Tips for Safe Banking
Over the Internet
This article is intended to provide the public with basic
information about online banking. It is not intended to be a
legal interpretation of the regulations and policies of the FDIC,
the Federal Reserve System, the Office of the Comptroller of
the Currency, or the Office of Thrift Supervision.
Produced by the FDIC in collaboration with
• The Federal Reserve Bank of New York;
• The Office of the Comptroller of the Currency; and
The Office of Thrift Supervision.
As use of the Internet continues to expand, more banks
and thrifts are using the Web to offer products and
services or otherwise enhance communications with
The Internet offers the potential for safe, convenient
new ways to shop for financial services and conduct
banking business, any day, any time. However, safe
banking online involves making good choices –
decisions that will help you avoid costly surprises or
This brochure offers information and tips to help you if
you are thinking about or already using online banking
systems. We will tell you how to:
• Confirm that an online bank is legitimate and that
your deposits are insured
• Keep your personal information private and secure
• Understand your rights as a consumer
• Learn where to go for more assistance from banking
Confirm that an Online Bank Is Legitimate
and that Your Deposits Are Insured
Whether you are selecting a traditional bank or an
online bank that has no physical offices, it’s wise to
make sure that it is legitimate and that your deposits
are federally insured. Here are tips specifically designed
for consumers considering banking over the Internet.
Read key information about the bank posted on
its Web site.
Most bank Web sites have an “About Us” section or
something similar that describes the institution. You
may find a brief history of the bank, the official name
and address of the bank’s headquarters, and information
about its insurance coverage from the FDIC.
Protect yourself from fraudulent Web sites.
For example, watch out for copycat Web sites that
deliberately use a name or Web address very similar to,
but not the same as, that of a real financial institution.
The intent is to lure you into clicking onto their Web site
and giving your personal information, such as your
account number and password. Always check to see
that you have typed the correct Web site address for
your bank before conducting a transaction.
Verify the bank’s insurance status.
To verify a bank’s insurance status, look for the
familiar FDIC logo or the words “Member FDIC” or
“FDIC Insured” on the Web site.
Also, you should check the FDIC’s online database of
FDIC-insured institutions. You can search for an
institution by going to the FDIC’s home page at
and selecting “Is My Bank Insured?”
Enter the official name, city, and state of the
bank, and click the “Find My Institution” button. A
positive match will display the official name of the
bank, the date it became insured, its insurance
certificate number, the main office location for the
bank, and its primary government regulator. If your
bank does not appear on this list, contact the FDIC.
Some bank Web sites provide links directly to the
FDIC’s Web site to assist you in identifying or verifying
the FDIC insurance protection of their deposits.
Also remember that not all banks operating on the
Internet are insured by the FDIC. Many banks that are
not FDIC-insured are chartered overseas. If you choose
to use a bank chartered overseas, it is important for
you to know that the FDIC may not insure your
deposits. Check with your bank or the FDIC if you are
For insurance purposes, be aware that a bank
may use different names for its online and
traditional services; this does not mean you are
dealing with separate banks.
This means, for example, that to determine your
maximum FDIC insurance coverage, your deposits at
the parent bank will be added together with those at
the separately named bank Web site and will be
insured for up to the maximum amount covered for one
bank. Talk to your banker if you have questions.
Know where to get more information about FDIC
Don’t worry about your deposit insurance coverage if
you or your family have less than $100,000 in all your
accounts combined at the same FDIC-insured bank. But
if your accounts total $100,000 or more, find out if
they’re within the insurance limit. Contact your bank for
For additional assistance from the FDIC about the
legitimacy of an institution or the insurance of your
deposits, call the FDIC's Division of Compliance and
Consumer Affairs toll-free at 800-934-3342 or send an
e-mail via the FDIC’s online Customer Assistance page
It’s important to note that only deposits offered by
FDIC-insured institutions are protected by the FDIC.
Non-deposit investment and insurance products, such as
mutual funds, stocks, annuities and life insurance
policies that may be sold through Web sites or at the
bank itself, are not FDIC-insured, are not guaranteed by
the bank, and may lose value.
Protect Your Privacy
Some consumers may want to know how their personal
information is used by their bank and whether it is
shared with affiliates of the bank or other parties.
Starting July 2001, banks are required to give you a
customer, regardless of whether you are conducting
business online or offline. You may also see a copy of it
posted at the bank’s Web site. By reviewing this policy
you can learn what information the bank keeps about
you, and what information, if any, it shares with other
Banks may want to share information about you to help
market products specific to your needs and interests. If
you do not wish to participate in information sharing,
however, you have the right to prevent your bank from
sharing your private personal information with parties
not affiliated with the bank, except in certain limited
circumstances. As of July 2001, your bank should
provide a clear method for you to “opt out” of this type
of information sharing.
You may have heard that some companies track your
Web browsing habits while at their site, to understand
your interests and then to market particular services or
promotions. You may want to ask whether your bank
tracks your browsing habits if these practices concern
you. Also, your Web browser may enable you to block
the ability of outside companies to track your browsing
Your bank and your Internet service provider may have
more information about how to protect your privacy
Help Keep Your Transactions Secure
The Internet is a public network. Therefore, it is
important to learn how to safeguard your banking
information, credit card numbers, Social Security
Number and other personal data
Look at your bank’s Web site for information
about its security practices, or contact the bank
Preventing Identity Theft
We highly value our clients’ trust in us. Therefore, we work hard to protect you from any disclosure of your personal
information that could lead to identity theft or unauthorized account activities.
