Security Tips

Use Strong Passwords in All Systems That Require Passwords


  1. Passwords should use the maximum allowable number and type of characters (such as upper and lower case letters, numbers and symbols) and should not contain predictable terms or numbers.
  2. A different password should be used for each commercial and financial services website.
  3. Passwords that are written down or otherwise recorded should not be placed in visible or unsecured locations.

Use Computers and Online Banking, Bill Payment and Shopping Securely


  1. Antivirus protection and scanning software that has been reviewed and rated as satisfactory by independent analysts should be installed, updated and utilized as recommended. In addition:
  2. If the security software can update automatically, set it to do so.
  3. If the security software cannot update automatically, update it after each login.
  4. If viruses (also referred to as “malicious software” or “malware”) are detected, the recommendations provided by the antivirus program should be followed promptly.
  5. Operating system software updates (also referred to as “patches”) should be accepted, downloaded, installed and run promptly, and as recommended.
  6. Personal financial information should never be sent by email in an unencrypted state. An email solution that encrypts messages between financial institutions and their customers should be utilized.
  7. Financial transactions that are conducted on websites should be conducted on secure websites only. An indicator of a secure website is a URL that begins with “https” in the address, the “s” standing for “secure.” The “https” prefix should be on every page of websites used to conduct transactions, in addition to the sign-in page.
  8. Unfamiliar or suspicious emails, text messages, instant messages, phone calls, websites and social media solicitations that request personal financial information should be deleted immediately. They should not be replied to or forwarded, and any links that they contain should not be opened.
  9. Options to “Remember me” on websites where transactions are conducted should not be used.
  10. Computer workstations and laptops should be logged off, and preferably not left on, when the user steps away.

Use Mobile Phones, Mobile Banking and Mobile Payments Securely


  1. Mobile phone applications, text messages, instant messages and calls from unfamiliar or suspicious sources that request personal financial information and passwords should be declined and, when appropriate, promptly deleted, and not replied to or forwarded. Any links they contain should not be opened.
  2. Each mobile phone and mobile phone application should be assigned a different password with the maximum allowable number and type of characters.
  3. Mobile phones should be set to log off automatically after no more than two minutes of non-use, with a password required to log back into the phone.
  4. Mobile phones should be locked up when not in use and not left in visible, unsecured locations.
  5. Lost or stolen phones should be reported to the carrier promptly.

Use ATM, Credit, Debit and Prepaid Cards Securely


  1. Cards should be signed as soon as they arrive.
  2. Card numbers should only be used in secure transactions and should not be provided in response to unfamiliar or suspicious websites, emails, text messages, telephone calls, mobile phone applications or social media messages.
  3. If conducted on websites, card transactions should be conducted only on secure websites. An indicator of a secure website is a URL that begins with “https” in the address, the “s” standing for “secure.” The “https” prefix should be on every page of websites used to conduct transactions, in addition to the sign-in page.
  4. Options to “Remember my card number” on websites where transactions are conducted should not be used.
  5. Cards should not be left in visible or unsecured locations.
  6. Lost or stolen cards should be promptly reported to the card issuer.
  7. Cards that are unused, have been canceled or have been replaced by a new card should be securely eliminated, for example by cutting them into small pieces so they cannot be read.

Use Checks Securely


  1. Checks should not have Social Security Numbers or driver’s license numbers printed or written on them.
  2. Checks should not be left visible in unsecured locations.
  3. Checks that are to be discarded should be eliminated securely, for example by shredding, and should not be discarded in a readable form.
  4. Checks that are tamper resistant are available at certain financial institutions. These checks include security features such as chemically sensitive paper to deter alterations.

Use Statements and E-Statements, Bills and E-Bills, and Transaction Receipts Securely


  1. Statements, e-statements, bills and e-bills should be reviewed promptly upon receipt to verify that all transactions were made by authorized parties; any transactions made by unauthorized parties should be reported to the appropriate financial institution, card issuer or biller.
  2. Transaction receipts should be saved and compared to statements to ensure that unauthorized charges have not been added. Any transactions made by unauthorized parties should be reported to the appropriate financial institution, card issuer or biller.
  3. Incorrect transaction receipts should be voided.
  4. Blank transaction receipts should not be signed. Draw a line through any blank spaces above the total on any transaction receipt that is to be signed.
  5. Statements, bills and transaction receipts that are to be discarded should be eliminated securely, for example by shredding, and should not be discarded in a readable form.
  6. Financial institutions, card issuers and billers should be notified in advance of a change of address.

Use Social Media Securely


  1. The highest available level of privacy and security settings should be selected and activated on any social media site.
  2. No information that can be used to compromise information security should be viewable on any social media site. Such information includes the names of financial institutions, card companies, commerce websites, Internet service providers, utilities and wireless carriers with which you have accounts. This also includes personal financial information, passwords, phone numbers, email addresses, addresses and dates of significance (for example, birth dates and anniversaries).
  3. Accept only known and trusted individuals into your social network.
  4. Do not allow social media sites to scan your address book.

Monitor Credit Accounts


  1. Credit accounts and reports should be monitored regularly. Any unauthorized or suspicious activity should be reported promptly to the appropriate financial institution, card issuer, local law enforcement agency and the Federal Trade Commission (877-438-4338, or online at www.consumer.gov).
  2. As a precaution, you may choose to place a fraud alert on your credit file. A fraud alert will notify you before unauthorized third parties open new accounts in your name or charge existing accounts in your name. This can be done at no charge to you. To receive fraud alerts, contact Equifax® (800-525- 6285), Experian® (888-397-3742) or TransUnion® (800- 680-7289).