Help Center: Security

Security FAQs

Preoccupied with keeping your banking information safe? So are we.

Banking fraud and identity theft have never been more common, which is why we go to extraordinary lengths to protect our customers’ privacy and security while keeping them informed with security tips and best practices.

If you have a question that isn’t listed below or would like to learn more about how we protect your accounts, contact us directly.

How we protect you

  • What does Bank Midwest do to keep its customers’ accounts safe?

    Secure website

    We’ve secured all of our web pages with SSL encryption. Look at your web browser window and you’ll find “https://” in the website address indicating that it is secure. You may also see a key or padlock icon in your browser window.

    Children’s privacy

    The privacy and safety of children online is a priority for us, and we do not accept online requests from anyone under the age of 18. Our websites are not targeted to or intended for children. The Children’s Online Privacy Protection Act (COPPA) protects children from the online collection of personal information.

    Learn more about children’s privacy.

    Online banking security

    Bank Midwest provides online banking and related services for your convenience. You can easily access your account information and take greater control of managing your money and accounts and still have the peace of mind that your information is kept safe from prying eyes.

    Encrypted data

    We want you to feel safe and secure when accessing online banking. To protect you, we use Extended Validation Secure Sockets Layer (SSL) technology that securely encrypts your personal information such as IDs and passwords. This is a preventative measure that deters anyone but you or bank personnel from accessing your information. High-security browsers will display a green color in the address bar of your web browser indicating the site you’re on is using extended security certificates and is a genuine website.

    Debit card fraud alerts

    We closely monitor fraud trends and card activity in order to identify various factors that may be indicative of fraudulent activity. When we spot something suspicious, we notify customers and give them a chance to confirm whether the transaction is authorized. All debit cardholders are automatically enrolled to receive real-time fraud alerts sent by email, text and/or phone. Click here to learn more about real-time fraud monitoring.

    Account lockout

    We help prevent password guessing with an account lockout feature. Our online banking system automatically locks users out when they incorrectly guess a password multiple consecutive times. Learn how to reset your password.

    Session timeout

    Online banking sessions have a time limit for inactivity. If you logged in but left your computer or haven’t been active in your online banking session for several minutes, the system will automatically log you out in order to prevent anyone else from accessing your account.

    Trusteer for fraud prevention (Cash Management customers only)

    We’ve partnered with IBM® to offer Trusteer Rapport™ to all of our cash management customers for free. Trusteer works with your existing antivirus tools to provide additional protection against financial malware and phishing scams that seek to bring your organization to its knees. It runs in the background without slowing down your computer and is easy to use. Learn more about Trusteer.

Online banking security

  • Can I recycle a different password for my online banking account?

    We highly discourage it. Hundreds of millions of electronic records are lost or stolen in data breaches every year, including usernames, passwords and personal information. Hackers use a tactic called credential stuffing in which they input stolen credentials from one online service into as many other services as possible with the hope that the same username and password have been used elsewhere on the web. This puts anyone who has used the same username and password for multiple services at risk.

  • What makes a strong password?

    Information security experts recommend 9–12 characters (longer is always better), including some upper case letters, numbers and symbols. Try to use words or phrases that are hard to guess (not your first child’s name or your street). “Password1234” and other simple password combinations might be easy to remember, but they’re also easy to guess.

  • What is phishing and how do I avoid it?

    Phishing scams trick online users into giving away sensitive information such as online banking username and login. Fraudsters might send emails or text messages claiming to be a legitimate institution asking for personal information, and they’ll often use urgent language.

    One of the most common examples is the fake password reset. A fraudster pretends to be your bank and claims that you must reset your password. They might include a link that navigates to a fake password reset page intended to steal your login information.

    Bank Midwest never asks customers for private information such as a Social Security number, ID, address, username or password. Do not open or respond to any such emails, from us or from anyone else, and never send that information through email to anyone.

    Other tips to help you avoid online phishing:

    • Don’t respond to emails, open links or download attachments from unknown senders.
    • Don’t open file attachments from known senders that are sent without any context. This could be a sign that the contact’s email has been hacked and the perpetrator’s using it to spread malware.
    • Never send sensitive information over email.

    If you’re worried about the validity of an email or text message sent on behalf of Bank Midwest, contact us directly at 888.902.5662.

  • What are some general tips for secure online banking practices?

    Avoid writing down your username and passwords.

    You’re much better off using a password manager.

    Always log out of your latest online banking sessions.

    This is especially true on public or shared computers.

    Avoid using online banking on public computers. 

    They could have keyloggers (which actually track user keystrokes) and other forms of malware installed on them.

    Do not use online banking on public Wi-Fi.

    And if you must, use a VPN, as this is only to make sure your information cannot be intercepted.

    Bookmark our banking site.

    This is a precautionary step that can help you ensure you’re always at the right spot, and not on a look-alike site designed to steal your information. Our online banking login page is available here.

Mobile banking security

  • Is mobile banking safe?

