Your account security is important to us

Select a topic below to jump to that section and learn more about what we're doing to ensure your account is protected and how you can protect yourself.

How we protect you

How you can protect yourself

How we protect you

We choose and actively develop technology to bring you a member experience that's both secure and accessible.

Mobile and online security

We use the most advanced technology to keep your account and information secure. Your Patelco Online™ account is encrypted using Secure Socket Layer (SSL) technology, so any information you provide is securely transmitted as code — extremely difficult to hack. If we detect unusual activity for your account, or a login attempt from an unknown location or computer, we may ask for additional verification to protect your account.

This security extends to all our platforms, whether you're on a desktop computer, mobile browser or the Mobile App.

Credit and debit card guarantee

We're actively monitoring card activity and may block suspicious transactions. We may text, call, or email you if we see a suspicious transaction, so you can tell us if it was really you making the purchase. Learn more about card text alerts.

And if a fraudulent purchase is ever made with your card, our Zero Liability policy ensures full credit as long as you let us know within 60 days. We'll credit your account promptly after our investigation determines you experienced a fraudulent transaction.

Chip and PIN cards

Debit and credit cards with EMV chip and PIN have been the standard of European and Asian banks for a long time – and now Patelco has chip and PIN cards, too. Our new cards have two big advantages for you: worldwide access and greater security.

Without a chip and PIN card, you may not be able to use ATMs or make purchases overseas. So make sure you memorize your PIN for both your Patelco debit and Patelco credit card – and send us a travel notification before you leave on a trip.

Not all merchants or ATMs in the U.S. use EMV yet, but more and more are adopting it. We encourage you to shop with merchants that support EMV whenever possible because the purchases you make there are safer than swiping. The very safest transactions will require you to enter a PIN when making a purchase, even with your credit card. (Some merchants still use signatures instead of PINs for credit card purchases).

How you can protect yourself

You work hard for your money. That's why we work around the clock to keep it safe. You also play a vital role in protecting yourself. Here’s some best practices and tips to keep your money and identity safe.

Guard your information

Protecting your finances and identity begins with keeping your personal information to yourself. Following these 7 best practices will protect your money and your identity.

  1. Never share your member number or account numbers. People you meet online — as well as anyone promising employment — don’t need access to your Patelco account.
  2. Never give out your online banking User ID or Password. Telling these to someone else enables them to steal the money in your Patelco account.
  3. Keep your debit and credit card PINs to yourself. We will never contact you by phone, email, or text to ask you for this information.
  4. Choose eStatements (sign up in Patelco Online™) to prevent mail theft.
  5. Don’t cash checks for someone else – this exposes you to scams that could cost you thousands.
  6. Never provide remote computer access to strangers. Beware of strangers calling and claiming there’s something wrong with your computer – they’re scammers trying to steal your money or identity.
  7. Don’t send money to people you haven’t met. Beware of people you meet online – romantic scams could cost you your life savings.

Protect your debit and credit cards

Protecting your cards is an important part of keeping your finances safe. The same practices keep all three of your cards safe – ATM, credit, and debit – so remember TRIPLE, which stands for Treat, Report, Inform, Protect, Look, and Enter.

Treat — Treat your cards like cash.

Report — Report loss or theft of your card immediately.

Inform — Inform us if your contact information changes so we can contact you in case of a suspicious transaction. You can quickly update your information in Patelco Online™.

Protect — Protect your PIN – never carry it with you or tell it to anyone else.

Look — Review your statements regularly and look for any unknown card transactions. Let us know if you see any unexpected charges.

Enter — Enter your credit card information for each purchase — don't allow websites to save your credit card information. This may take a bit longer, but it will protect you from being part of a data breach. Using a payment system like Apple Pay or Google Pay can also protect you because your card number isn’t given to the merchant.

Stay safe online

To stay safe online, remember to keep SCORE, which stands for Software, Credentials, Operating system, Review, and Email.

Software — Keep your browser (Chrome, Safari, Edge or Firefox) and Mobile App software current so it supports the latest security updates. Check if your browser is up-to-date for Patelco Online™. To check for updates to the Mobile App, just visit your app store to see if there’s an update.

Credentials — Never share your online banking User ID or Password with anyone. Pick a User ID that doesn’t include personal information like your birthday. For your Password, don’t use something that you’ve already used on another website, and avoid special dates.

Operating system — Use an up-to-date operating system so you’re supported by the latest security updates – this includes the operating systems for your computer, phone, and tablet.

Review — Within online banking, regularly review not only your transactions, but also linked accounts, your personal information, and your last login date. If anything seems amiss, this could be a sign your account has been compromised. Contact us if you see anything concerning.

