Schwab Bank Online
Schwab Bank Online Security
Schwab Bank understands that you have entrusted us with personal information that is both important and confidential. We take our responsibility to protect your information extremely seriously.
Schwab Bank provides access to certain accounts and online banking services through schwab.com which is managed by Charles Schwab & Co. Inc. ("Schwab") and the following account protection efforts apply. For details about coverage via other Schwab Bank web sites please visit schwabbankmortgage.com and schwabbank.com for information specific to those web sites.
Schwab updates its security and privacy standards to guard against identity theft and provide security for your account information. We constantly re-evaluate our security and privacy policies and adapt them as necessary to deal with new challenges.
Schwab’s account protection efforts fall into but are not limited to these categories:
- Authentication—Secure identification and authentication before initiating transactions
We maintain strict rules for the creation of secure user IDs and passwords, designed to stop others from guessing your log in information. more
- Web site Security – Secure transmission connection to our Schwab Web sites
We use Secure Sockets Layer (SSL) technology and encrypted "cookies" to establish and maintain a secure transmission connection and encrypt data passing between your computer and our systems. This is designed to prevent anyone from intercepting or viewing your personal information. more
- Email Security – Policies to fight “phishing” and other email-related security challenges
Schwab is constantly re-assessing its email security and log in standards to provide protection against new and changing security challenges. more
- Transaction Monitoring, Employee Oversight and Access Control – Watching for unusual account behavior
We have highly sophisticated internal transaction monitoring systems in place to identify potentially suspicious and fraudulent activities. These systems are combined with strict controls on employee access to account information, creating a further layer of protection for your information. more
- Training – Employee training
Schwab employees are trained to safeguard your personal information. more
- Steps you should take
You play an important role in safeguarding your personal information and protecting your privacy. Here are some of the things you can do. more
- The Schwab Security Guarantee
Login ID: We urge you to create your own unique Login ID and recommend that it be a Login ID that you don't commonly use for other purposes. We particularly urge you not to use your Social Security or number date of birth as a Login ID. Please call Schwab at 800-435-4000 and a representative will assist you in creating a new Login ID for schwab.com.
Passwords: We maintain strict rules to help prevent others from guessing your password, and recommend that you change your password periodically. Your password must meet the following criteria:
- 6-8 characters long
- Include both letters and numbers
- Include at least one number between the first and last character
Return to Top
To support this technology, you need a recent version of an SSL3-capable, 128-bit browser, such as Microsoft Internet Explorer. These browsers will activate SSL3 automatically whenever you sign on to your Schwab account.
Look for the padlock! To ensure that SSL encryption is protecting your private communications, look for a small picture of a padlock on the browser frame. Another indicator is the URL prefix "HTTPS". See below.
Located in the URL address in all browsers.
The padlock appears in the lower right corner of the browser frame.
The padlock appears to the right of URL in the address bar as well as in the lower frame of the browser
The padlock appears in the upper right hand corner of the browser frame.
The padlock appears to the left of the URL in the address bar.
If you move the cursor over the "locked padlock" icon, a pop-up message will appear stating "SSL Secured (128 Bit)." Absence of the pop-up message may indicate that you are connected to a "phishing site."
Another important information security measure in place throughout schwab.com is the timeout feature. This feature will log you out of your account if there has been no activity within a specified amount of time. It is designed to stop others from accessing your account if you fail to log out.
We have implemented these measures for your protection, but you should still remember to log out each time you have finished accessing your Schwab accounts.
Schwab maintains particularly strong information security controls at the computer kiosks in its nationwide branch network to protect your account data. These measures include:
- A highly controlled environment with limits on the Web sites clients are allowed to visit, the applications they are allowed to open, the Internet technologies they are allowed to use, and the operating system controls they are permitted to access.
