In an increasingly digital age, protecting our customers’ data is one of OppFi’s top priorities. Our model for security comprises best in class talent, technology, data, and controls – to ensure you can do business with OppFi safely, securely and with confidence.
We’ve brought together experts in cybersecurity, fraud, physical security, crisis management, governance, and risk management to strengthen our ability to detect threats and continuously improve our response strategies. Cybersecurity is a very important aspect of our business – this work helps ensure that your data is secure.
We also know it is important to provide security guidelines around protecting your privacy and security to our customers. On this site you’ll find everyday security tips to help you avoid falling victim to identity theft or fraud.
Keeping your identity secure
One of your most valuable assets today is your identity. If fraudsters get access to your personal information, they can access your accounts, set up credit cards in your name, make purchases on your behalf, and much more. We need to work together to keep this information protected.
What information do you need to protect?
You need to protect any piece of information that can be used to identify you. Some examples include your Social Insurance Number (SIN), Personal Identification Numbers (PINs) to access accounts and verification questions and answers.
The only organizations you should share your SIN with are your employer, the federal government, and your financial institution.
In this digital age, we can perform many of our financial transactions through mobile, online or by telephone. While it’s fast, easy and offers many conveniences, it can also open the door to fraudsters. Here are tips to help make sure you online safely, securely and with confidence:
- Keep your operating system software up to date. Fraudsters often target older versions of software to launch malicious programs; make sure you are using security software products that include firewall, antivirus, anti-spam, and anti-spyware.
- When making transactions online, make sure you’re accessing the true website by looking for the “closed lock” icon. The website should also start with “https.”
- Avoid using public computers – these include computers in libraries and internet cafes. They could be carrying malicious software that can record your information.
- Frequently delete your cookies as fraudsters can use them to access your private information.
- Make sure your wireless connection at home is encrypted and password-protected to ensure no one else can use your connection without your permission.
- Protect your mobile and tablet devices. Make sure no one is reading information from your device’s screen; don’t use public Wi-Fi for conducting financial transactions and don’t store your passwords on your device.
- Ensure your mobile devices are password-protected and locked when not in use. This ensures your information is protected if your device is lost or stolen.
Password and Personal Identification Numbers (PINs)
PINs and passwords are the gatekeepers to your money and accounts. They identify you as the authorized user of your accounts (debit card, credit card, online, telephone, etc.) and give you access to your money. It’s critical you create strong PINs and passwords and never share them with anyone.
Protecting Your Passwords & PIN
Never reveal your passwords to others. Your login credentials protect information as valuable as the money in your bank account.Nobody needs to know them but you—not even the IT department. If someone is asking for your password, it’s a scam. Here are password best practices:
- Use a different password/PIN for each account.
- Make your passwords at least 8 characters long, and include special characters and numbers, or better yet catchphrases.
- Don’t use words from dictionaries, seasons, calendar dates or common phrases.
- Don’t use dates personal to you that are easily guessed (e.g. birthday, anniversary).
- Use different passwords for different accounts. That way, if one account is compromised, at least the others won’t be at risk.
- Use multi-factor authentication (MFA) which adds another layer of protection in addition to your username and password. Generally, the additional factor is a token or a mobile phone app that you would use to confirm that you really are trying to log in.
- Use a password manager. Password management tools, or password vaults, are a great way to organize your passwords. They store your passwords securely, and many provide a way to back-up your passwords and synchronize them across multiple systems.
Protecting your passwords and PINs is one the most effective ways to protect yourself against fraud and identity theft. Here are some tips to keep your passwords safe:
- Don’t share your passwords with anyone.
- Don’t store them in easily accessible places such as your desk, car, wallet, or under your keyboard.
- When entering your Password or PIN make sure no one is watching you as you.
Phishing is one of the most used and effective ways cybercriminals attack individuals everyday through email (phishing), text (smishing), or voicemail (vishing). Cybercriminals pretend to be a legitimate source, they try to obtain personal information from you, or encourage you to click a link or download an attachment that could install malware (malicious software) on your device.
Phishing, in general, casts a wide net and tries to target as many individuals as possible. However, there are a few types of phishing that hone in on particular targets.
Spear phishing is a type of targeted email phishing. In a spear phishing attack, the social engineer will have done their research and set their sites on a particular user. By scouring through the target's public social media profiles and using Google to find information about them, the attacker can create a compelling, targeted attack.
Whaling is another targeted phishing scam. However, in whaling, rather than targeting an average user, social engineers focus on targeting higher-value targets like CEOs and CFOs. Whaling gets its name due to the targeting of the so-called "big fish" within a company.
While phishing is used to describe fraudulent email practices, similar manipulative techniques are practiced using other communication methods such as phone calls and text messages.
Vishing (short for voice phishing) occurs when a fraudster attempts to trick a victim into disclosing sensitive information or giving them access to the victim's computer over the telephone. One popular vishing scheme involves the attacker calling victims and pretending to be from the IRS. The caller often threatens or tries to scare the victim into giving them personal information or compensation. Vishing scams like the one often target older-individuals, but anyone can fall for a vishing scam if they are not adequately trained.
Smishing (short for SMS phishing) is similar to and incorporates the same techniques as email phishing and vishing, but it is done through SMS/text messaging.
Here are some tips to help you avoid phishing attacks:
- Double-check links in emails by hovering over them with your cursor.
- Read emails carefully. Impersonal or generic greetings, spelling mistakes and grammatical errors are all signs of a potential scam.
- Don’t respond to emails, texts or phone calls from companies or people you don’t know.
- If you receive an email, text or call asking you to urgently reply, click on a link, verify your account, or reset your password, check with the company before you respond. Don’t feel pressured to respond to an urgent request.
- Don’t click on attachments from unknown sources.
- Don’t enter personal or credit information into a form that is linked in an email. If you think the email is legitimate, call the company or visit their website and log in securely before you enter the requested information.
If you notice suspicious activity of any kind on any of your OPPFI accounts, please let us know at firstname.lastname@example.org. Report a lost or stolen card as soon as possible by calling the number on your account statement or OppFi website.