Online Banking Security
Education
To learn about online banking security, download the Online Banking Customer Awareness and Education Program.
Enrollment
The safety and security of your personal information is important to Luther Burbank Savings.
Please enroll in Online Banking to get started. Enrollment instructions are available within the enrollment screen. The application process requires the following information:
- First Name
- Last Name
- Social Security Number (or Tax ID for a business account)
- Date of Birth
- Your Email address
- Account Number
- Zip Code (physical address)
If the data entered matches that within our records, access will be immediately granted. If it does not, an error message will appear on the screen. If an error message does appear, you may contact us to confirm your account details and/or whether or not your relationship to the account qualifies for online banking access.
Questions regarding signing up:
- Send an email to internetbanking@lbsavings.com
- Visit any one of our branches
- Call us at 888.578.4495, Monday – Friday, 9am to 5pm (PT)
Login Name Requirements
Your Login Name must be 6 - 19 characters of any combination of letters and numbers.
It is best security practice to use a login name that is more random and not based on any easily determined format or commonly available information.
Password Requirements
Password format requirements are as follows:
- Passwords must be 9 - 17 characters and a combination of numbers and letters containing at least one alpha and one numeric character.
- Passwords cannot read the same backward and forward.
- May contain special characters, with the exception of; #, &, and @
- Cannot be same as SSN / TIN
- Cannot be same as Login Name
- Must contain letters and numbers
- Passwords are case-sensitive
As an added security, you will be required to change your password semi-annually.
Online Banking Alerts
Online banking at Luther Burbank Savings provides an additional layer of security through various types of alerts. These alerts are generated and sent via e-mail when specific account conditions occur including:
- Balance Alerts
- Transaction Alerts
- Bill Payer Alerts
- Profile Changes
Multi-Factor Authentication
Online banking at Luther Burbank Savings utilizes risk-based authentication based on individual user and device profiles. When online activity is rated as unusual or uncharacteristic, an additional layer of security is required. The user will be presented with a security challenge question. The answers to these questions are provided to the Bank during initial enrollment, and can be changed anytime by logging into Online Banking and selecting "Profile" within the Security Data section.
Browser & Encryption Security
Online banking resides on a secure server and uses encryption to protect the communications between customer browsers and the online banking server. It's important the online banking users regularly update their browser to ensure that they are using up-to-date browser technology.
Browser Requirements
You must use a browser that meets or exceeds the following requirements:
- 128-bit encryption
- You must have Cookies and JavaScript enabled
- We support Internet Explorer, Edge, Firefox, Google Chrome and Safari
Account Activity & Statements
All consumers that maintain financial accounts at Luther Burbank Savings or any other financial institution should monitor the account activity and statements on a regular basis for suspicious or fraudulent activity. Customers that suspect fraudulent account activity should contact their financial institution.
- Visit or contact your local branch
- Report a lost or stolen VISA debit card
Unauthorized Access to Online Banking Accounts
Maintaining the privacy of your online banking logon credentials including your username and password is a critical safeguard against unauthorized access to online accounts.
In addition, it is imperative that online users fully log off and close the web browser after conducting online activities. This is especially critical when a public computer has been used to access online banking such as a computer in a hotel lobby or public library.
Additional Online Banking Security Information
Customer Awareness and Education Program - Luther Burbank Savings
Protect Your Identity - American Bankers Association
Mobile Security
Luther Burbank Savings is committed to the security of our customers' personal information. Our privacy and security safeguards provide end-to-end protection of your personal and transactional information on the Luther Burbank Mobile Apps; Zelle; Mobile Deposit; and Online Banking. Personal information including user IDs, passwords; and account information are encrypted. Other safeguards protect enrollment, authentication, device activation and password security.
Luther Burbank Savings recommends that our customers better understand how to protect themselves from cybercrime. Please visit the resource below to learn more about cyber security:
Department of Homeland Security—US Computer Emergency Readiness Team (US-CERT)
Online Security
E-Mail Security
Malicious E-Mails
It's called a "phishing attack" when a fraudulent e-mail pretending to represent a financial institution is sent to a consumer. The e-mail, in some manner, is attempting to trick the consumer into providing sensitive personal information such as an account number, password, username or social security number.
The malicious e-mail may also contain a link or attachment that, if clicked or opened, will load malware onto the consumers PC. Malware is a type of malicious software that is designed to collect sensitive financial and personal information. This is called "pharming." This can lead to identity theft or unauthorized access to online banking accounts.