- Additional and more aggressive timeout policies that go beyond the timeout policies on our Web site. These will log you out of your account automatically if you walk away from the kiosk without logging out. The quick timeouts are based on keyboard activity and infrared sensors that detect when you have physically moved away from the kiosk. We have implemented these measures for your protection, but you should still remember to log out each time you have finished accessing your Schwab accounts
Cookies enable us to understand better how you and others use Schwab's online channels. They allow us to collect information about where your browser goes on our Web sites. This assists us in understanding your preferences and improving our Web site. For example, the information we obtain from cookies or GIFs (Graphical Interchange Format) helps us understand whether our customers use certain Web features and how to improve navigation. We also may use information gathered as the result of GIFs or cookies to target emails or Web messages. Knowing where your browser has been on our website helps us present useful information and offers to you. We do not sell this or any other information about you to other websites, merchants or financial institutions. Unless you have affirmatively consented, we do not provide any personally identifiable information about you to anyone else for their marketing purposes.
Cookies come in two flavors: persistent and session-based.
- Persistent cookies remain on your computer after you've closed your browser or turned off your computer. They include a unique identifier for your browser that only Schwab can read and use, and that tells us you are a Schwab customer or prior Schwab Web site visitor. We are especially careful about the security and confidentiality of the information we send through persistent cookies. For example, we do not store account numbers or passwords in persistent cookies.
- Session cookies exist only during an online session with Schwab. They disappear from your computer when you close your browser software or turn off your computer. Session cookies allow you to conduct transactions or request your own personal or account information on our Web site. They contain encrypted or encoded information about your account(s), and/or identifying information that you have previously provided to us. This information allows Schwab to process your online transactions and requests
- Implementation of domain-verification technologies that, in cooperation with Internet service providers, will enable clients to verify that emails claiming to have come from Schwab actually did come from Schwab.
- Standardization of Schwab emails and adherence to industry anti-phishing best practices. We continually re-design our email policies to incorporate the latest tools and standards aimed at preventing phishing.
- Ongoing assessment and implementation of new login technologies designed to prevent others from masquerading as our Web site.
Return to Top
We take precautions to ensure that your account and personal information at Schwab Bank and Schwab are accessed only by employees who are authorized and monitored. This is done through access controls and training, as well as physical, electronic and procedural safeguards.
Return to Top
Your participation is an important component of all of our security efforts. We believe it is essential that we work in close cooperation with you as our client to maintain the highest levels of security. These are the steps you should take to protect your account:
Protecting the security of your computer
- Keep your computer and browser software current with security updates.
- Install and update anti-virus and anti-spyware software and use personal firewalls to protect your computer.
- Be alert to the threats posed by malware--short for malicious software, this form of software is designed specifically to damage or disrupt a system, or to secretly record information such as keystrokes. Malware types include key logging tools, trojan horses, hijacking programs, and dialer programs that may reside on your personal computer. While these threats constantly evolve, you can help protect your personal information and computer by using a personal firewall, maintaining up-to-date anti-spyware and anti-virus programs, and by immediately reporting any suspicious activity involving your personal information.
- Do not enable any application features that would automatically log you in to your Schwab account or pre-fill the Login ID or Password fields.
- Change your password periodically and avoid using passwords for Schwab that you commonly use for other purposes.
- For more information on how to protect your personal computer, including links to vendors providing anti-virus and anti-spyware software, please visit the Federal Trade Commission’s computer security site at http://onguardonline.gov. Microsoft Corporation provides additional information specific to the Windows operating system at http://www.microsoft.com/security. Users of Apple computers can find security information at http://www.apple.com/support/security.
- Your username and password are for your use only. Do not share them with anyone.
- Check to make sure you are interacting with a secure Web site see above.
- Always log off after accessing your Schwab account. This prevents someone else from accessing your account if you leave your computer unattended while the session has not yet "timed out," or automatically shut down.
- Be careful about using third-party computers or computers that you are not familiar with, such as those in Internet cafes.
Recognizing and fighting fraud
- Do not provide personal or financial information in response to an email request or by clicking on a link, unless you are able to verify the authenticity of the site to which you are taken through the SSL padlock or other means.
- Do not enter personal information into a form within an email message or a pop-up.
- Note that Schwab will never ask you to provide personal financial information in an email.
