Schwab Bank Online Security
Online Privacy and Information Security
If you have a security-related concern, please call us at 888-3-SCHWAB. We will work closely with you to ensure a rapid and personal response to your concerns
Schwab Bank understands that you have entrusted us with personal information that is both important and confidential. We take our responsibility to protect your information extremely seriously.
Schwab Bank provides access to certain accounts and online banking services through schwab.com which is managed by Charles Schwab & Co. Inc. ("Schwab") and the following account protection efforts apply. For details about coverage via other Schwab Bank web sites please visit schwabbankmortgage.com and schwabbank.com for information specific to those web sites.
Schwab updates its security and privacy standards to guard against identity theft and provide security for your account information. We constantly re-evaluate our security and privacy policies and adapt them as necessary to deal with new challenges.
Schwab's account protection efforts fall into but are not limited to these categories:
- Authentication—Secure identification and authentication before initiating transactions
We maintain strict rules for the creation of secure user IDs and passwords, designed to stop others from guessing your log in information.
- Web site Security – Secure transmission connection to our Schwab Web sites
We use Secure Sockets Layer (SSL) technology and encrypted "cookies" to establish and maintain a secure transmission connection and encrypt data passing between your computer and our systems. This is designed to prevent anyone from intercepting or viewing your personal information.
- Email Security – Policies to fight "phishing" and other email-related security challenges
Schwab is constantly re-assessing its email security and log in standards to provide protection against new and changing security challenges.
- Transaction Monitoring, Employee Oversight and Access Control – Watching for unusual account behavior
We have highly sophisticated internal transaction monitoring systems in place to identify potentially suspicious and fraudulent activities. These systems are combined with strict controls on employee access to account information, creating a further layer of protection for your information.
- Training – Employee training
Schwab employees are trained to safeguard your personal information.
- Steps you should take
You play an important role in safeguarding your personal information and protecting your privacy. Here are some of the things you can do.
- The Schwab Security Guarantee
More information on our security measures can be found below.
Authentication is the process that our clients go through to access secure areas of schwab.com. This process takes place when you log into your account. The two key components of schwab.com login are your Login ID and Password.
Login ID: We urge you to create your own unique Login ID and recommend that it be a Login ID that you don't commonly use for other purposes. We particularly urge you not to use your Social Security or number date of birth as a Login ID. Please call Schwab at 800-435-4000 and a representative will assist you in creating a new Login ID for schwab.com.
Passwords: We maintain strict rules to help prevent others from guessing your password, and recommend that you change your password periodically. Your password must meet the following criteria:
- 6-8 characters long
- Include both letters and numbers
- Include at least one number between the first and last character
In addition, for your protection, repeated unsuccessful attempts to log in will cause your online access to be disabled. Once this happens your password must be reset. If this happens to you inadvertently, please follow the instructions under "Forgot your password" on the Login page.
Web Site Security
Web Site Security
From the time you submit your Login ID and Password, communications between your computer and Schwab are encrypted using Secure Sockets Layer (SSL3) technology, a secure communication protocol that protects your privacy. SSL enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery.
To support this technology, you need a recent version of an SSL3-capable, 128-bit browser, such as Microsoft Internet Explorer. These browsers will activate SSL3 automatically whenever you sign on to your Schwab account.
Look for the padlock! To ensure that SSL encryption is protecting your private communications, look for a small picture of a padlock on the browser frame. Another indicator is the URL prefix "HTTPS". See below.
Located in the URL address in all browsers.
The padlock appears in the lower right corner of the browser frame.
The padlock appears to the right of URL in the address bar as well as in the lower frame of the browser
The padlock appears in the upper right hand corner of the browser frame.
The padlock appears to the left of the URL in the address bar.
If you move the cursor over the "locked padlock" icon, a pop-up message will appear stating "SSL Secured (128 Bit)." Absence of the pop-up message may indicate that you are connected to a "phishing site."
Another important information security measure in place throughout schwab.com is the timeout feature. This feature will log you out of your account if there has been no activity within a specified amount of time. It is designed to stop others from accessing your account if you fail to log out.
We have implemented these measures for your protection, but you should still remember to log out each time you have finished accessing your Schwab accounts.
Schwab maintains particularly strong information security controls at the computer kiosks in its nationwide branch network to protect your account data. These measures include:
- A highly controlled environment with limits on the Web sites clients are allowed to visit, the applications they are allowed to open, the Internet technologies they are allowed to use, and the operating system controls they are permitted to access.
