Your bank at your fingertips
Online Banking Security Tips
Is online banking secure?
MetaBank takes several measures to ensure the security and confidentiality of customer information while banking online, including the use of encryption and multi-factor authentication. All transfers of data while banking online use the SSL (Secure Socket Layer) protocol.
SSL encryption is used on MetaBank.com whenever you are asked to enter confidential information, such as your access ID and password. Using public key cryptography in SSL between our server and your browser, we are able to encrypt or scramble the information to create a private session that only you and MetaBank can understand. You can identify when you enter a secure session if:
- The URL begins with "https." Your URL will automatically shift from "http" to "https."
- In addition to the SSL encryption, our customers have a visual confirmation that they are on the valid MetaBank online banking website. The Extended Validation (EV) certificate, or green address bar, displays on your browser after you enter your access ID on the MetaBank home page. You can verify the site is "green," or the valid online banking website, before entering your password and proceeding to your account information.
Is my personal and/or financial information stored on my computer?
No. We do not save any files containing personal or financial information on your computer. That information is restricted to the secure Online Banking Center.
What prevents someone from accessing my account online?
Several layers of state-of-the-art technology prevent unauthorized users from gaining access to your account information, including:
- Your selected password
- Extended Validation (EV) Certificate – the green address bar verifying the MetaBank online banking site
- Your selected access ID
- Automatic lockout after three unsuccessful login attempts
- Multi-factor authentication – challenge questions – with automatic lockout after three unsuccessful attempts to answer
- Masked account numbers
- Automatic session timeout after 20 minutes
- SSL (Secure Socket Layer) encryption (see "Is online banking secure?" above)
While we employ these security measures and precautions on your behalf, it is in your best interest to educate yourself on the ways in which people may try to obtain your sensitive information. Take safety precautions to ensure these account authentication details listed above remain secure.
What are the features of the multi-factor layered security system surrounding online banking?
These features include:
- Your login credentials – including your access ID and password
- Device check – if the device you are using isn’t recognized, whether it is a mobile phone, tablet or computer, you will be asked a security challenge question to ensure your identity
- Geographic location – if you are logging in from a new location, you may be prompted with additional security challenge questions
Should I register my computer?
Yes. Each computer has a unique set of characteristics, similar to a fingerprint. When you register a computer, its unique set of characteristics is stored in our system and used as additional validation criteria during subsequent logins. If you choose not to register your computer, you will be asked to answer your previously established challenge questions each time you log into your account. We encourage you to register your computer for a more convenient, yet still secure, login process.
Is there a limit on the number of computers I may register?
No. There is no limit on the number of computers you may register.
Can I access online banking on computers other than my own (i.e., at work or a public-use computer)?
Yes. You may use public or alternative computers to bank online. If you need to access your online account from a public computer, you will be provided with an additional confirmation process using your predetermined challenge questions. When you have correctly answered the challenge questions, you will be granted access to the system. You should never register a public computer for future use, no matter how often you use it.
What are the challenge questions and the security question?
You previously set up your challenge questions and your security question during enrollment in online banking. You will be prompted to answer one of these three established challenge questions when you log in from an unregistered computer. Your security question may be used to identify you if you request assistance with online banking over the phone.
Are there online banking threats of which I should be aware?
Yes. When banking online, many of the threats you may face involve fraudsters using technology to trick users into providing sensitive information unwittingly. Be cautious, be informed and ask questions. These threats may include email fraud through spoof messages or faked or spoofed websites.
What is a spoof?
Spoof emails – also known as phishing or hoax emails – appear to be sent from well-known companies. To bait you, an email may say there's an urgent situation concerning your account and ask you to click a link. The link may then direct you to a spoofed or fake website that appears to look legitimate or familiar. Any information you provide to the spoofed site can be collected. If you attempt to log in or provide personal information on a spoofed site, it can be used for illegitimate purposes. Even if you don't supply any information, simply clicking the link may enable thieves to access your computer, record your keystrokes and capture your passwords. Also, be aware of spoof web forms that ask you to provide confidential information for which a legitimate company would not typically ask.