- Do not open an email from a sender that your do not recognize. Be particularly cautious of any attachments to emails from unrecognized sources.
- Immediately report any unusual activity regarding your Schwab accounts to our representatives at 888-3-SCHWAB.
Identity Theft Prevention Program
How Schwab Bank Protects Your Identity
How to Protect Against Phishing
What to do if You Are A Victim of Identity Theft
Other Resources to Learn More about ID theft
How Schwab Bank Protects Your Identity
Your privacy is our priority and Schwab Bank is committed to protecting you.
- We do not sell customer information to anyone.
- We use encryption technology to protect sensitive information that is transmitted over the Internet.
- We control access to your information inside our company by limiting employee access to systems and data.
- We ensure all employees are trained to safeguard your information.
- We continue to evaluate our efforts to protect personal information and make every effort to keep your personal information accurate.
Return to top
Phishing is the illegal attempt to mislead consumers into providing personal or financial information, including account numbers, passwords and Social Security numbers, via email or through fraudulent Web sites.
The most frequent phishing attacks occur through email disguised to appear as though it came from a reputable financial institution or company.
Most phishing attempts urge you to update or validate your account information, typically through a link in an email directing you to a fake Web site that appears to be legitimate.
How To Spot a Phishing Attack
There are many phishing attacks active on the Internet. Here are a few of their lines and lures:
- An email contains an "urgent" or "shocking" tone requesting your immediate action on an account-related matter. Phishers frequently succeed by getting consumers to act quickly without thinking.
- An email is sent from a user falsely claiming to be a legitimate company with an attachment. An unsolicited email attachment more than likely contains a virus. Do not open it.
- A pop-up window appears from a user falsely claiming to be a legitimate company’s Web site asking for personal information.
Additional information can be found at www.antiphishing.org or www.consumer.gov/idtheft/
How To Report a Phishing Attack
If you suspect you have received a fraudulent email from The Charles Schwab Corp. or any of its subsidiary companies, please contact: Privacy@schwab.com. If you believe that any communications with or from Schwab resulted in identity theft, call us immediately at 888-3SCHWAB.
Return to top
What To Do If You Are a Victim of Identity Theft
If you are victim of identity theft, here are some recommended steps:
- Contact Schwab Bank and let us know you have been a victim of identity theft
- Contact the fraud departments of each of the three major credit bureaus:
|Order Credit Report||800-525-6285||888-397-3742||800-916-8800|
|Address||PO Box 740241
Atlanta, GA 30374-0241
|PO Box 9530
Allen, TX 75013
|PO Box 6790
Fullerton, CA 92634-6790
- Report the identity theft and request a "fraud alert." This ensures that you are contacted before any new account is opened and/or an existing account is changed.
- Request copies of credit reports. Review the reports carefully and identify any new accounts that may have been opened. Pay particular attention to the section of the report that lists "inquiries" from new companies. Contact these companies immediately and have them remove any pending or new accounts from their system. Note: Credit bureaus must provide free copies of credit reports to victims of identity theft.
- Contact the fraud departments of creditors to dispute unauthorized charges (e.g., credit card issuer, phone companies, utilities, banks, other lenders.) Describe your identity theft problem and follow up with a letter.
- File a report with your local police department and ask to file a report. This may help when clearing your credit.
- File a complaint with the Federal Trade Commission (FTC). The FTC handles complaints from victims of identity theft, provides information to those victims, and refers complaints to appropriate entities, including the major credit-reporting agencies and law enforcement agencies.
- By phone: 877-ID-THEFT
- Online Complaint Form:www.consumer.gov/idtheft
Federal Trade Commission – Phishing—www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
Identity Theft Resource center—www.privacyrights.org
Identity Theft Prevention and Survival—www.identitytheft.org
Social Security Administration—www.ssa.gov/oig/guidelin.htm
Postal Inspection Service—https://postalinspectors.uspis.gov
Please note, these links are being provided as a service convenience. Schwab Bank is not affiliated with any of these organizations and cannot guarantee their accuracy, effectiveness and/or completeness.
Return to Top