E-Mail Attachments
Some of the characteristics that make e-mail attachments convenient and popular are also the ones that make them a common tool for attackers:
- E-mail is easily circulated. Forwarding e-mail is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the e-mail — they scan a users' computer for e-mail addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
- E-mail programs try to address all users' needs. Almost any type of file can be attached to an e-mail message, so attackers have more freedom with the types of viruses they can send.
- E-mail programs offer many "user-friendly" features. Some e-mail programs even offer the option to automatically download e-mail attachments, which immediately exposes your computer to any viruses within those attachments.
Following are a few tips on what to look out for when it comes to e-mail attachments:
- Attackers often try to hide malicious files in e-mail archives, such as zip files. As a result, be extra cautious with attachments that have .zip, .rar, .7z file extensions.
- Office files with macros are also potentially dangerous. Watch out for extensions ending in “m”.
- Files with double extensions are also suspicious. Remember, the only extension that matters is the last one.
- It is important to not trust attachments from someone you don’t know.
Verify E-Mails
When consumers receive e-mails that are unexpected, too good to be true, or contain suspicious Links or attachments, they should do one of the following:
- Delete the e-mail immediately if they are certain it is malicious.
- Verify the validity of the e-mail through a phone call.
Strong & Complex E-Mail Passwords
Personal e-mail accounts are an important part of a consumer's online activities. These e-mail accounts are used to register for online services, online banking, and social media. It's important that strong and complex passwords are used to protect these e-mail accounts.
Password Security
Password Secrecy
Passwords should not be shared, and should be stored in a secure way. Passwords should not be transmitted unencrypted. For example, passwords should not be sent via unencrypted email.
Also, passwords should not be re-used. For example, your online banking password should not be the same as your e-mail password.
Password Length and Composition
Password length and composition determines the complexity of a password. The complexity of a password should increase depending on the value or sensitivity of the asset being protected.
Common identifiers such as social security numbers, phone numbers, names, addresses or dictionary words should not be used.
Complexity is gained through a longer password with more characters; using numbers and letters; using upper and lower case; and special characters.
Password Administrative Controls
All consumers should perform certain password administrative controls including:
- Periodically changing passwords
- Ensuring passwords are not re-used
- Physical or logical security of passwords
Computer Security
Anti-Virus
All computers that perform any financial or online banking transactions should have up-to-date anti-virus software installed. This software protects the PC from malware that is designed to steal personal and financial information that leads to identity theft and fraudulent transactions.
Additional Information: Understanding Anti-Virus Software at DHS US-CERT
Firewall
A firewall protects a PC from outside attacks by shielding the PC from malicious of unnecessary internet traffic.
Additional Information: Understanding Firewalls at DHS US-CERT
Security and Application Patches
Operating systems such as Windows need regular updates that fix problems or vulnerabilities. These are called "patches." The most critical patches are called "security patches."
Individual applications on a PC also require patches. These applications include Microsoft Office, web browsers, JAVA, and Adobe Acrobat.
Any PC that is used to perform financial or online banking transactions should be patched on a regular schedule.
Additional Information: Understanding Patches at DHS US-CERT
Trusteer Rapport
Luther Burbank Savings offers IBM® Trusteer Rapport to protect your online banking experience and to help achieve sustainable fraud prevention. The easy-to-download software provides multilayered protection by securing user devices against malware infections and phishing attacks by:
- Blocking banking malware infections and removing existing malware from protected computers
- Detecting suspected banking phishing sites on first access
Learn more about Trusteer Rapport by clicking here. To download now, free of charge, click here for PC or click here for Mac.
Web Browsers
It is best security practice to use the most current version of a web browser and to ensure the browser has had all recent patches applied.
Additional Information
Disposal of Information
Paper documents that contain sensitive personal or financial information should be shredded by a cross-cut before disposal or recycling.
Documents that should be shredded contain the following information:
- Names
- Addresses
- Phone numbers
- E-mail addresses
- Account numbers
- Birth dates
- Passwords and PINs
- Signatures
- Social Security numbers
Documents that may contain this information include but are not limited to:
- Address labels
- ATM receipts
- Bank statements
- Birth certificate copies
- Canceled and voided checks
- Credit reports
- Employee pay stubs
- Expired credit cards
- Legal documents
- Insurance documents
- Investment, stock and property transactions
- Medical records
- Pre-approved credit card applications
- Resumes
- Tax forms
- Transcripts
- Travel itineraries
- Used airline tickets
- Utility bills
Important: For security and privacy reasons, please do not send an email to Luther Burbank Savings which contains personal or financial information such as Social Security numbers, usernames, passwords, account number(s), or credit card number(s). If you have any questions or concerns, please contact us at 888.578.4495, Monday – Friday, 9am to 5pm (PT).