How can I spot a spoofed email?
Several signs can help you determine if an email is legitimate or a spoof. Learning how to recognize a fraudulent email can help protect you and your banking information. Here's how:
- The "from" field of an email can be easily altered, so it's not a reliable indicator of whether or not an email is a fake
- Be wary of impersonal opening greetings, such as "Dear User" or your email address
- Emails sent by well-known companies are almost always free of misspellings and grammatical errors – typos and poor grammar could signal a spoof email
- Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away – spoof emails often create this false sense of urgency
- Never provide your access ID, password, PIN, social security number, account number, ATM/debit card number, mother's maiden name, etc. – a legitimate email would not request this information of you
- Check where a link is going before you click by hovering over the URL in an email and comparing it to the URL in the browser – if it looks suspicious, don't click (see "How can I spot a spoofed website?" below)
- A legitimate email from MetaBank will never include an attachment or software – you should never open an attachment unless you are 100 percent sure it's legitimate, as it may contain spyware or viruses
- MetaBank will never send you an email message requesting you contact us immediately through either a link or a phone number provided in the body of the email – we will never request any personal information about you or anyone on your account through an email or link
How can I report a spoofed email?
If you suspect that you've received a fraudulent email message, please forward it to us at firstname.lastname@example.org. Don't change or retype the subject line, as this makes it more difficult to properly investigate. Email spoofs are continually evolving, and even slight variations will aid in our investigations. After forwarding the email, delete it from your inbox and any other folders. You may also forward it to the Federal Trade Commission at email@example.com or report it to 1.877.IDTHEFT.
What should I do if I believe I've responded to a spoofed email by mistake?
If you have already replied to an email with personal information and think the email was spoofed, call us immediately at 1.866.559.5037.
How can I spot a spoofed website?
Several signs can help you determine if a website is legitimate or a spoof. Learning how to recognize a fraudulent website can help protect you and your banking information. Here's how:
- Some criminals will place a fake browser address bar over the real one, so it appears you're on a legitimate website – even if a URL contains "MetaBank," it may not be a legitimate MetaBank site
- Spoofed MetaBank addresses may include:
- Always log into the MetaBank Online Banking Center by opening a new browser window and typing in "https://www.metabank.com" – the letters "https" should precede any web address (or URL) in which you enter personal information (the "s" stands for "secure"), and if you don't see "https" in your URL, you're not in a secure web session and should not enter personal data
- Look for the secure padlock icon in the status bar at the bottom of the browser window – if you see the icon inside the window itself, it may be a spoofed website
- Look out for URLs that contain typos (i.e., www.metbank.com)
How can I report a spoofed website?
If you suspect that you've found a fake MetaBank website, please forward it to us at firstname.lastname@example.org. Don't change or retype the URL, as this makes it more difficult to properly investigate. Please try to include both a copy of the full URL and a screenshot of the website home page. Spoofed websites are continually evolving, and even slight variations will aid in our investigations.
What other precautions should I take when banking online?
We recommend, at a minimum, that you take the following precautions with regard to your account information:
- Password-protect your computer
- Utilize an automatic screen lock on your computer
- Add MetaBank's Online Banking Center to your browser's favorites list
- Never share your access ID
- Never share your password
- Change your password frequently
- Choose a strong password that is not easily guessed by others
- Ensure no one is watching when entering your access ID and password
- Never walk away from the computer when your account information is on-screen
- Always log out of your online banking session
- Do not send confidential information by email unless you are in a secure session
- Never allow the browser to auto-fill your access ID and password
- Update the operating system on your computer with the latest security patches and upgrades
- Provide an essential layer of security by installing anti-virus software
For more information, call 1.866.559.5037 or email email@example.com.