- Additional and more aggressive timeout policies that go beyond the timeout policies on our Web site. These will log you out of your account automatically if you walk away from the kiosk without logging out. The quick timeouts are based on keyboard activity and infrared sensors that detect when you have physically moved away from the kiosk. We have implemented these measures for your protection, but you should still remember to log out each time you have finished accessing your Schwab accounts
Cookies enable us to understand better how you and others use Schwab's online channels. They allow us to collect information about where your browser goes on our Web sites. This assists us in understanding your preferences and improving our Web site. For example, the information we obtain from cookies or GIFs (Graphical Interchange Format) helps us understand whether our customers use certain Web features and how to improve navigation. We also may use information gathered as the result of GIFs or cookies to target emails or Web messages. Knowing where your browser has been on our website helps us present useful information and offers to you. We do not sell this or any other information about you to other websites, merchants or financial institutions. Unless you have affirmatively consented, we do not provide any personally identifiable information about you to anyone else for their marketing purposes.
Cookies come in two flavors: persistent and session-based.
- Persistent cookies remain on your computer after you've closed your browser or turned off your computer. They include a unique identifier for your browser that only Schwab can read and use, and that tells us you are a Schwab customer or prior Schwab Web site visitor. We are especially careful about the security and confidentiality of the information we send through persistent cookies. For example, we do not store account numbers or passwords in persistent cookies.
- Session cookies exist only during an online session with Schwab. They disappear from your computer when you close your browser software or turn off your computer. Session cookies allow you to conduct transactions or request your own personal or account information on our Web site. They contain encrypted or encoded information about your account(s), and/or identifying information that you have previously provided to us. This information allows Schwab to process your online transactions and request.
Recently there has been rapid growth in email-related information security challenges such as "phishing" or "spoofing" schemes. These fraudulent techniques attempt to fool you into giving up your personal data by impersonating legitimate communications from financial service providers. We are working with other financial institutions and technology leaders to prevent these security challenges from impacting our clients. Measures currently in place or underway include:
- Implementation of domain-verification technologies that, in cooperation with Internet service providers, will enable clients to verify that emails claiming to have come from Schwab actually did come from Schwab.
- Standardization of Schwab emails and adherence to industry anti-phishing best practices. We continually re-design our email policies to incorporate the latest tools and standards aimed at preventing phishing.
- Ongoing assessment and implementation of new login technologies designed to prevent others from masquerading as our Web site.
Transaction Monitoring, Employee Oversight and Access Control
We use automated transactional monitoring tools to detect suspicious account activity. When these sophisticated systems flag a questionable transaction we contact the client to be sure the transaction is legitimate and that it will be processed safely and rapidly. This combination of automated and manual transaction monitoring further strengthens the security we provide for your financial and personal information.
We take precautions to ensure that your account and personal information at Schwab Bank and Schwab are accessed only by employees who are authorized and monitored. This is done through access controls and training, as well as physical, electronic and procedural safeguards.
Steps you should take
Client Security Practices
Your participation is an important component of all of our security efforts. We believe it is essential that we work in close cooperation with you as our client to maintain the highest levels of security. These are the steps you should take to protect your account:
Protecting the security of your computer
- Keep your computer and browser software current with security updates.
- Install and update anti-virus and anti-spyware software and use personal firewalls to protect your computer.
- Be alert to the threats posed by malware--short for malicious software, this form of software is designed specifically to damage or disrupt a system, or to secretly record information such as keystrokes. Malware types include key logging tools, trojan horses, hijacking programs, and dialer programs that may reside on your personal computer. While these threats constantly evolve, you can help protect your personal information and computer by using a personal firewall, maintaining up-to-date anti-spyware and anti-virus programs, and by immediately reporting any suspicious activity involving your personal information.
- Do not enable any application features that would automatically log you in to your Schwab account or pre-fill the Login ID or Password fields.
- Change your password periodically and avoid using passwords for Schwab that you commonly use for other purposes.
- For more information on how to protect your personal computer, including links to vendors providing anti-virus and anti-spyware software, please visit the Federal Trade Commission’s computer security site at http://onguardonline.gov. Microsoft Corporation provides additional information specific to the Windows operating system at http://www.microsoft.com/security. Users of Apple computers can find security information at http://www.apple.com/support/security.
Using your computer
- Your username and password are for your use only. Do not share them with anyone.
- Check to make sure you are interacting with a secure Web site see above.
- Always log off after accessing your Schwab account. This prevents someone else from accessing your account if you leave your computer unattended while the session has not yet "timed out," or automatically shut down.
- Be careful about using third-party computers or computers that you are not familiar with, such as those in Internet cafes.
If you do use a third-party computer, be particularly careful to ensure you have fully logged out. Schwab's systems are set to prevent browsers from saving account information in a computer’s Internet cache, but as an extra precaution you may want to clear the cache of any public computer on which you have accessed your Schwab accounts. Please check the browser’s help section to learn how to manually clear its Internet cache.
