How to Protect Your Bank Accounts From Unauthorized Use

Bank account fraud has shifted from physical theft to digital access. Most unauthorised transactions today happen because of compromised credentials, social engineering, or account takeover. The protections available are effective, but most require you to set them up proactively.

Your Federal Protections

Before covering prevention, it is worth knowing your rights if fraud does occur.

Debit cards and electronic transfers: Under the Electronic Fund Transfer Act (EFTA), your liability depends on how quickly you report:

Report debit card fraud to your bank as soon as you notice it. Speed directly affects your liability.

Credit cards: Under the Fair Credit Billing Act, your liability for unauthorised credit card charges is capped at $50, and most issuers have zero-liability policies for promptly reported fraud.

ACH transfers: If someone initiates an unauthorised ACH transfer from your account, report it to your bank within 60 days of the statement showing the transaction.

Enable Transaction Alerts

This is the single most effective fraud detection tool available. Set up alerts for:

• Every transaction (recommended for debit cards)
• Transactions over a specific threshold (e.g., over $50)
• Online or card-not-present transactions
• Account login from a new device
• Password or contact information changes

Most banks offer these through their mobile app or online banking under Settings or Notifications. Alerts arrive by text or email within seconds of a transaction, allowing you to report fraud before it compounds.

Secure Your Online Banking Access

Use a unique password for your bank. Do not reuse it on any other site. A password exposed in a retail data breach could give scammers access to your bank if the same password is used.

Enable two-factor authentication. Most banks now offer 2FA. Use an authenticator app rather than SMS codes when the option is available.

Never share one-time codes. Your bank sends these codes only for you to use yourself. Any caller asking you to read back the code "to verify your identity" is a scammer, regardless of what number they are calling from.

Log out after each session on shared or public computers. Do not use banking apps on public Wi-Fi without a VPN.

Protect Against Common Attack Methods

Phone scams (bank impersonation): A caller says they are from your bank's fraud department and there is suspicious activity. They ask for your one-time code, account number, or to "confirm" a transaction. Your bank will never ask for a one-time code over the phone. Hang up and call the number on the back of your card.

Phishing emails: Fake emails mimicking your bank ask you to click a link and verify your login. Always go to your bank's website directly by typing the address. Never click links in unexpected banking emails.

SIM swapping: Scammers convince your carrier to transfer your phone number to their SIM, bypassing SMS-based 2FA. Protect against this by setting a PIN or passphrase on your carrier account and switching to app-based 2FA for banking.

Zelle and payment app fraud: Zelle transfers are instant and essentially irreversible. Never send money via Zelle to someone you have not independently verified. If you are told to send money to yourself "to stop fraud," that is a scam.

What to Do If You Notice Unauthorised Activity

Step 1: Call your bank immediately using the number on the back of your card or on their official website. Do not use contact information from an email or pop-up.

Step 2: Report the specific transactions as unauthorised. Ask the bank to freeze or close the compromised account and issue new account numbers.

Step 3: Change your online banking password and enable 2FA if not already active.

Step 4: Review all transactions for the past 60 days for any other unauthorised activity.

Step 5: If your debit card or banking credentials were involved in a broader identity theft, report to IdentityTheft.gov and consider a credit freeze.

Where to Report if Your Bank Does Not Resolve It