To get ahead you have to stay informed.


Best Practices for Online Security and Fraud

What you'll learn: How to create good passwords, install protective software, and more to stay secure online


Each year, Americans lose money due to fraud. While there are law enforcement agencies in place to protect you, you're ultimately responsible for protecting yourself, your assets, and your credit history. We put together our best practices for protecting your account here at PenFed.

  1. Use a unique, complex password for all accounts. Using a different password for your banking, email, and other online activities makes it more difficult for fraudsters to breach your accounts. Never give your passwords to anyone. Remember, your personal email can be used to access your online banking accounts — keep your email secured.
  2. Review your account and transaction information at least once a week. If you notice any unauthorized changes or transactions on your account, contact us immediately at 1-800-247-5626. You can also enroll in account alerts to receive notifications on your phone or via e-mail to stay updated on your account activity. Set up account alerts via PenFed Online.
  3. Never disclose a one-time-passcode (OTP) received unless you initiated the call to PenFed. Treat the OTP with the same security you would your password or other personal identifying information. Scammers will pose as credit union employees to get access to your account.
  4. Always remember if it sounds too good to be true, it is. Scammers work year-round and their methods change constantly, so be diligent. You can be held financially and criminally responsible for activity that occurs on your account.
  5. Never use a public computer for online banking. Make sure you are using a trusted computer (one owned by you or someone you trust) on a trusted network before logging into online banking. Avoid performing sensitive banking transactions via public WiFi networks.

These are just some of PenFed’s suggested best practices, but for more computer protection advice please continue reading.

  • Use a password manager. If you use a password manager, you do not have to remember all your passwords — only the one to the password manager. This allows you to use long, complex, and unique passwords for all your accounts. Be sure to make the password to your password manager a strong one. Macs have a password manager built in (Keychain) and there are many available for Windows.
  • Install protection software. Your home computers likely have anti-virus, anti-spyware, and anti-fraud protection software. Keep them up to date.
  • Use a personal firewall. Firewalls are built into virtually all computer operating systems. Use a physical home router/firewall between your computer and your cable or DSL modem.
  • Turn on automatic updates. Turn these on for your operating system (Windows, Mac) and applications that you have installed, especially your web browser, Adobe Reader, Adobe Flash, Adobe Shockwave, and Oracle Java.
  • Use a pop-up blocker. Set your browser preferences to block pop-ups as pop-ups can contain malicious code. Use a browser add-on that blocks advertisements (an ad blocker). Use a browser add-on that blocks scripts such as No-Script, uBlock, or use a sandboxing technology like Sandboxie.
  • Do not send sensitive information via e-mail. Never e-mail passwords, account numbers, social security numbers, or other sensitive information to anyone.
  • Sign out of accounts and websites. When you have finished using an Internet service that you have logged into, sign out — do not just close the browser. It is possible that some sites may not close your session (log you out) when the browser window is closed.
  • Check certificates. When visiting secure sites that have a padlock, green address bar, or begin with “https” view the site certificate and verify that it is for the site you believe you are visiting. This can be done by clicking on the padlock and then “view certificate” or “more information." This will display the details about the certificate including the owner and issuer.

Security is everyone’s responsibility. Do your part to keep yourself safe online and prevent fraud — PenFed is here to help.