    It’s about as secure as any other form of banking presuming you’re careful:

    • Download your Bank Midwest app from a trustworthy source such as the Apple App Store or Google Play.
    • Password protect your smartphone or tablet either with a PIN code or a biometric token such as a fingerprint or face scan.
    • Use a long and complex password or set up a biometric login (e.g., Apple TouchID).
    • Don’t use your mobile banking app on public Wi-Fi.
    • Be mindful of prying eyes when you’re banking on your device in a public space.
  • Can I set up mobile banking alerts with my Bank Midwest app?

    Yes, and you should. One of the ways Bank Midwest keeps your mobile app safe is by letting you opt-in to receive emails for a variety of different alerts. For example, you can choose to get an alert when your personal settings are updated, or if you change a mobile username or password. These alerts can help you quickly flag suspicious activity that could indicate someone other than you is accessing your account through mobile banking.

    Learn more about mobile security alerts.

  • Should I set up biometric login for my Bank Midwest app?

    It’s up to you. Biometrics can represent a highly secure and more convenient alternative to traditional usernames and passwords on compatible devices. However, biometric login today is more of a convenience factor since most mobile banking apps, including the Bank Midwest app, can still be accessed with online banking credentials.

    Customers using Apple devices can set up a Face ID or Touch ID, depending upon your device, to quickly log in using biometrics.

    Users on IOS devices can learn more about setting up TouchID and other login shortcuts here.

  • What should I do to protect my device in case it gets lost stolen?

    Password protect your device or setup a biometric login.

    This will make it difficult if not impossible for anyone who isn’t you to log in. Remember, it’s not just your mobile banking app you should be worried about. Anyone who has your phone can access your money in other ways, such as hijacking your online shopping accounts.

    Set up “Find My iPhone” or the Android equivalent, “Find My Device.”

    This will help you locate your lost smartphone as long as the device is powered on and connected to the internet. It will also give you the option to wipe your device remotely. As drastic as that may sound, it may be necessary to keep your personal information secure. For this reason, we also recommend creating a backup for your device (either on a remote drive or on the cloud).

  • What should I do after my device has been stolen?

    Disable mobile banking. 

    You can do this through the Bank Midwest online banking portal or by calling us at 888.902.5662.

    See if you can find it with your device-finding feature. 

    Who knows? A good Samaritan at the coffee shop may have turned your device in for you. See if you can locate it before you go with the nuclear option. But don’t go knocking on strangers doors without the police.

    Wipe your device.

    You have to know when to cut your losses. If you can’t find the device, or the police can’t help you, it might be time to wipe it. It’s unfortunate, but it’s better than having your personal data exposed.

    Update all of your passwords.

    This probably isn’t necessary if you have used a passcode and also wiped your device, but it certainly can’t hurt. If you haven’t password protected your phone and/or you cannot wipe it, this is priority No. 1.

    Learn how to reset your Bank Midwest password.

Online security

  • What are some steps to stay safe online?

    Keep an eye on your account activity.

    Bank Midwest works hard to flag questionable transactions, but no one knows your purchases better than you. Let us know the second you spot something suspicious. Do the same for your other accounts as well.

    Look for the “s” in “https://” that comes before every website’s URL. 

    It stands for “secure.” If you don’t see it, then don’t share any information with the site.

    Be careful where you shop on the web.

    Reference the Better Business Bureau, the Federal Trade Commission or online reviews to make sure a merchant you’re buying from for the first time is legitimate.

    Only download apps from reputable app stores.

    This will help eliminate the risk of downloading applications that are laced with malware or that are none secure.

    Use an antivirus tool. 

    It can help you detect keyloggers, trojans and other threats that are silently lurking in the background.

    Backup data that’s important to you

    Use an external harddrive or the cloud, but just make sure that the files and information you hold dear aren’t lost forever.

Offline security

  • What are some ways to keep my banking information safe offline?

    Don’t carry your Social Security card on you.

    And don’t give the number out unless it’s absolutely necessary.

    Avoid getting checks sent directly to your house.

    The idea of having a book of unwritten checks sitting in your mailbox makes us a little nervous. Consider having them sent to a safe PO box or to your local Bank Midwest branch.

    Shred all sensitive documents before throwing them away.

    This includes statements, bills and pre-approved credit offers.

    Collect your mail daily. 

    If you’ll be out of town, arrange for mail holding with your post office.

    Sign up for online banking.

    Not just with Bank Midwest, but also with any other financial services you may use. This will save you the trouble, and the risk, of manually receiving and sending payments that can be lost in the mail or stolen.

    Keep sensitive documents in a safe place.

    This includes Social Security cards, credit cards, loan information.

    Don’t give out payment or personal information over the phone.

    Especially if you don’t know the caller or if you’re in public.

    File your taxes ASAP.

    The longer you wait, the greater the chances that a fraudster will attempt to file on your behalf.

    Avoid sketchy or unmarked ATMs. Use our network MoneyPass ATMs for secure, fee-free banking. If there are none immediately nearby, use a trustworthy, non-network ATM. Bank Midwest rebates up to $20 in fees each statement cycle.

  • What should I do if my checkbook is lost or stolen?

    Contact us immediately at 888.902.5662 to freeze your account.

Phone Scams

  • How do I spot a phone scam?

