifiable information, each of which has value to identity thieves:

  1. Full legal name — the foundation of any identity theft attempt
  2. Date of birth — used to verify identity at banks, phone carriers, and government agencies
  3. Home address — enables targeted phishing, social engineering, and physical mail fraud
  4. Driver's license number — a unique identifier that can be used to access DMV records, file fraudulent insurance claims, or impersonate you to law enforcement
  5. Photo — used to create fake IDs or deepfake material
  6. Signature — can be used for document forgery
  7. Physical description (height, weight, eye color) — used to make fake IDs more convincing
  8. Issue and expiration dates — helps fraudsters estimate when you'll renew, creating a window for exploitation
  9. Machine-readable barcode (back of card) — contains all of the above in a scannable format, plus additional data like your middle name and suffix
💡 The barcode is the most dangerous part. While someone would need to manually transcribe information from the front of your license, the barcode on the back can be scanned by any smartphone app and instantly decoded into structured data. If you're going to share a photo of your license, the barcode is the single most important thing to redact.

Red Flags: When to Refuse

If any of these apply, do not send your ID. These are the hallmarks of identity theft scams, and they apply whether the request comes from a landlord, employer, buyer, seller, or anyone else.

🚩 "I need your ID before you can see the apartment"

Legitimate landlords and property managers show the property first. They have no reason to collect identity documents before you've even confirmed the listing is real. Scammers use fake listings to harvest IDs from dozens of applicants, then disappear.

🚩 Pressure to act immediately

"Send your ID now or someone else will get it." Urgency is the most common manipulation tactic in identity fraud. Legitimate requests have reasonable timelines. Anyone who won't give you 24 hours to verify them is not someone you should trust with your government ID.

🚩 Price is too good to be true

Below-market rent, unbelievable deals, or prizes you didn't enter to win. The "deal" is the bait. If a two-bedroom apartment in Manhattan is listed at $1,200/month, the apartment doesn't exist — but the ID collection is real.

🚩 They can't meet in person or video call

"I'm out of the country" or "I'm too busy to meet." Legitimate landlords, employers, and business counterparts can verify their identity. If someone asks for your ID but refuses to show theirs, that's the clearest signal that something is wrong.

🚩 Communication only through unusual channels

Professional businesses have phone numbers, email addresses with company domains, and physical addresses. If the only way to reach someone is through WhatsApp, Telegram, or a Gmail account, proceed with extreme caution.

🚩 They ask for money and ID simultaneously

"Send a deposit to hold the apartment, and your ID for the background check." This combination — money plus identity documents before any signed agreement — is the textbook pattern for rental scams. In legitimate transactions, money and ID are collected at different stages, through verified channels.

Green Flags: When It's Probably Okay

These indicators suggest the ID request is legitimate. No single green flag makes a request safe, but several together increase confidence:

✓ Established company with verifiable presence

The organization has an office address, a website that's been live for years, online reviews, and a phone number that rings. You can verify their business license through your state's Secretary of State database.

✓ You initiated the transaction

You found the listing, you applied for the job, you opened the account. The request is a response to something you started, not an unsolicited demand.

✓ You've seen the property or met the person

In-person verification before sharing sensitive documents is the gold standard. If you've walked through the apartment, met the property manager, or visited the office, the risk drops significantly.

✓ Secure submission method

Tenant portals, secure upload forms with HTTPS, or established platforms like Zillow and Apartments.com. If the submission happens through a system designed to handle sensitive documents, that's a positive signal.

✓ Clear explanation of why it's needed

Background check, identity verification, regulatory KYC requirement — with specifics about which provider processes the check and what happens to your data afterward.