Email — Never send confidential information via email. If you need to send sensitive information, send us a secure message in Patelco Online™. Be cautious of email links and attachments, which could be used to install software that steals your personal information – including your money and identity.

Be ATM smart

Thieves are increasingly targeting ATMs to steal your card information and money. To keep yourself safe, be SMART at the ATM, which stands for Surroundings, Mask, Away, Review, and Tamper.

Surroundings — Be aware of your surroundings. Check that the ATM has a surveillance camera and is well lit. If there’s a door, close it behind you and don't allow anyone else in.

Mask — Your PIN should stay secret, so mask the keypad with your other hand while typing in your PIN. Thieves have been known to use secret cameras to watch you enter your PIN.

Away — Put your cash away immediately after its dispensed, and put your card away as soon as you get it back. Make sure everything is secure before leaving the ATM.

Review — Regularly review your transactions to make sure there’s nothing unexpected. With Patelco Online™ and our Mobile App, it’s easy. An unknown withdrawal or other transactions could signal that your card has been compromised at an ATM – let us know immediately if you see anything concerning.

Tamper — Don’t use the ATM if there’s any evidence someone has tried to tamper with or alter it, especially the keypad or card reader. Examples include anything placed over the card reader, or a keypad that appears extra thick. Report anything unusual to the retail location where the ATM is located.

Use a mobile payment app

Mobile payment apps like Apple Pay and Google Pay better protect you because your card number isn’t given to the merchant. Although your card information is less likely to be stolen by a card reader in a store, it still happens sometimes, so paying in-store with a payment app is safer. Mobile payment apps are increasingly accepted online, and are a great way to prevent your card information from being stored by a website.

Patelco debit and credit cards are compatible with Apple Pay now. Google Pay support is coming soon!

Consider a fraud alert or credit freeze

If you have any reason to suspect that your identity has been compromised or that someone has access to your Social Security number to open accounts, contact the 4 credit bureaus to set up either a fraud alert or a credit freeze.

When a fraud alert is in effect, anyone who receives a credit application in your name should call you to verify your identity and confirm that you’re the one who really applied.

With a credit freeze, creditors can't even access your credit reports – so it’s impossible for them to approve a credit application. (If you need to apply for credit during a freeze, it’s possible to temporarily lift the freeze.)

Fraud alerts and credit freezes have to be put into place with each individual credit bureau. There may be a charge to add or remove alerts and freezes. Here’s the contact information for the 4 credit bureaus:

TransUnion 800.916.8800 transunion.com
EquiFax 888.548.7878 equifax.com
Experian 888.397.3742 experian.com
Innovis 800.540.2505 innovis.com

Steer clear of scams

Be alert to the fact that scams exist. When dealing with uninvited contact from people or businesses, whether on the phone, by mail, via email, in person or on social networking, always consider the possibility that the approach may be a scam. Here’s 7 signs that you may be dealing with a scam:

  1. A request for your personal information. Never give out your Social Security number, credit card or bank account details, online usernames or passwords, or copies of personal documents to anyone you don’t know or trust. If you’ve never met the individual in-person and have only talked online, that person is a stranger and doesn’t need your personal information.
  2. An unusual payment request. If you’re trying to buy something online, scammers will often ask you to use an unusual payment method, such as preloaded debit cards, gift cards, iTunes cards or virtual currency such as Bitcoin. These payment methods have fewer protections than established payment methods like credit cards or Apple Pay.
  3. Requests to cash checks for someone or transfer money for them. Don't agree to transfer money or goods for someone else: money laundering is a criminal offence. And never, ever cash a check for someone else.
  4. A request for money from someone you’ve never met. If you've only ever met someone online, take some time to do a more research before getting further involved with them or sending them money. Search the internet for others who may have had dealings with them. Romantic scams – both domestic and international – are rampant, and can cost victims tens of thousands of dollars.
  5. An unusual or out-of-character message from friends or family. If a message or email appears to come from a friend or family member and seems unusual or out of character, contact the person directly to check that it was really them that sent it. Use a different contact method than the suspicious method – for example, if you get a suspicious email from a friend, send the friend a text or call them to verify it.
  6. A request to communicate outside the platform where you made contact. This is almost always an indication of a scammer. For instance, if you’re booking an apartment on AirBnB or buying an item on eBay, and the seller asks to communicate via email outside of AirBnB or eBay, be suspicious. Insist on conducting business and communicating via the platform only.
  7. Something that looks too good to be true. If it looks too good to be true, it probably is!

Safeguard your identity

Identity theft is a serious threat – but you can worry less if you’re informed and protect your personal information.

Plus, every Patelco Mastercard debit and credit card comes standard with Mastercard® ID Theft Protection™, which provides ID Theft Alerts™, emergency assistance with card replacement, and expert resolution services if you’re targeted for identity theft. Learn more and sign up today at mastercard.us/idthetprotection.