    Someone you don’t know calls you and asks for personal or banking information.

    They’re most likely a scammer trying to collect personal information. If a caller claims to be from an established organization such as a hospital, a charity, or a law enforcement agency, look up the number of the organization yourself.

    They claim an emergency and/or insist on secrecy.

    Scammers try to get you to take action quickly without assessing the situation long enough to realize it’s a scam. It’s a red flag if they discourage you from seeking information, verification, support and counsel from family, friends or trusted advisers before making a financial transaction.

    They ask for your account password. Legitimate businesses will never ask for your account passwords, so don’t give them out.

  • What are some common examples of phone scams?

    ‘This is the IRS, you owe us money.’

    The IRS will almost never call you, and they certainly won’t ask for your debit card number over the phone so you can pay off your taxes. The same applies for most government agencies. If you receive a call from someone claiming to be from the government, and that person is requesting personal information, hang up.

    ‘We can fix your Google business listing.’Maybe, but they most likely just want to get some information from you. Don’t give it to them.

    ‘We need to confirm your loan details’There’s no reason that a legitimate lender would need to randomly confirm your loan details. The scammer may even tell you that this is for your own security, or that there has been suspicious activity. Hang up. And if you’re in doubt, call your lender.

Identity theft

Cases of identity theft each year number in the tens of millions. You can help avoid putting yourself at risk by following online and offline security best practices.

But even the most careful individuals can have their identities stolen through no shortcoming of their own. Large-scale data breaches involving the likes of Equifax, Facebook and many others have exposed data that can be used as instruments toward identity theft.

Vigilance is your best defense.

  • What can I do to monitor my credit?

    Make sure you check your credit report at least once a year.

    This will help you spot any accounts that you didn’t open or suspicious inquiries.

    Be on the lookout for suspicious activity. 

    If you start getting billed for services you don’t use or called about debts that don’t pertain to you, access your credit report immediately. Also keep an eye out for suspicious withdrawals from your bank account, or any attempts to file taxes in your name.

  • How do I request a free credit report?

    The Fair and Accurate Credit Transactions Act (FACT Act) guarantees free access to your credit report every year. Take advantage of this offer. Carefully review your report to pinpoint any inaccuracies and find incomplete information or fraudulent use.

    Order Your Free Annual Credit Report Online or call 877.322.8228. Contact the appropriate credit bureau with any questions about your report:

    • Equifax: 800.525.6285
    • Experian: 888.EXPERIAN (397-3742)
    • TransUnion: 800.680.7289
  • What should I do if my identity has been stolen?

    1. Freeze any of your compromised accounts.

    If you discovered the fraud by way of suspicious banking activity or charges to a line of credit, the first course of action is to keep your money safe.

    2. Place a fraud alert on your credit reports.

    You can do this by contacting any one of the three nationwide consumer reporting companies; whichever bureau you call will inform the others. Use the toll-free numbers below to activate an initial one-year fraud alert:

    • Equifax: 800.525.6285
    • Experian: 888.EXPERIAN (397.3742)
    • TransUnion: 800.680.7289

    A fraud alert simply tells creditors to contact you before opening any new accounts or changing existing accounts. It’s free, and can be re-issued as needed.

    3. Report the fraud to the FTC.

    You can do this online through IdentityTheft.gov or by calling 1 (877) 438-4338. It’s an important step that will give you access to affidavit, forms and other documentation you may need as evidence to close fraudulent accounts and begin the recovery process.

    4. Review your credit report and close any fraudulent accounts.

    When you place a fraud alert, you can order free copies of your credit report. Take the following steps:

    • Review your report for inquiries from companies you haven’t contacted, accounts you didn’t open and debts on your accounts that you can’t explain.
    • Close any unauthorized accounts by calling the security or fraud departments of each company where you know or believe an account has been fraudulently accessed or opened. You may need to provide supporting documents to support your claim.
    • Make sure you follow-up your request in writing.
    • Request verification that accounts have been closed and any fraudulent debts discharged.
    • Keep copies of documents and records of your conversations about the theft.

    5. Open new accounts. 

    Secure new usernames, passwords, PINs, etc. from credit card companies, phone and utility companies, banks and other financial institutions.

    6. File a police report.

    File a report with your local police, or the police where the identity theft took place. Keep a copy of the report just in case your creditors need proof of the crime.

    8. Consider initiating an extended fraud alert of credit freeze.

    An extended fraud alert lasts for seven years. It can be initiated through any one of the three credit bureaus. A credit freeze means that no one can access your credit report.

FDIC protection

Bank Midwest is a member of The Federal Deposit Insurance Corporation (FDIC). This is an independent agency of the U.S. Government that insures $250,000 worth of deposits per depositor.

  • What accounts are insured?

    The FDIC insures deposits held in the following types of accounts up to the insured limit:

    • Checking
    • Negotiable Order of Withdrawal (NOW)
    • Savings
    • Money market deposit accounts
    • Certificates of Deposits (CDs)
  • What accounts are not insured?

    The FDIC does not insure the money you invest in:

    • Stocks
    • Mutual funds
    • Life insurance policies
    • Annuities
    • Municipal securities