What Someone Can Do With Your Driver's License

Understanding the specific risks helps you weigh the decision. Here's what identity thieves actually do with stolen license photos, based on FTC complaint data and law enforcement reports:

  • Open new credit accounts: Credit card applications often require only a name, date of birth, address, and SSN. Your license provides everything except the SSN — and that can often be obtained through separate data breaches. With your license photo, a thief can also pass visual ID checks at bank branches.
  • Synthetic identity fraud: Combine your real information with a different SSN (often a child's or deceased person's) to create a "synthetic" identity that can pass credit checks. This is the fastest-growing form of identity fraud in the U.S.
  • Tax fraud: File a false tax return in your name before you do, claiming a refund. The IRS flagged over $6 billion in suspicious refund claims in a single filing season, and tax-related identity theft complaints have increased 26% year over year according to the FBI.
  • Create fake physical IDs: With your photo, name, and license format, a skilled forger can produce a convincing fake. These are used for everything from buying alcohol to renting cars to committing crimes under your identity.
  • SIM swapping: Call your phone carrier, "verify" their identity using your license information, and transfer your phone number to their device. This gives them access to any account that uses SMS verification — including banking apps.
  • Account takeover: Contact your bank, insurance company, or other institutions and use your license details to pass identity verification. "I lost my card, can you send a replacement to my new address?"
  • Employment fraud: Use your license to pass employment eligibility checks (I-9 verification), potentially creating tax liability under your name and SSN.
  • Medical identity theft: Use your identity to obtain prescription medications, medical procedures, or health insurance coverage. This can corrupt your medical records with someone else's health history — a potentially dangerous outcome.

If You Decide to Share: How to Protect Yourself

1. Redact What They Don't Need

Most ID requests only need to confirm your name and photo match. They rarely need your license number, the barcode, or your signature. Before sharing, think about the minimum information required for the specific purpose and remove everything else.

Here's what to redact for common situations:

  • Rental application: Redact barcode, license number, and signature. The landlord needs your name, photo, and address confirmation — nothing more.
  • Employment I-9: Don't redact anything — federal law requires the full document. But this should only happen after you've accepted an offer at a verified company.
  • Age verification: Redact everything except your photo and date of birth.
  • KYC/financial accounts: The institution will specify what they need. Ask before sending.
💡 Always redact the barcode. Unless the requester specifically needs machine-readable data (which is rare), the barcode on the back of your license should always be redacted. It contains your complete identity in scannable format, and there is almost no legitimate reason a landlord, employer, or business counterpart needs access to it. SafeRedact can detect and remove it automatically.

2. Add a Watermark

Overlay text stating the specific purpose and date:

  • "For 123 Main St rental application only — March 2026"
  • "Acme Property Management verification only"
  • "Not valid for any other purpose"

This makes the image significantly harder to reuse for other purposes. It also creates forensic evidence — if your ID appears in a data breach, the watermark tells you exactly where the leak originated.

3. Use Secure Transmission

How you send your ID matters as much as who you send it to. In order of security:

  1. Secure upload portal (look for HTTPS and a reputable platform) — best option
  2. Encrypted messaging (Signal, iMessage with both parties on Apple devices) — good
  3. Password-protected PDF via email (send the password separately by text) — acceptable
  4. Regular email — least secure, avoid if possible. Email is transmitted in plaintext across servers and may be stored indefinitely in multiple locations.

Never share your ID through social media direct messages, public posts, unencrypted cloud storage links, or text messages to unknown numbers.

4. Ask How It Will Be Stored and Deleted

Legitimate businesses have data retention policies. Before sending, ask these questions — and be cautious of anyone who can't answer them:

  • "How long will you keep my ID on file?"
  • "Where and how is it stored? Is it encrypted?"
  • "Will you delete it after verification is complete?"
  • "Who at your organization will have access to it?"

Under regulations like GDPR, CCPA, and various state privacy laws, you may have a legal right to request deletion of your identity documents after the purpose has been fulfilled. A company that cannot answer basic data handling questions should not be trusted with your most sensitive document.

Common Scenarios

Rental Applications

✓ Normal: ID requested after you’ve viewed the property in person, as part of a formal application through an established property management company or a landlord whose ownership you’ve verified through public records. The request comes through a tenant portal or secure application form.