Recognizing and fighting fraud
- Do not provide personal or financial information in response to an email request or by clicking on a link, unless you are able to verify the authenticity of the site to which you are taken through the SSL padlock or other means.
- Do not enter personal information into a form within an email message or a pop-up.
- Note that Schwab will never ask you to provide personal financial information in an email.
- Do not open an email from a sender that your do not recognize. Be particularly cautious of any attachments to emails from unrecognized sources.
- Immediately report any unusual activity regarding your Schwab accounts to our representatives at 888-3-SCHWAB.
How Schwab Bank Protects Your Identity
Your privacy is our priority and Schwab Bank is committed to protecting you.
- We do not sell customer information to anyone.
- We use encryption technology to protect sensitive information that is transmitted over the Internet.
- We control access to your information inside our company by limiting employee access to systems and data.
- We ensure all employees are trained to safeguard your information.
- We continue to evaluate our efforts to protect personal information and make every effort to keep your personal information accurate.
Our most important asset is our relationship with you. We understand that you have entrusted us with your private financial information, and we do everything we can to maintain that trust.
How to Protect Against Phishing
What Is Phishing?
Phishing is the illegal attempt to mislead consumers into providing personal or financial information, including account numbers, passwords and Social Security numbers, via email or through fraudulent Web sites.
The most frequent phishing attacks occur through email disguised to appear as though it came from a reputable financial institution or company.
Most phishing attempts urge you to update or validate your account information, typically through a link in an email directing you to a fake Web site that appears to be legitimate.
How To Spot a Phishing Attack
There are many phishing attacks active on the Internet. Here are a few of their lines and lures:
- An email contains an "urgent" or "shocking" tone requesting your immediate action on an account-related matter. Phishers frequently succeed by getting consumers to act quickly without thinking.
- An email is sent from a user falsely claiming to be a legitimate company with an attachment. An unsolicited email attachment more than likely contains a virus. Do not open it.
- A pop-up window appears from a user falsely claiming to be a legitimate company’s Web site asking for personal information.
Learn More About Phishing Scams or Identity Theft
Additional information can be found at www.consumer.gov/idtheft/
How To Report a Phishing Attack
If you suspect you have received a fraudulent email from The Charles Schwab Corp. or any of its subsidiary companies, please contact: firstname.lastname@example.org. If you believe that any communications with or from Schwab resulted in identity theft, call us immediately at 888-3SCHWAB.
What to do if you are a victim of identity theft
If you are victim of identity theft, here are some recommended steps:
- Contact Schwab Bank and let us know you have been a victim of identity theft
- Contact the fraud departments of each of the three major credit bureaus:
Order Credit Report>Equifax800-525-6285>Experian888-397-3742>TransUnion800-916-8800>
Address>EquifaxPO Box 740241>
Atlanta, GA 30374-0241ExperianPO Box 9530>
Allen, TX 75013TransUnionPO Box 6790>
Fullerton, CA 92634-6790
- Report the identity theft and request a "fraud alert." This ensures that you are contacted before any new account is opened and/or an existing account is changed.
- Request copies of credit reports. Review the reports carefully and identify any new accounts that may have been opened. Pay particular attention to the section of the report that lists "inquiries" from new companies. Contact these companies immediately and have them remove any pending or new accounts from their system. Note: Credit bureaus must provide free copies of credit reports to victims of identity theft.
- Contact the fraud departments of creditors to dispute unauthorized charges (e.g., credit card issuer, phone companies, utilities, banks, other lenders.) Describe your identity theft problem and follow up with a letter.
- File a report with your local police department and ask to file a report. This may help when clearing your credit.
- File a complaint with the Federal Trade Commission (FTC). The FTC handles complaints from victims of identity theft, provides information to those victims, and refers complaints to appropriate entities, including the major credit-reporting agencies and law enforcement agencies.
Other Resources to Learn More about ID theft:
Federal Trade Commission – ID Theft—www.ftc.gov/bcp/edu/microsites/idtheft/
Federal Trade Commission – Phishing—www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm
Identity Theft Resource center—www.privacyrights.org
Identity Theft Prevention and Survival—www.identitytheft.org
Social Security Administration—www.ssa.gov/oig/guidelin.htm
Postal Inspection Service—https://postalinspectors.uspis.gov
Please note, these links are being provided as a service convenience. Schwab Bank is not affiliated with any of these organizations and cannot guarantee their accuracy, effectiveness and/or completeness.
Your acceptance of these terms
Charles Schwab Bank