Best Practices for Online Security and Fraud
Safeguard your financial security
Each year people all across America lose millions of dollars and their good credit history due to fraud. While there are federal, state, and local laws and law enforcement agencies to help protect you against fraud. You, ultimately, are responsible for protecting yourself.
In this section of our web site we'll share with you some information on fraud and on how to protect yourself. While this information is in no way meant to be all-encompasing, it will provide you with good practices to prevent fraud from happening to you, and provide steps to take should you become a victim of fraud.
In order to understand fraud better, it is necessary to define fraud. Webster's Dictionary defines fraud as: "An intentional diversion of truth to obtain something of monetary value." Fraud causes an invasion of privacy, a loss of confidence, and a feeling of helplessness.
We have identified four major areas of fraud that could potentially affect most Americans. They are Check Cashing Fraud, ATM Fraud, Credit Card Fraud and Identity Theft. You can find out more about these in our Website Security section.
Unfortunately, fraud-related crimes are becoming more common. Victims of fraud often do not realize their misfortune until their financial institution or a collection agency contacts them asking for payment on an account of which they have no knowledge. Other times, an individual may check their credit bureau report only to find an account that they did not know existed. These are only examples, but are all too common.
Pentagon Federal takes great pride in its fraud prevention measures, and strives to protect our members against fraud-related crimes. Keep reading to help you protect yourself from fraud.
We are most effective when partnered with our members to detect fraud.
Please report anything out of the ordinary concerning your PenFed accounts immediately.
1. Change your Password regularly. PenFed recommends this be done every 60-90 days.
2. Never give your passwords to anyone. PenFed will NEVER ask for your password in an email, over the phone, in a text or any other communication method.
3. Do not reuse passwords. Do not use the same password you have set for PenFed Online for any other account.
4. Use a password manager. If you use a password manager, you do not have to remember all your passwords; only the one to the password manager. This allows you to use long, complex and unique passwords for all your accounts. Be sure to make the password to your password manager a strong one. Macs have a password manager built in (Keychain) and there are many available for Windows.
5. Use a “two factor” method for authenticating to sites if available. This is especially important for email since email is often used to reset passwords, confirm actions and as additional method for identity verification.
Install protection software on your home computers such as anti-virus, anti-spyware and anti-fraud protection software and keep them up to date.
6. Use a personal firewall. Firewalls are built into virtually all computer operating systems. Click here for more information: Windows, Mac
7.Use a physical home router/firewall between your computer and your cable or DSL modem.
8. Turn on automatic updates for your operating system (Windows, Mac) and applications that you have installed, especially your web browser, Adobe Reader, Adobe Flash, Adobe Shockwave and Oracle Java.
9. Create a second, non-privileged operating system account, for normal, everyday use and use your privileged (administrator) account only when needed, like when installing software. (Windows, Mac)
10. Use a pop-up blocker. Set your browser preferences to block pop–ups as pop-ups can contain malicious code.
11. Use a browser add-on that blocks advertisements (an ad blocker)
12.Use a browser add-on that blocks scripts such as No-Script, uBlock or use a sandboxing technology like Sandboxie.
13. Conduct online banking and make financial transactions only with a trusted computer (one owned by you or someone you trust) on a trusted network—wired or wireless.
14. Never use a public computer for online banking. If you must bank while away from a trusted computer, use the PenFed Mobile App.
15. Turn off your computer when not in use.
16. Review your account and transaction information regularly—least once a week. If you notice any changes to your account that you didn’t make, contact us immediately at 1-800-247-5626.
17. Set up account alerts to receive alerts on your cell phone or in e-mail so you can stay updated on your account activity. Set up account alerts
18. Freeze your credit report. A security freeze prevents potential creditors from being able to pull your credit file. When your credit file is frozen, ID thieves can apply for credit in your name, but not be able to establish new lines of credit. Few creditors will extend credit without determining the risk of doing so (i.e., view your credit file). You can unfreeze your credit file any time. If you do not freeze your credit report, check it regularly. Ensure you recognize all the accounts listed. Contact one of the three major credit-reporting agencies for a copy of your credit report.
19. Do not send sensitive information via e-mail. Never e–mail passwords, account numbers, social security numbers or other sensitive information to anyone.
20. Sign out of accounts and websites. When you have finished using an Internet service that you have logged into, sign out and do not just close the browser. It is possible that some sites may not close your session (log you out) when the browser window is closed.
21. Check certificates. When visiting secure sites that have a padlock, green address bar or begin with “https” view the site certificate and verify that it is for the site you believe you are visiting. This can be done by clicking on the padlock and then “view certificate” or “more information”. This will display the details about the certificate including the owner and issuer.