🚩 Suspicious: ID requested before viewing, from someone who can’t prove they own or manage the property, via Craigslist, Facebook Marketplace, or direct message with no verification. Especially suspicious if combined with a request for a deposit or “application fee” before signing anything.

Online Marketplace Sales

✓ Normal: Most peer-to-peer sales on platforms like eBay, Craigslist, or Facebook Marketplace do not require ID. The platform handles payment verification.

🚩 Suspicious: “I need to verify you’re a real person before I can ship the item.” This is almost always a scam. There is no legitimate reason a buyer or seller in a casual transaction needs your driver’s license.

New Job or Employment

✓ Normal: ID required for I-9 employment eligibility verification after you’ve accepted a written offer from a company you’ve verified. The verification happens on your first day, and you present the original document — not a photo.

🚩 Suspicious: ID requested during the application phase, before an interview, or for a “job” you found through unsolicited contact. Work-from-home job offers that require your ID before you’ve spoken to anyone are a major red flag.

Financial Accounts

✓ Normal: Banks, brokerages, crypto exchanges, and insurance companies require ID for Know Your Customer (KYC) regulatory compliance. This is legally mandated and happens through the institution’s own secure platform.

🚩 Suspicious: Requests from unfamiliar financial services, phishing emails that look like your bank, or platforms you didn’t sign up for. Go directly to the institution’s website — don’t click links in the message.

Car Rentals, Hotels, and Travel

✓ Normal: Presenting your ID in person at a rental counter, hotel front desk, or airport. The clerk checks it and hands it back.

🚩 Suspicious: Being asked to email or text a photo of your license before arrival to “speed up check-in.” Verify the request came from the official booking platform before sending anything.

Already Sent Your ID to Someone Suspicious?

If you've already shared your license with someone you now believe may be a scammer, act quickly. The first 24-48 hours are critical:

  1. Freeze your credit at all three bureaus: This is free and takes about 10 minutes per bureau. Go to Equifax, Experian, and TransUnion. A freeze prevents anyone from opening new accounts in your name.
  2. Set up fraud alerts: Also free at all three bureaus. A fraud alert requires creditors to verify your identity before opening new accounts. You only need to contact one bureau — they're required to notify the others.
  3. Monitor your accounts closely: Check your bank accounts, credit cards, and credit reports daily for at least 90 days. Set up transaction alerts on all accounts.
  4. Get an IRS Identity Protection PIN: This prevents anyone from filing a tax return using your Social Security number. Apply at irs.gov.
  5. File an identity theft report with the FTC: Go to IdentityTheft.gov. This generates a personalised recovery plan and creates an official report you can use with creditors.
  6. Contact your DMV: Some states can flag your license as potentially compromised or issue a new license with a different number. Policies vary by state.
  7. File a police report: While local police may not investigate individual identity theft cases, the report creates an official record you may need when disputing fraudulent accounts.

The Bottom Line

Your driver's license is one of your most valuable identity documents — which is exactly why it's the most commonly requested document in identity theft scams. The decision to share it should never be casual, automatic, or pressured.

Before sending a photo of your license to anyone, run through this checklist:

  1. Verify who's asking — confirm their identity independently, not through information they provided
  2. Understand why they need it — there should be a specific, verifiable reason
  3. Check for red flags — pressure, too-good-to-be-true offers, refusal to meet or verify their identity
  4. Redact what they don't need — especially the barcode, license number, and signature
  5. Use secure transmission — encrypted channels, not regular email or social media
  6. Ask about storage and deletion — your data should not live on someone's computer forever

When in doubt, refuse and ask for alternatives. Legitimate businesses understand privacy concerns and often have other verification options available. The two minutes it takes to redact your license before sharing could save you months of dealing with identity theft.

Need to Share Your ID Safely?

Redact license numbers, barcodes, and signatures in seconds. Free, no signup.

Start Redacting Free

Related articles