What is identity theft?

Identity theft includes any kind of scam or crime resulting in the loss of personal information — such as Social Security numbers, online usernames and passwords, banking information, or credit card numbers — that is used without your permission to commit fraud and other crimes. According to the FTC, up to 9 million Americans have their identities stolen each year. The consequences of identity theft range from annoying to life-altering, and can cost hundreds or thousands of dollars to resolve.

The worst cases cause tremendous damage to a person’s reputation, causing them to lose job opportunities, be rejected from schools, be turned down for house or car loans, and even be arrested for crimes committed by someone else using their identity.

How are identities stolen?

Fraudsters use all types of methods: stealing mail from your mailbox, rummage through your trash for bills and bank statements, stealing wallets and purses, or making a copy of your credit card when its used in a restaurant. Online, there’s even more danger – phishing, social media and romantic scams, and software downloaded onto phones and computers that steals personal information. Using unsecure wifi networks, taking money from a compromised ATM, or being victim to a data breach are other ways identities are stolen.

How can you protect your identity?

Although there’s many ways identity thieves work, you can protect yourself by following these 8 guidelines.

  1. Regularly update the software and operating systems on your smartphone and computer– this will get you the latest security updates. Only download software from legitimate sources, like your phone’s official app store.
  2. Avoid spam and phishing (check out our tips on this page).
  3. Steer clear of scams (check out our tips on this page).
  4. Use strong passwords – a mix of letters, numbers, and symbols that does not contain important dates or numbers like your birth year or zip code.
  5. Monitor your credit scores regularly (check out our guide to credit scores on this page). Review your credit score. Look to see if there are new credit cards, loans or other transactions on your account that you are not aware of. If there are, take immediate steps to have these terminated and investigated.
  6. Only use reputable websites when shopping online. If you haven’t heard of the company, do some homework before giving them your payment information. How are they reviewed by other users online? Do they use a secure, encrypted connection for personal and financial information (https and not http)?
  7. Stay alert for common signs of identity theft:
    • False information on your credit reports, including the wrong Social Security number, account numbers, address(es), name or employer’s name.
    • Bills or other mail that’s missing or comes late. This could indicate that an ID thief has hijacked your account and changed your billing address to help hide the crime.
    • Receiving new credit cards you didn’t apply for.
    • Having credit denied or being subject to high-interest rates for no apparent reason.
    • Getting calls or notices about past due bills for products or services you didn’t buy.
  8. Think twice before joining an unsecured wifi network — and if you are on an unsecured network at a coffee shop or airport, don’t log in to your bank account or other sensitive websites.

Consider using a virtual private network (VPN), which is a tool that helps shield your information from prying eyes on public wifi networks.

Monitor your credit reports

Monitor your credit scores and credit reports – this is one of the clearest ways to monitor for identity theft. By law, you have the right to 4 free credit reports per year (one each from Experian, Transunion, Innovis and Equifax).

Three of the credit bureaus (Experian, Transunion, and Equifax) work together through annualcreditreport.com, so you can request three reports at once via that website, by calling 877.322.8228, or by filling out the Annual Credit Report Request Form and mailing it to:

Annual Credit Report Requesting Service
PO Box 105281
Atlanta, GA 30348-5281

Learn more about credit reports at the FTC’s page on free credit reports.

Innovis also offers a free annual credit report. To learn more and request your free Innovis credit report, visit their credit report page.

Don’t get phished

Phishing is when an attacker pretends to be a reputable person or company and steals personal information to be used for financial crimes or identity theft. Phishing happens on social media, via email, over the phone, and in pop-ups and search results.

How does phishing work?

This classic scam illustrates how phishing works.

  1. You get an email pretending to be from your financial institution. It says there’s a problem with your account and has a link that looks like it’s from the institution’s website.
  2. You click the link to go to the website, and you’re presented with a login page. It looks like the institution’s official website, though the words and graphics may not be 100% accurate.
  3. You enter your User ID and Password.
  4. You’ve been phished – thieves now have your online banking User ID and Password. Now they can log in to your account, transfer money out, and steal more personal information.

Besides email, phishing can happen via cold calls, pop-ups, search results and social media.

What’s call cold phishing?

This classic cold call phishing scam happens when “tech support” calls and claims to be from a reputable company (like Microsoft or Norton) and states that your computer has a problem. The criminal will then ask you to install software on your computer, or to give them remote access to your computer.

If you install the software or give the caller remote access, you’re giving thieves access to steal your money and personal information. Sometimes, these scammers will even ask for a fee to fix the issue.

What are phishing pop-ups?

