How do I know if a banking email is real?
Check the domain, avoid unexpected attachments, do not share one-time codes and sign in by typing the bank address directly.
Questions and answers
Security and fraud questions
Guidance about safe sign-in, device trust, suspicious messages and account protection.
Should I share a one-time code?
No. One-time codes should not be shared with anyone, including someone claiming to represent a bank or support desk.
What is a trusted device?
A trusted device is a browser or app instance that has passed verification. Customers should remove old or unknown devices.
How do I report fraud?
Lock cards immediately, change passwords from a trusted device and contact support with transaction details.
Can I use passkeys?
Passkeys can reduce password risk by using device-backed authentication. Availability depends on browser and device support.
Why did I receive a security alert?
Alerts can be triggered by new devices, profile changes, unusual transaction patterns or repeated failed sign-in attempts.