Online Banking Security

Education

To learn about online banking security, download the Online Banking Customer Awareness and Education Program.

Enrollment

The safety and security of your personal information is important to Luther Burbank Savings.

Please enroll in Online Banking to get started. Enrollment instructions are available within the enrollment screen. The application process requires the following information: 

  • First Name
  • Last Name
  • Social Security Number (or Tax ID for a business account)
  • Date of Birth
  • Your Email address
  • Account Number
  • Zip Code (physical address)

If the data entered matches that within our records, access will be immediately granted. If it does not, an error message will appear on the screen. If an error message does appear, you may contact us to confirm your account details and/or whether or not your relationship to the account qualifies for online banking access. 

Questions regarding signing up:

Login Name Requirements

Your Login Name must be 6 - 19 characters of any combination of letters and numbers.

It is best security practice to use a login name that is more random and not based on any easily determined format or commonly available information.

Password Requirements

Password format requirements are as follows:

  • Passwords must be 9 - 17 characters and a combination of numbers and letters containing at least one alpha and one numeric character.
  • Passwords cannot read the same backward and forward.
  • May contain special characters, with the exception of; #, &, and @
  • Cannot be same as SSN / TIN
  • Cannot be same as Login Name
  • Must contain letters and numbers
  • Passwords are case-sensitive

As an added security, you will be required to change your password semi-annually.

Online Banking Alerts

Online banking at Luther Burbank Savings provides an additional layer of security through various types of alerts. These alerts are generated and sent via e-mail when specific account conditions occur including:

  • Balance Alerts
  • Transaction Alerts
  • Bill Payer Alerts
  • Profile Changes

Multi-Factor Authentication

Online banking at Luther Burbank Savings utilizes risk-based authentication based on individual user and device profiles. When online activity is rated as unusual or uncharacteristic, an additional layer of security is required. The user will be presented with a security challenge question. The answers to these questions are provided to the Bank during initial enrollment, and can be changed anytime by logging into Online Banking and selecting "Profile" within the Security Data section.

Browser & Encryption Security

Online banking resides on a secure server and uses encryption to protect the communications between customer browsers and the online banking server. It's important the online banking users regularly update their browser to ensure that they are using up-to-date browser technology.

Browser Requirements

You must use a browser that meets or exceeds the following requirements:

  • 128-bit encryption
  • You must have Cookies and JavaScript enabled
  • We support Internet Explorer, Edge, Firefox, Google Chrome and Safari

Account Activity & Statements

All consumers that maintain financial accounts at Luther Burbank Savings or any other financial institution should monitor the account activity and statements on a regular basis for suspicious or fraudulent activity. Customers that suspect fraudulent account activity should contact their financial institution. 

Unauthorized Access to Online Banking Accounts

Maintaining the privacy of your online banking logon credentials including your username and password is a critical safeguard against unauthorized access to online accounts.

In addition, it is imperative that online users fully log off and close the web browser after conducting online activities. This is especially critical when a public computer has been used to access online banking such as a computer in a hotel lobby or public library.

Additional Online Banking Security Information

Customer Awareness and Education Program - Luther Burbank Savings

Protect Your Identity - American Bankers Association

Mobile Security

Luther Burbank Savings is committed to the security of our customers' personal information. Our privacy and security safeguards provide end-to-end protection of your personal and transactional information on the Luther Burbank Mobile Apps; Zelle; Mobile Deposit; and Online Banking. Personal information including user IDs, passwords; and account information are encrypted. Other safeguards protect enrollment, authentication, device activation and password security.

Luther Burbank Savings recommends that our customers better understand how to protect themselves from cybercrime. Please visit the resource below to learn more about cyber security:

Department of Homeland Security—US Computer Emergency Readiness Team (US-CERT)

Online Security

E-Mail Security

Malicious E-Mails

It's called a "phishing attack" when a fraudulent e-mail pretending to represent a financial institution is sent to a consumer. The e-mail, in some manner, is attempting to trick the consumer into providing sensitive personal information such as an account number, password, username or social security number.

The malicious e-mail may also contain a link or attachment that, if clicked or opened, will load malware onto the consumers PC. Malware is a type of malicious software that is designed to collect sensitive financial and personal information. This is called "pharming." This can lead to identity theft or unauthorized access to online banking accounts.

E-Mail Attachments

Some of the characteristics that make e-mail attachments convenient and popular are also the ones that make them a common tool for attackers:

  • E-mail is easily circulated. Forwarding e-mail is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the e-mail — they scan a users' computer for e-mail addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
  • E-mail programs try to address all users' needs. Almost any type of file can be attached to an e-mail message, so attackers have more freedom with the types of viruses they can send.
  • E-mail programs offer many "user-friendly" features. Some e-mail programs even offer the option to automatically download e-mail attachments, which immediately exposes your computer to any viruses within those attachments.

