Protecting the data of our members is one of our highest priorities. We are most effective when partnered with our members to detect fraud. Please report anything out of the ordinary concerning your PenFed accounts immediately.
Change your Password regularly. PenFed recommends this be done every 60-90 days.
Never give your passwords to anyone. PenFed will NEVER ask for your password in an email, over the phone, in a text or any other communication method.
Do not reuse passwords. Do not use the same password you have set for PenFed Online for any other account.
Use a password manager. If you use a password manager, you do not have to remember all your passwords; only the one to the password manager. This allows you to use long, complex and unique passwords for all your accounts. Be sure to make the password to your password manager a strong one. Macs have a password manager built in (Keychain) and there are many available for Windows.
Use a “two factor” method for authenticating to sites if available. This is especially important for email since email is often used to reset passwords, confirm actions and as additional method for identity verification.
Install protection software on your home computers such as anti-virus, anti-spyware and anti-fraud protection software and keep them up to date.
Use a personal firewall. Firewalls are built into virtually all computer operating systems. Click here for more information: Windows, Mac
Use a physical home router/firewall between your computer and your cable or DSL modem.
Turn on automatic updates for your operating system (Windows, Mac) and applications that you have installed, especially your web browser, Adobe Reader, Adobe Flash, Adobe Shockwave and Oracle Java.
Create a second, non-privileged operating system account, for normal, everyday use and use your privileged (administrator) account only when needed, like when installing software. (Windows, Mac)
Use a pop-up blocker. Set your browser preferences to block pop–ups as pop-ups can contain malicious code.
Use a browser add-on that blocks advertisements (an ad blocker)
Use a browser add-on that blocks scripts such as No-Script, uBlock or use a sandboxing technology like Sandboxie.
Conduct online banking and make financial transactions only with a trusted computer (one owned by you or someone you trust) on a trusted network—wired or wireless.
Never use a public computer for online banking. If you must bank while away from a trusted computer, use the PenFed Mobile App.
Turn off your computer when not in use.
Review your account and transaction information regularly—least once a week. If you notice any changes to your account that you didn't make, contact us immediately at 1-800-247-5626.
Set up account alerts to receive alerts on your cell phone or in e-mail so you can stay updated on your account activity. Set up account alerts
Freeze your credit report. A security freeze prevents potential creditors from being able to pull your credit file. When your credit file is frozen, ID thieves can apply for credit in your name, but not be able to establish new lines of credit. Few creditors will extend credit without determining the risk of doing so (i.e., view your credit file). You can unfreeze your credit file any time.
If you do not freeze your credit report, check it regularly. Ensure you recognize all the accounts listed. Contact one of the three major credit-reporting agencies for a copy of your credit report.
Do not send sensitive information via e-mail. Never e–mail passwords, account numbers, social security numbers or other sensitive information to anyone.
Sign out of accounts and websites. When you have finished using an Internet service that you have logged into, sign out and do not just close the browser. It is possible that some sites may not close your session (log you out) when the browser window is closed.
Check certificates. When visiting secure sites that have a padlock, green address bar or begin with “https” view the site certificate and verify that it is for the site you believe you are visiting. This can be done by clicking on the padlock and then “view certificate” or “more information”. This will display the details about the certificate including the owner and issuer.
Do not root or jailbreak your mobile device to get around limitations set by your carrier or device manufacturer. It removes protections built into the device to defend against mobile threats.
Only download Apps from official stores such as iTunes or Google Play.
Avoid connecting your smart phone to an untrusted wireless network.
The first thought that generally comes to mind when someone mentions hacking is the common media image of a dark room, a glowing computer monitor, and stacks of soda cans leaning precariously over a keyboard. Would it surprise you to find out that far more hacks are accomplished with words than technical knowledge? This is called Social Engineering, and the goal is to convince you to help the attacker do all the work for them!
How does the attacker trick you into doing this? They rely on four general strategies… appealing to greed, appealing to fear, appealing to authority or relying on human kindness.
Every one of these scenarios can occur over email, chat, text, the phone or even in person.
In all of these situations, you can avoid being caught out with a few strategies.
Memorize PINs and do not write them down. If you do write them down, keep them in a password manager or on paper nowhere near your credit or debit cards.
Protect your credit card information, so do not provide it online unless you are making a purchase from a website you trust. Secure sites typically will direct you to a secure page with a URL starting with “https://” whenever you make purchases or are asked to provide confidential information.
Don’t store credit card numbers and other financial data on your cell phone or PDA.
If you have a card with RFID, use an RFID blocking (Faraday) wallet, purse or other container to protect your card from unauthorized reading.
Beware of skimmers. Skimmers are small devices that are designed to fit over card slots and keypads to collect card data and card PINs. Common places for these are ATMs and gas pumps. Some are virtually impossible to identify. If the card reader is loose or you see exposed wires, do not use it.
Identity theft can happen even if you've been very careful with your personal information. Below are some potential indicators of identity theft.
We may share this information when required by law and with service providers who assist PenFed with tracking website usage, such as number of hits, pages visited, and length of user sessions in order to improve our website.
PenFed Online does not separately respond to or take any action with respect to a “do not track” configuration set in your internet browser.
By using PenFed’s website you consent to PenFed policy.
The content you are about to view is produced by a third party. PenFed takes no responsibility for the content on the page.
The content you are about to view is produced by a third party unaffiliated to Pentagon Federal Credit Union. PenFed takes no responsibility for the content on the page.
Prudential PenFed Realty is a wholly owned subsidiary of PenFed.
If you are ready to open a new IRA account, please print, complete, and return the IRA application:
IRA Application Booklet
If you have a PenFed IRA and would like to open an IRA certificate, please call a member service representative at 1-800-247-5626.
If you are ready to open a new Coverdell Education Savings Account (ESA), please print, complete, and return the following application:
Coverdell ESA Application
If you have a Coverdell ESA with PenFed and would like to open an ESA Certificate, please call a member service representative at 1-800-247-5626.
Join Now & Start Enjoying Member Benefits
To join, you need only fulfill two requirements:
Become a member and take advantage of products and offers exclusive to membership!
Become a member in 3 steps; it is fast and easy to set up an account online. No military affiliation required!