Remember that we will never contact you
by telephone, e-mail, or mail to request or verify security details about PINs or passwords.
For your privacy and protection, our representatives will ask for certain information to verify your identity.
However, we will never request your PINs, passwords, or similar information.
We do not send e-mails containing or asking for personal or sensitive information.
If you receive any e-mail asking you to confirm, update or contains an “active” link, assume that
it is a fraudulent attempt to illegally gain information and contact us immediately.
Also learn about and take advantage of security
features. Some examples are:
• Encryption is the process of scrambling private
information to prevent unauthorized access. To
show that your transmission is encrypted, some
browsers display a small icon on your screen that
looks like a “lock” or a “key” whenever you conduct
secure transactions online. Avoid sending sensitive
information, such as account numbers, through
• Passwords or personal identification numbers
(PINs) should be used when accessing an account
online. Your password should be unique to you and
you should change it regularly. Do not use birthdates
or other numbers or words that may be easy for
others to guess. Be careful who you give your
password to. For example, if you use a financial
company that requires your passwords in order to
gather your financial data from various sources,
make sure you learn about the company’s privacy
and security practices.
• General security over your personal computer such
as virus protection and physical access controls
should be used and updated regularly. Contact your
hardware and software suppliers or Internet service
provider to ensure you have the latest in security
If you have a security concern about your online
accounts, contact your bank to discuss possible
problems and remedies.
Remember that nonfinancial Web sites that are
linked to your bank’s site are not FDIC-insured.
As an added convenience to their customers, some
banks offer online links to merchants, retail stores,
travel agents and other nonfinancial sites. An outside
company’s products and services are not insured by
the FDIC, and your bank may not guarantee the
products and services.
As in everyday business, before you order a product or
service online, make sure you are comfortable with the
reputation of the company making the offer. Only then
should you give out your credit card or debit card
number. And never give the number unless you
initiated the transaction.
For More Help
Answers to your questions.
Many regulations provide consumer protection for both
traditional and online transactions. If you have any
questions or concerns, first try to get answers from
your bank. If you’re still not satisfied, contact the
appropriate federal regulator.
For a brief overview of the regulations, log on to the
FDIC’s Consumer Rights Web page at
If you’d like to review the regulations, you can look them up at
Where to file a complaint.
If you know your bank’s primary regulator, you may file
your complaint online or via e-mail using one of the
following methods. If you are not certain where to file
your complaint, you may contact any of the agencies
listed below and they will direct you to the appropriate
Office of the Comptroller of the Currency (e-mail):
Board of Governors of the Federal Reserve System:
Office of Thrift Supervision (e-mail):
Where to report a suspected fraud.
Contact the FDIC
if you have been a
victim of banking fraud, or if you have visited a bank
Web site that appears to be fraudulent.
For More Information
For more information about online banking in general,
write or call the following banking regulators or visit
their Web sites
Federal Deposit Insurance Corporation
550 17th Street, NW
Washington, DC 20429
Board of Governors of the Federal Reserve System
20th and Constitution Avenue, NW
Washington, DC 20551
Office of the Comptroller of the Currency
Customer Assistance Center
1301 McKinney Street, Suite 3725
Houston, Texas 77010-3031
Office of Thrift Supervision
1700 G Street, NW
Washington, DC 20552
Tips when using mobile
devices for financial services
Many consumers use mobile devices for financial
services to save time when accessing accounts,
help track spending, and manage money. Using
mobile devices is a lot like using a computer, and
you should use similar best practices for security—
especially since your mobile device can get lost or
Here are some tips for using your mobile device
more safely and securely to help you achieve your
Set up alerts and check your account balances:
You can set up alerts by text message, email, or
even app notifications. Alerts can tell you when
your checking account balance is low, when your
credit card balance exceeds a limit you set, and
even when a charge over a specified amount is
placed on your credit card.
Protect your personal information: Don’t share
your PIN or password with anyone, and don’t
save them on your mobile device. Think twice
about accessing your accounts on a phone or
device that you share with another person.
Use passwords: Password protecting your
mobile device can help prevent access to your
information in the device. Don’t use easily
identifiable passwords like your birthday and
never save passwords on your phone.
Report loss or theft to all your financial
institutions or financial services providers as
soon as it occurs. If you lose your mobile device,
you may be focused on notifying the mobile
provider -- but don’t forget to report loss or theft
to your financial providers if your device can
provide access to your accounts through apps.
Use secure websites or apps: This sounds
obvious, but don’t login to your accounts
through links that are sent to you by an email
address or on a website or app that you don’t
recognize. When using free or public wi-fi, try to
use a private network and go to a secure site that
begins with HTTPS.
Remove sensitive information from your old
phone or device: If you get a new phone or
mobile device, be sure to delete your data and
information from the old phone. You may have
left names of banks or credit unions, passwords,
or other clues that could help identify your
Visit consumerfinance.gov for more information