Scammers can spoof caller ID to appear as a legitimate entity, including PenFed. Be cautious even if the caller ID seems familiar.
Your security is our priority. PenFed uses advanced measures to safeguard your finances, including the latest Passkey technology.
Verify: Always verify the identity of anyone requesting personal information, especially if you are unsure of the source.
Scammers can spoof caller ID to appear as a legitimate entity, including PenFed. Be cautious even if the caller ID seems familiar.
Watch out for unsolicited calls or pop-ups offering technical support. Scammers may try to trick you into downloading malicious software to gain access to your personal information.
Be wary of unexpected refund offers. Scammers may claim you’ve been overcharged and ask you to return a portion of the funds. Once you send the money, the original transaction may be reversed, leaving you in a financial loss.
Identity theft is when someone uses another person’s personal identifying information, such as their name, identifying number, or debit/credit card number without their permission, to commit fraud or other crimes.
Potential indicators of identity theft
Phishing is the activity of defrauding an online account holder of financial information by posing as a legitimate company or entity.
Types of phishing
How to “avoid” phishing
Card Member Security helps protect PenFed cardholders from fraudulent activity by identifying suspicious transactions and sending alerts to cardholders. It also assists with reporting fraudulent transactions and reporting cards as lost or stolen.
PenFed automatically enrolls all credit and debit cardholders in text alerts using the mobile number on file. Text alerts are a Free-to-End-User (FTEU) service, so there is no cost for enrollment, and text message rates do not apply to members. If Card Member Security sends a text message, it will come from the number 91937.
PenFed chip-enabled credit and debit cards offer enhanced security when used at chip-enabled terminals and over the phone. Your card is also protected by Visa’s Zero Liability Policy if lost, stolen, or fraudulently used.
Follow these online security best practices to protect your accounts and online activities.
Avoid interacting with suspicious numbers. Add trusted numbers to your contacts.
Protect your funds. Never send money or information to anyone you personally do not know.
Verify your transactions. Review your account activity regularly.
Know your vendors. Familiarize yourself with how common vendors display in your account history.
Utilize security alerts. Set up and receive account alerts in PenFed Online or in your PenFed mobile app.
Use only secure apps. For electronic payments, always use trusted applications like PenFed’s mobile application or Apple Pay and Samsung Pay.
Protect your card information at the point of sale. Use contactless payment methods, when available.
Protect your card information online. Do not provide your information online unless you are making a purchase from a website you trust. Secure sites typically will direct you to a secure page with a URL starting with “https://.” Also, ensure the email address/link is from a reputable and known sender and always double-check for misspellings (example; Amazon vs. Annazon).
Update your software. Make sure your device has the latest security updates installed.
Know that browsers are not safe for storing user credentials. Decline any offers when a browser asks you if you want to store our credentials for later. To avoid future storage offers, turn off these offers in your browser settings.
Know how PenFed communicates with you. At times, PenFed may reach out to you with offers or important information regarding your account. Knowing how we communicate with you will help you better tell legitimate PenFed communications apart from those of scammers.
Email: Email from PenFed will have a sent from email address ending in @penfed.org or @penfed.info. Always review sending email addresses as scammers like to spoof or impersonate organizations like PenFed.
Text message: If Card Member Security sends a text message, it will come from the number 91937.
One-time passcodes: 1-888-904-8461, 1-833-266-5655 For security during high-risk transactions, PenFed uses a two-factor authentication system called a one-time passcode (OTP) that will come from one of the above numbers. PenFed also uses OTP when members are attempting to unlock their PenFed Online access. Never share OTPs with anyone.
Avoid connecting your smart phone to an untrusted wireless network. Only download apps from official stores such as iTunes or Google Play.
Never “root” or “jailbreak” your mobile device to get around limitations set by your carrier or device manufacturer. Rooting involves adding, editing, or deleting system files, and jailbreaking allows you to bypass system restrictions. These activities remove protections that are built into your device to defend against mobile threats.
PenFed is federally insured by the National Credit Union Administration (NCUA) through the National Credit Union Share Insurance Fund (NCUSIF).
That means your deposits are insured up to at least $250,000 per individual member for the total in your regular share (savings) accounts, share draft (checking) accounts, money market accounts, and share certificates.
If you have more than $250,000 at PenFed any single federal credit union of which you are a member, there are options available for additional share insurance coverage.
Just as with FDIC insurance for banks, NCUSIF coverage does not cover losses on money invested in mutual funds, stocks, bonds, life insurance policies, and annuities offered by affiliated entities. It does protect members at all federally insured credit unions from losses on a broad spectrum of savings and share draft products.
Stop. If they ask you for anything, decline. Even if you were hacked, your card company would never ask for a password.
Drop. End the call as soon as you suspect it's a scam. Don't feel obligated to be polite.
Call. Contact a known number to report the incident.
Use multi-factor authentication (MFA) for added security. This requires a second form of verification, such as a code sent to your phone, in addition to your password.
Avoid downloading any software recommended by an unsolicited caller. Scammers may use this to gain access to your computer and steal your information.
Log into PenFed Online to report your lost or stolen card. We'll cancel your card and send you a replacement immediately.
Additionally, you should
Call PenFed at 1-800-247-5626. If possible, provide the number of the last check that was written or the name of the person or business to whom it was written.
Additionally, you should
Call PenFed at 1-800-247-5626 and report the suspicious transaction. You may also want to contact the merchant. It is sometimes easier and more efficient to resolve any issue directly with the merchant.
Follow these steps if you believe your identity has been compromised:
1. Contact your financial institutions and creditors. Speak with their fraud departments and explain that someone has stolen your identity.
2. Check your credit reports, and place a fraud alert on your file. Initiate a fraud alert by contacting one of the following three credit bureaus. Once you contact one bureau, the other two bureaus are notified automatically.
Equifax: 1-888-766-0008
Experian: 1-888-397-3742
TransUnion: 1-800-680-7289
3. Watch out for suspicious emails, phone calls, or text messages asking you for your personal information. Always verify that any communication is legitimate by calling the organization back through an official phone number.
A merchant compromise is an organized theft of ATM, debit card, or credit card information.
We continuously monitor transactions for suspicious activity. If we detect that your PenFed card may have been part of a merchant compromise, this does not necessarily mean that fraud has occurred — or will occur — on your account. However, we may deactivate your current card and issue you a new one as a precaution to make sure your account and personal information are safe.
Suspicious email: Forward the email to abuse@penfed.org. Please be sure to include your contact information in case questions arise.
Suspicious text message: Send a screen shot of the suspicious message to abuse@penfed.org. Please be sure to include your contact information in case questions arise.
Suspicious phone call: Report the call at abuse@penfed.org. Please be sure to include your contact information in case questions arise. You may also call us at 1-800-247-5626.