Website Security

Website Security and Privacy Information

Date of most recent update: December 2015 

Green Address Bar

Newer internet browsers (the list is below) can turn your address bar green when visiting a website with the highest security encryption and authenticity ratings. This is a new security feature that you may have seen on other web sites such as and The green bar assures visitors and members that they are interacting with the real Pentagon Federal Credit Union (PenFed) website and online experience (PenFed Online) and not being hi-jacked to an illegal version that might steal personal information or silently download malicious programs onto your computer.

Internet browsers that can recognize the green bar: Internet Explorer 7, Firefox 3.x+, Opera 9 and Safari 3.2+.

AutoComplete feature in Microsoft Internet Explorer

If you are using Microsoft Internet Explorer 5.0 or higher on a Windows platform, your user name and password may automatically fill in when you enter PenFed Online. This is a feature of this browser version that works much like the later versions of Microsoft Word where the application automatically complete words that you have typed before and use frequently. This IS NOT a feature that PenFed controls through PenFed Online. In fact, you may experience this feature on other sites that you frequently visit and are required to input the same information each time. While this is a nice feature when used with some sites, we strongly recommend that you disable it when accessing sites that contain sensitive or confidential data.

To disable the AutoComplete feature for version 5.0 and higher:

  1. Go to the Tools menu option of your browser and select Internet Options.
  2. A dialog box will appear with six tabs across the top, click on the Content tab.
  3. Click on the "AutoComplete" button in the Personal Information section at the bottom.
  4. A dialogue box called "AutoComplete Settings" will appear, deselect the "User name and password on forms" checkbox and click on the "Clear Passwords" button.
  5. Click OK to save your settings.
  6. Click OK on the "Internet Options" window.
  7. For more information about this feature refer to Microsoft's support site for Internet Explorer at


PenFed Online supports 128-bit encryption between your browser and our servers. While in some cases 40-bit encryption browsers will support PenFed Online, we strongly recommend you use a 128-bit encryption browser. You can find out more about encryption and browsers, and upgrade your browser, if necessary, at Mozilla ( and Microsoft (

Logging off from PenFed Online

When you have completed your transactions with PenFed Online be sure to exit using the "Log Out" buttons found in the top menu and at the bottom of each screen. This is the most secure way to exit PenFed Online. By using the "Log Out" button you will ensure that session cookies have been removed, no pages are "cached" on your machine, pages containing account information cannot be accessed using the "back" button, and the connection between your computer and the main frame computer hosting your account information has been terminated. We will automatically attempt to log you off if you close your browser window, however, clicking the "Log Out" button will ensure your transaction has ended.


PenFed Online is not gathering from or storing on your computer confidential or sensitive information via cookies, or any other mechanism for that matter. PenFed Online uses cookies to pass session variables between PenFed Online screens to get around the fact that the web is essentially a stateless environment. Stateless environment means that the server hosting the application, in this case PenFed Online, does not keep an open connection to your browser, but instead downloads each page as you request it: this is true of all web sites.

The cookies in PenFed Online DO NOT collect or save user name or password information. Further, the cookies used by PenFed Online expire when you click the 'Log Out' button. And, cookies in general can only be read by the server that created them. In essence only PenFed Online can read PenFed Online-generated cookies (and only while you're using the service). PenFed does use cookies for purposes as allowed by law, including but not limited to, improving our website, products, or services; compliance and information security; tracking website usage, such as number of hits, pages visited, and the length of user sessions in order to improve our website.

We may share this information when required by law and with service providers who assist PenFed with tracking website usage, such as number of hits, pages visited, and length of user sessions in order to improve our website.

PenFed Online does not separately respond to or take any action with respect to a “do not track” configuration set in your internet browser.

We understand your concerns about security and privacy, and we implement the strongest measures possible to ensure that your confidential information remains that way. We also understand that cookies have received some negative publicity, especially from the more extremist elements of the Internet community, and a lot of misinformation has been generated about them. If you want to find out more about cookies, you should visit any of the following sites: Netscape Communications security information, Cookie Central, World Wide Web Consortium.

If we make updates to our policy, we will revise the “date of most recent update” posted at the top of this policy. Any updates to the policy become effective when we post the updates on our website.

By using PenFed’s website you consent to PenFed policy.

Acceptable File Types - PenFed Online Secure Upload Feature

Please refer to the following lists for the file types that PenFed Online's secure upload feature will accept: