Identity Theft and Online Banking Security Tips

February 13, 2025

Protecting your information identity and online banking security is crucial to safeguarding your financial assets and personal data from cyber threats that can lead to identity theft and financial loss. Here are essential tips to help you stay secure online.

How to Protect Your Personal Information

• Never give out personal information, especially your Social Security number, to anyone you can't confirm has a legitimate purpose for asking for it.
• Do not carry your Social Security card, Social Security number, birth certificate or passport with you, unless necessary.
• Do not put your address, telephone number, Social Security number, or driver's license number on personal checks or credit card sales receipts.
• Shred old receipts, credit applications, bank records, and any other personal documents before discarding them.
• Check your credit report at least once a year. Three major credit-reporting agencies (Experian, Equifax, TransUnion) are required to provide you with one free credit report a year. Visit www.annualcreditreport.com to obtain yours.

How to Protect Your Financial Information

• Exercise your rights under the Fair and Accurate Credit Transaction Act and review your credit report regularly to be sure it's accurate and up to date.
• Never give out your password or PIN for your check card, credit card or ATM card.
• Keep important documents in a safe place. Burglars are just as interested in credit cards, bank accounts and investment statements as they are in your other valuables.
• Keep a list of all credit cards and bank accounts including the account numbers, phone numbers and expiration dates in a safe place.
• Provide personal information only on websites that are secure and only when you have initiated the contact.
• Shred financial or confidential information such as credit card preapprovals, credit card receipts, and bank statements before discarding them.
• Carry only the credit cards you plan to use. If you have credit cards you do not use, store them in a safe place. If you no longer use a particular card, cancel the account and destroy the card.
• Place payments and financial mail in a secure post office box, not in your home mailbox.
• Pick up your mail as soon as possible after it's delivered and keep track of when your bills are supposed to arrive. If your monthly bank and credit card statements do not arrive in the mail, call your bank or lender immediately.
• Always check bank statements and credit card bills for accuracy.
• Go paperless. Electronic statements and invoices minimize the number of hard copy documents that bear your personal information and could get into the wrong hands.

Steps You Can Take If You Suspect Identity Theft

If you think you are a victim of identity theft, take action immediately. Contact the local police, your bank(s), the three major credit reporting agencies and the Federal Trade Commission at (877) IDTHEFT. Learn more about what to do if you suspect you are a victim of identity theft:

• Social Security Number
  • If a company responsible for exposing your information offers you free credit monitoring, take advantage of it. Get your free credit reports from annualcreditreport.com. Check for any accounts or charges you don’t recognize. Consider placing a free credit freeze. A credit freeze makes it harder for someone to open a new account in your name.
  • If you place a freeze, be ready to take a few extra steps the next time you apply for a new credit card or cell phone – or any service that requires a credit check.
  • If you decide not to place a credit freeze, at least consider placing a fraud alert.
  • Try to file your taxes early — before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.
  • Don’t believe anyone who calls and says you’ll be arrested unless you pay taxes or debt — even if they have part or all of your Social Security number, or they say they’re from the IRS.
  • Continue to check your credit reports at annualcreditreport.com. You can check your reports every week for free.
  • You might consider setting up an E-Verify account so you can lock your Social Security number at e-verify.gov/mye-verify. E-Verify is an online system that lets employers verify you're eligible to work in the United States; while also letting you lock your Social Security number so others can't use it to get a job. It's run by the U.S. Department of Homeland Security and the Social Security Administration. When someone tries to use a locked Social Security number to get a job, employers that use E-Verify must get more information from the person trying to use your Social Security number.
• Online Login or Password
  • Log in to your account and change your password. If possible, also change your username. If you use the same password anywhere else, change that, too.
  • If the account is a financial site, or your credit card number is stored in the affected account, monitor your account activity for any charges that you don’t recognize.
  • Immediately change passwords and pins on all online profiles, monitor affected websites, and social media accounts you suspect are compromised. Check your profile on each site to ensure that your cell phone and email address or other contact information has not been altered. If you use the same password for your online accounts, you risk the exposure of ID Theft across all of those accounts if your email and website viewing history on your PC or devices has also been compromised.
  • Notify your financial institutions immediately to report any suspicion of fraud. Review your transaction history on your bank and investment accounts, as well as credit cards to detect any unexpected transactions or sign-on attempts that you did not initiate. Often, banking websites will record the last time you accessed your account online.
  • Place a “Fraud Alert” or “Credit Freeze” on your credit reports and review the reports carefully. A fraud alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing account. Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven’t contacted, accounts you didn’t open and debts on your accounts that you can’t explain. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:
    • Experian: 888-397-3742
    • TransUnion: 888-909-8872
    • Equifax: 800-685-1111
  • Contact the security or fraud departments of each company where an account was opened or charged without your authorization.
  • Follow up in writing, with copies of supporting documents. Keep copies of documents and records of your conversations about the theft. Ask for verification that the disputed account has been dealt with and the fraudulent debts discharged.
  • Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.
  • File a police report. File a report with law enforcement officials to help expedite the correction of your credit report and deal with creditors who may want proof of the crime.
  • Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations:
    • Online: www.ftc.gov/idtheft
    • By phone: 1-877-ID-THEFT (438-4338) or TTY,1-866-653-4261
• Debit or Credit Card
  • Block your card from being used right away.
  • Contact your bank or credit card company to cancel your card and request a new one.
  • Review your transactions regularly. Make sure your card is not being misused.
  • If you find fraudulent charges, call the fraud department and dispute the charges.
  • If you have automatic payments set up, update them with your new card number.
  • Check your credit report at annualcreditreport.com.
• Bank Account Information
  • Contact your bank to close the account and open a new one.
  • Review your transactions regularly to make your card is not being misused.
  • If you find fraudulent charges or withdrawals, call the bank's fraud department immediately.
  • If you have automatic payments set up, update them with your new bank account information.
  • Check your credit report at annualcreditreport.com.
• Children's Personal Information
  • Request a free credit freeze for your child. A credit freeze will make it difficult for someone to use your child’s information to open accounts. To place a freeze, follow the specific instructions for each credit bureau:
    • Equifax.com/personal/education/identity-theft/freezing-your-childs-credit-report-faq
      1-800-685-1111
    • Experian.com/help/minor-request.html
      888-EXPERIAN (888-397-3742)
    • TransUnion.com/credit-freeze/credit-freeze-faq#freeze-other-minor
      888-909-8872
  • Generally, children won’t have credit reports — unless someone is using their information for fraud. To find out if your child has a credit report, ask each credit bureau to check its records. Each bureau has specific instructions for these requests:
    • Equifax.com/personal/help/article-list/-/h/a/request-child-credit-report
    • Experian.com/help/minor-request.html
    • TransUnion.com/fraud-victim-resources/child-identity-theft
  • If a credit bureau has a credit report for your child, the credit bureau will send you a copy of the report. Use the instructions provided with the credit report to remove fraudulent accounts.
  • Review the FTC’s information on Child Identity Theft.

Identity Theft Resources

Check these resources for more information on identity theft and your credit report:

• Annual Credit Report website www.AnnualCreditReport.com or call 1 (877) 322-8228
• The Federal Trade Commission (FTC): website www.FTC.gov
• The Federal Deposit Insurance Corporation (FDIC): www.fdic.gov
• Credit Reporting Bureaus:
  • Equifax: (800) 685-1111
  • Experian: (888) 397-3742
  • TransUnion: (800) 916-8800

Online Banking and Information Security Precautions

Always access Partners Bank of California's Internet banking by typing in the correct website address https://www.pbofca.com into your browser.

• Never respond to, click any link in, or open an attachment in an email that requests information about you or your accounts, especially unsolicited emails. Instead, type in the source page of the website you intend to visit using a separate tab or window. Question any request to enter personal details, or username and password into a website if you are not sure if the request is legitimate. Criminals can put up a convincing replica of a website with a slight variation in the website address or direct you to a fake site through a link in an email.
• Verify that your banking session is secure: There are two simple indicators that will tell you if your session is secure. The first is the use of https:// in the URL. Some browsers such as Mozilla Firefox change the color of the URL window when you are in a secure session. The other indicator is the presence of a digital certificate represented by a padlock or key in the bottom right-hand corner. If you double click on this icon, it should provide you with information about the organization with which you have entered into a secure session.
• Partners Bank of California may send an email notice or alert; however; we will never ask you to provide any personal or account information via email. We will never ask for your password or a security authentication code delivered through SMS/Text messaging. 

Password and PIN Security

You should always be wary if you receive unsolicited emails or calls asking you to disclose any personal details or card numbers. This information should be kept secret at all times. Be cautious about disclosing personal information to individuals you do not know. Please remember that Partners Bank of California would never contact you directly to ask you to disclose your PIN or all your password information.

• Do not write down your username or password.
• Do not share your password with anyone.
• Avoid predictable passwords that could be easily guessed by others.
• Use strong, unique passwords. Avoid using easily guessable information like birthdays or common words. Instead, opt for a passphrase, as they are longer and easier to remember than a password made up of random, mixed characters. For Partners Bank of California Business Banking and Personal Banking Mobile apps, a passphrase can be a short sentence that's a minimum of 9 characters and a maximum of 17 characters in length and consists of four or more words. Consider using a password manager to keep track of your passwords securely.
• Change your password on a regular basis; every 90 days is recommended.
• Use extra caution when using a public computer.
• Establish Dual Control - for businesses, Partners Bank of California offers "dual control" over your account. Once this safeguard is in place, two individuals from your organization will need to log on and authorize transactions, such as wires or ACH origination. With dual control in place, a hacker would need to breach two user accounts in order to complete a fraudulent transaction.

Desktop Security

It is important to use up-to-date antivirus software and a personal firewall. If your computer uses the Microsoft Windows operating system, it is important to keep it updated via the Windows Update feature, equally if you use another PC operating system or have an Apple Mac you should check regularly for updates. You should be vigilant if you use Internet cafes or a computer that is not your own and over which you have no control.

• Install antivirus software AND keep it up to date.
• Use a firewall. This can protect against potential hackers and prevent access to questionable connections.
• Use antispyware. Often bundled with antivirus software, this can prevent your activities from being monitored and keep your browser from improperly directing you to an unintended site.
• Disable scripting. Unless you create VB Scripts you can disable Script Hosting. This is the weakness exploited by some computer viruses.
• Disable file sharing. Any computer with Internet file sharing activated offers its content freely to outsiders. You can easily check and change the setting. From the Start menu select Settings, or Control Panel, then Network and File Sharing. Under the Configuration tab, select TCP IP, click on File and Print Sharing. If either of the two check boxes that appear show ticks, click on them to uncheck them.
• Apply patches. For greater security, apply patches, which are small software add-ons designed to deal with specific security holes and other computer problems. You'll find all the patches you need on your operating system's website.
• Use a dedicated online banking desktop Designate a single computer to use as your business's online account machine solely for online banking and not for other activities such as e-mail, web browsing, or file sharing. Infecting a computer is much easier if that computer is regularly connected to the internet or used for email. In particular, the American Bankers Association recommends that "commercial banking customers carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible”.

Mobile Device Security

Cybercriminals continue to look for ways to exploit vulnerabilities in apps, operating systems, and software, trying to capitalize on security flaws before manufacturers find and patch them.