When browsing the internet, you might see pop-ups that tell you there’s something wrong with your computer, or that offer to “fix” or “scan” your computer. Often, you will see these when you’re searching for a related problem – for example, a pop-up that claims to have found a virus on your computer appears when you search for information about viruses.

Sometimes, the pop-ups will look like they come from a legitimate source, such as Microsoft or Norton. If you click the pop-up, provide personal information, or download software, you may end up being phished.

Examine the message closely — look for obvious signs of fraud such as poor spelling, unprofessional imagery, and bad grammar. If there’s a phone number listed in the pop-up, you can also do an internet search for that number to verify its legitimacy. In general, it’s a good idea to steer clear of pop-ups!

How does phishing work with search results?

Fraudsters frequently use paid search results to advertise “support services”, cheap products, employment opportunities or amazing deals. Beware of the following when you’re looking at search results:

  • Deals, discounts or giveaways that sound too good to be true. If you provide personal or financial information, you’ll lose your money or identity.
  • Credit cards with very low interest rates from banks you’ve never heard of. These applications are often simply designed to steal your information.
  • Employment applications requiring lots of personal information. Online job searches can show fake job offers from companies that don’t exist – especially for work-from-home opportunities or too-good-to-be-true offers. The applications for these jobs will ask for personal information that an employer wouldn’t need to hire you.
  • Websites promising to scan your computer for problems or fix viruses. Although there are legitimate antivirus companies who offer services online, much of what you find in search results are fake companies that only want to steal your identity and money. Exercise caution before downloading anything!

How does phishing happen on social media?

From Facebook to LinkedIn, social media is full of phishing attacks.

  • Advertisements on social media – especially for fake products or too-good-to-be-true prices – may be attempts to steal your credit card and personal information.
  • Direct messages (DMs) can contain phishing attempts, especially if a friend or family member’s account has been compromised. Hacked social media accounts can be used to send phishing links through DMs, attempting to trick you into visiting malicious websites or downloading file attachments.

    For example, a friend’s Twitter account that has been compromised might send you a direct message with a fake link to connect with them on LinkedIn. This link would direct you to a phishing site that looks like the LinkedIn login page, but is really a phishing site designed to steal your LinkedIn credentials.
  • Fake customer support accounts are when scammers impersonate major brands such as Amazon, PayPal, or Samsung. Because many people turning to Twitter or Facebook over traditional customer support channels, scammers are taking advantage of this.

    For example, the Twitter handle @Amazon_Help might be used to impersonate the real support account @AmazonHelp. To make sure you’re using real customer support accounts, begin your search for help at the company’s official website.
  • Spam comments often appear on trending content – they contain links to phishing sites that try to trick you into entering your personal information, such as a username and password to an online account. Be careful with any links you see in comments, and don’t ever log in to sites linked in comments.
  • Compromised accounts of friends can also be used to make posts that are phishing attempts. Because you know and trust the person making the post, you may be more included to trust the link. The post you’re looking at for a great electronics deal or travel sale may be legitimately posted by your friend – but know that social media accounts can be hacked, so don’t automatically trust everything you see posted.

How can you protect yourself against phishing?

There’s many phishing scams out there, but you can protect yourself from them online if you remember the five RIVER practices: Refuse, Ignore, Verify, Exercise and Review.

Refuse – Refuse to download software or provide remote access if there are phone calls about your computer asking for remote access – hang up, even if they mention a well-known company such as Microsoft.

Ignore – Ignore suspicious text messages, close pop-up windows, and avoid clicking on links or attachments in emails from people you don’t know – delete them instead.

Verify – Verify the identity of the contact (if you’re unsure about a message) through an independent source such as an online search, or call them at a known number. Don't use the contact details provided in the message sent to you!

Exercise – Exercise caution when shopping online. Beware of offers that seem too good to be true, and always use an online shopping service that you know and trust. Think twice before using virtual currencies (like Bitcoin) or alternate payment methods (like prepaid debit cards or iTunes gift cards) — they do not have the same protections as other transaction methods.

Review – Review your privacy and security settings on social media. If you use social networking sites such as Facebook, be careful who you connect with, and learn how to use your privacy and security settings to ensure you stay safe.

What should you do if you think you’ve been phished?

If you think you’ve been phished, take these 4 steps to protect yourself.

  1. Change your passwords to your computer, to financial institutions, and to your online accounts. When you’re changing your financial institution and other online account passwords, do that using a different computer than the one you think you were phished on.
  2. Run a full system scan on the compromised computer using the built-in antivirus software (if the computer has it), or the software from a reputable company.
  3. Contact your financial institution to report that there has been potential fraud performed on your account.
  4. Consider asking the credit bureaus to place a fraud alert or credit freeze on your account – their contact information can be found on this page.