Why You Should Never Post Your Bank Account Number on Social Media — Even for a Good Cause

While getting prepared for the upcoming event in Dominica, CheckPoint Compliance co-founder Sharon Sylvester spotted a troubling trend. In multiple public Facebook posts promoting community events, full bank account numbers were being posted on social media for anyone to see.  No secure links, no privacy settings, just the numbers displayed in plain sight for the viewing public.

It wasn’t just one event. A quick search showed this appears to be a common practice for reunions, church fundraisers, sports team trips, and other community causes.

This approach is not surprising in many Caribbean communities given the general trust when it comes to these kinds of things.  This is how it has been done. People know each other, and historically, sharing account details for donations hasn’t raised alarm bells. But, in a world where online content travels far beyond local borders, this practice carries serious risks — risks that could harm both the organization and the donors they serve.

The internet does not recognize local boundaries. A Facebook post made in Roseau can be viewed in New York, Kingston, Toronto, or Lagos within seconds. Once a bank account number is public, it’s available to anyone — including those looking to exploit it.

This matters for three big reasons:

1. Wider Exposure than Intended
   A post meant for local supporters can be shared, indexed by search engines, or even scraped by bots searching for financial details.
   
2. Global Fraud Threats
   Criminals no longer need physical access to a bank branch to cause damage. Many scams are run entirely online, targeting accounts from afar.
   
3. Impact on Trust and Reputation
   If donors are scammed through fake fundraisers using your posted details, they may lose trust in your cause — even if you weren’t at fault.
   

For Caribbean financial institutions and community groups, this isn’t just a security issue — it’s a compliance issue. As more banks adopt global standards for AML (Anti-Money Laundering) and KYC (Know Your Customer), unsafe practices could affect relationships with larger banking partners.  Therefore, making it not only harder for banks and businesses to move money, but it also makes it harder for friends and family to send money from abroad.

There are many risks organizations and individuals face when posting account numbers online, including:

1. Fraudulent Transfers

Fraudsters can attempt unauthorized withdrawals, set up fake payment authorizations, or link the account to fraudulent activities. While larger banks may have safeguards, smaller institutions or outdated systems may be slower to detect the activity.

Example: An overseas scammer uses your account number to create a fake debit authorization. Even if the bank eventually reverses it, the process can freeze funds and disrupt your operations for weeks.

2. Phishing Scams That Sound Real

Scammers use public details to make their communications sound credible.

“We’re calling from your bank about an account ending in 123456 — we need to confirm your information to process a recent donation.”
Because the number matches what’s been publicly posted, victims are more likely to believe the scam.

3. Fake Fundraisers

Fraudsters copy event details and run parallel fundraising campaigns, but this time they include their bank account information instead of your own. Donors unknowingly send money to criminals instead of the legitimate cause.

4. Identity Theft and Account Takeover

When paired with information from other sources, such as social media and dark web data from data breaches, a bank account number can be used to build a complete fraud profile for identity theft or, most commonly, an account takeover.

The good news: there are secure, low-cost ways to collect funds without exposing sensitive information.

1. Secure Online Payment Platforms

Platforms like PayPal, Zelle, WiPay Caribbean, or, in some cases, your bank’s official payment portal can mask your account details and include fraud monitoring.

2. QR Codes Linked to Secure Payment Pages

These can be printed on flyers, displayed at events, or shared in private messages. Donors scan the code and are taken directly to a secure payment page.

3. Dedicated Donation Accounts

Work with your bank or credit union to open an account exclusively for the event or fundraiser. Once the campaign ends, close it to eliminate long-term risk.

4. Bank-Supported Transfer Methods

In some instances, financial institutions offer official merchant accounts or secure transfer methods for community events. These options can be promoted without revealing full account details.

If you’ve already posted your account number online — or discovered it’s been shared without your permission — take immediate action:

1. Remove the Post from all public platforms.
   
2. Notify Your Bank so they can monitor for suspicious transactions.
   
3. Increase Account Monitoring for at least 90 days, checking daily if possible.
   
4. Consider changing the Account Number for high-risk cases.
   

Inform Donors about the safer, updated way to contribute.

While it has almost become a tradition to share these kinds of details publicly, given the general trust within the community, the world has changed, and with it, your community has become larger.  Something that may be considered culturally acceptable in the Caribbean may also be very frowned upon in other countries.  

As Caribbean institutions aim to align with global compliance standards, protecting account details isn’t just a good habit; it’s a necessary step to safeguard both financial assets and public trust.

At CheckPoint Compliance, we help individuals, credit unions, and small businesses protect themselves from fraud and data breaches. Whether you need secure policy templates, staff training, or a full compliance review, we’ve got you covered.

Book a consultation today and let’s safeguard what matters most — your money, your data, and your reputation.