Following are a few tips on what to look out for when it comes to e-mail attachments:

  • Attackers often try to hide malicious files in e-mail archives, such as zip files. As a result, be extra cautious with attachments that have .zip, .rar, .7z file extensions.
  • Office files with macros are also potentially dangerous. Watch out for extensions ending in “m”.
  • Files with double extensions are also suspicious. Remember, the only extension that matters is the last one.
  • It is important to not trust attachments from someone you don’t know.

Verify E-Mails

When consumers receive e-mails that are unexpected, too good to be true, or contain suspicious Links or attachments, they should do one of the following: 

  1. Delete the e-mail immediately if they are certain it is malicious.
  2. Verify the validity of the e-mail through a phone call.

Strong & Complex E-Mail Passwords

Personal e-mail accounts are an important part of a consumer's online activities. These e-mail accounts are used to register for online services, online banking, and social media. It's important that strong and complex passwords are used to protect these e-mail accounts. 

Password Security

Password Secrecy

Passwords should not be shared, and should be stored in a secure way. Passwords should not be transmitted unencrypted. For example, passwords should not be sent via unencrypted email.

Also, passwords should not be re-used. For example, your online banking password should not be the same as your e-mail password.

Password Length and Composition

Password length and composition determines the complexity of a password. The complexity of a password should increase depending on the value or sensitivity of the asset being protected.

Common identifiers such as social security numbers, phone numbers, names, addresses or dictionary words should not be used. 

Complexity is gained through a longer password with more characters; using numbers and letters; using upper and lower case; and special characters.

Password Administrative Controls

All consumers should perform certain password administrative controls including:

  • Periodically changing passwords
  • Ensuring passwords are not re-used
  • Physical or logical security of passwords 

Computer Security

Anti-Virus

All computers that perform any financial or online banking transactions should have up-to-date anti-virus software installed. This software protects the PC from malware that is designed to steal personal and financial information that leads to identity theft and fraudulent transactions. 

Additional Information: Understanding Anti-Virus Software at DHS US-CERT

Firewall

A firewall protects a PC from outside attacks by shielding the PC from malicious of unnecessary internet traffic. 

Additional Information: Understanding Firewalls at DHS US-CERT

Security and Application Patches

Operating systems such as Windows need regular updates that fix problems or vulnerabilities. These are called "patches." The most critical patches are called "security patches."

Individual applications on a PC also require patches. These applications include Microsoft Office, web browsers, JAVA, and Adobe Acrobat. 

Any PC that is used to perform financial or online banking transactions should be patched on a regular schedule.

Additional Information: Understanding Patches at DHS US-CERT

Trusteer Rapport

Luther Burbank Savings offers IBM® Trusteer Rapport to protect your online banking experience and to help achieve sustainable fraud prevention. The easy-to-download software provides multilayered protection by securing user devices against malware infections and phishing attacks by: 

  • Blocking banking malware infections and removing existing malware from protected computers
  • Detecting suspected banking phishing sites on first access

Learn more about Trusteer Rapport by clicking here. To download now, free of charge, click here for PC or click here for Mac.

Web Browsers

It is best security practice to use the most current version of a web browser and to ensure the browser has had all recent patches applied.

Additional Information

Disposal of Information

Paper documents that contain sensitive personal or financial information should be shredded by a cross-cut before disposal or recycling.

Documents that should be shredded contain the following information:

  • Names
  • Addresses
  • Phone numbers
  • E-mail addresses
  • Account numbers
  • Birth dates
  • Passwords and PINs
  • Signatures
  • Social Security numbers

Documents that may contain this information include but are not limited to:

  • Address labels
  • ATM receipts
  • Bank statements
  • Birth certificate copies
  • Canceled and voided checks
  • Credit reports
  • Employee pay stubs
  • Expired credit cards
  • Legal documents
  • Insurance documents
  • Investment, stock and property transactions
  • Medical records
  • Pre-approved credit card applications
  • Resumes
  • Tax forms
  • Transcripts
  • Travel itineraries
  • Used airline tickets
  • Utility bills

Important: For security and privacy reasons, please do not send an email to Luther Burbank Savings which contains personal or financial information such as Social Security numbers, usernames, passwords, account number(s), or credit card number(s). If you have any questions or concerns, please contact us at 888.578.4495, Monday – Friday, 9am to 5pm (PT).