• Regularly update your Operating System (i.e., Windows, Apple, etc.) and apps. New vulnerabilities are discovered and vendors work to patch their apps and software as soon as available. Also, delete any applications or programs that you no longer utilize.
• Don’t share your mobile device with others if you have any sensitive financial, banking, or wallet Apps activated on your phone.
• Don’t use public Wi-Fi – it may save you from using your data plan, but unsecured Wi-Fi networks are a significant threat to exposing anything you type or view on your device while signed in to the public Wi-Fi. Never use public Wi-Fi if access requires you to enter personal information.
• Dodge security and privacy issues via reviewing your app permissions. Apps sometimes require more than the basic default permissions. Make sure the installed apps only have access to features they need.
• Set automatic locks on mobile devices. Ensure that the mobile device locks automatically and has a strong passcode—a simple pattern or swipe password isn’t much of a deterrent. If a device is lost or stolen, a strong password prevents anyone from quickly peeking at personal information.
• Limit the personal information given to apps and websites. Signing up for a new service or downloading a new app sometimes requires personal information. Be wary of revealing too much. Research how secure the application or site is before logging on.
• Manage what is shared online. Make sure to use privacy settings on social media apps and sites. Some sites can broadcast location, email, phone numbers, or more to the public by default.
• Be alert to common internet scams. If it sounds too good to be true - it probably is. Don't be conned by convincing emails offering you the chance to make some easy money. As with most things if it looks too good to be true, it probably is! Be cautious of unsolicited emails from overseas - it is much harder to prove legitimacy of the organizations behind the emails. Train employees: Social engineering is still often used to obtain sensitive information. For example, never trust e-mails requesting personal information such as user names or passwords. If there is no one in the office qualified to provide this type of training, find a trusted IT professional or consultant to educate employees.
  • Phishing is an internet scam that involves an email which appears to be from a legitimate company, bank, or government agency. The emails typically warn of a potential problem with your account and requests that you follow a link and provide personal or account information to update your information. You should never reply to these emails, open any attachments, or follow any of the links provided. If you believe an email to be legitimate, you should contact the company using your usual contact information.
  • Pharming is a type of fraud that involves redirection from a legitimate site to a site that appears to be legitimate, but has been created by fraudsters in an attempt to gain your personal or account information.
  • Don’t deposit checks and wire money or send money back in any way for others. Fake electronic deposits and checks drive many types of scams – like those involving phony prize wins, fake jobs, mystery shoppers, online classified ad sales, and others. They individual may have a good story to explain the payment or overpayment of funds– they’re stuck out of the country, they need you to cover taxes or fees, you’ll need to buy supplies, or something else. But when you’ve accepted a fraudulent deposit or a bad check, the scammer already has the money, and you’re stuck paying the money back to the bank.

Fraud Prevention

• Check your account balances each day: Some electronic transactions may not be settled or processed in final until the next business day. If you catch a fraudulent transaction at the end of a business day, you may be able to cancel it before any funds are transferred.
• Check your statements: It is important to check your online account history or statements regularly; a quick check will help identify any erroneous or criminal transactions that might have been performed on your account without your knowledge.
• Segregation of duties: Businesses can also use dual control when initiating online payments such as ACH and wires, create appropriate payment limits for employees, take advantage of security tokens, assign user transaction limits and implement call back procedures.
• Sign up for fraud prevention products: Setting up alerts through online and mobile banking apps may give you early notice that your balance has changed or a transaction has posted to your account. Business accounts are eligible to sign up for Positive Pay service to help identify check fraud such as paid checks that were never issued, or where the amount was altered. Detecting fraud early is a great way to prevent losses and return items before the 24- hour deadline. Check with your client advisor a branch office if you are interested in Positive Pay or other fraud prevention products.
• Confirm payment instructions (or changes to payment instructions) directly with vendors and suppliers: Don’t accept a payment change instruction by email, a typical Business email compromise (BEC) scam involves phony e-mails in which the attacker spoofs a message from an executive at a company or a real estate escrow firm and tricks someone into wiring funds to the fraudsters.
• Always completely log off from your Internet banking session: It is important to completely log off from your Internet banking session; simply closing the window you performed the transaction in may not close the banking session. If your computer is infected with a Trojan, your session may become hijacked by a criminal and financial transactions performed without your knowledge. It is also advisable to disconnect from the internet if you are not planning to use it.

If you have any questions or need assistance regarding online banking or any of our products and services, please give us a call (949) 732-4000 or (323) 556-6544, or email us at onlinebanking@pbofca.com.