Security Center

At Amalgamated, the safety and security of your account(s) is our top priority. Browse the topics below to learn more about how we protect your personal information and finances, and what you can do to further protect yourself and your account(s). For further assistance with fraud and security measures on your account, please contact our Fraud Help Line at 800-792-7510.

ATM Safety Tips
Amalgamated Bank is committed to your safety. The security department has installed the latest in surveillance cameras and DVR at all of our branches. This alone will not guarantee your safety. You need to be proactive in your approach to safety. Listed below are some safety recommendations that you should practice while using an ATM.
1. Use common sense and be aware of your surroundings before, during, and after you use an ATM.
2. If you observe or sense suspicious persons or circumstances, do not use the machine at that time.
3. Notice if anything looks unusual or suspicious about the ATM, indicating it might have been tampered with. If the ATM appears to have any attachments to the card slot or key pad, do not use it and inform the bank. If you suspect that the ATM has been tampered with, do not use the ATM and inform the bank.
4. If you have dipped your card starting a transaction and have to leave the ATM prior to completing the transaction, always press the cancel key and verify that the ATM comes back to the welcome screen. This will signal the end of your ATM session.
5. Be careful that no one can see you enter your PIN at the ATM. Use your body to "shield" the ATM keyboard as you enter your PIN into the ATM.
6. Close the entry door completely upon entering and exiting this facility, when card access was required to enter during non branch banking hours.
7. Do not permit entrance to any unknown person at any time, if card access was required to enter.
8. Place withdrawn cash securely upon your person before exiting the ATM facility.
9. If anyone follows you after you leave the ATM, go immediately to a heavily populated, well-lit area and call the police.
10. Never write your PIN on your ATM card.
11. Never give your card or pin to anyone to do a transaction for you.
These tips are meant to make you aware that, although rare, ATM crime can happen. Preventing such a crime must be a cooperative effort between you and your bank. As far as your security is concerned, you can never be too careful, too prepared, or too aware.
Business Email Compromise
Through Business Email Compromise, e-mail and data breaches on the vendor side can leave your account susceptible to attack and subject to the loss of significant funds.

To protect your organization, it is important to conduct due diligence before sending funds electronically, including:
- When you receive a payment request from your vendor via e-mail, contact them through a different method (i.e. phone call to the number on file) for verification
- If the payment instruction includes new bank or account information be vigilant with authentication
- Be careful with sharing identifying information online or on social media
- Don’t click on anything in an unsolicited email or text message asking you to update or verify account information and verify the company’s phone number independently
- Carefully examine the email address, URL, and spelling used in any correspondence. Pay attention to minute details including spellings and verify that the site is trusted
- Never open an email attachment from someone you don't know and be wary of email attachments forwarded to you
- Confirm requests for transfers of funds or make changes to an account by using phone verification as part of a two-factor authentication using previously known numbers on file
- Once your vendor confirms the authenticity of their request, ask for an additional e-mail confirming the phone verification. This is important if the phone call was not on a recorded line
- Be wary if the requestor is pressing you to act quickly
Check Fraud
Check Fraud refers to a category of criminal acts that involve making the unlawful use of one or more checks or checking accounts in order to illegally acquire or borrow funds that do not exist within the account balance or account-holder’s legal ownership. Most methods that are used by the violator involve taking advantage of the float (the time between the negotiation of the check and its clearance at the check-writer’s bank) to draw out these funds.
Have you ever received a letter, email, or telephone call from a stranger that started something like:

You’ve won the lottery! Now, just wire us some money.
or
Help us transfer funds to the U.S. and you’ll be rewarded.
or
We are an international corporation and need your assistance. All you have to do is clear checks through your account, wire us the money, and take a percentage for yourself.
or
You've inherited money from a relative you don't know.
or
You are selling something and the potential buyer sends you more than the asking price.

Beware! This is how a typical fraud scheme might start. They lure you in with a get rich quick proposal. The only one who gets rich is the person behind the scheme. If you accept checks or wires into your account and they are fraudulent, you will lose not only your money but could be subject to criminal prosecution. Keep the following in mind the next time you receive that get rich quick proposal from a stranger.
- Be wary of any offer that sounds unreal or too good to be true. It usually is.
- Be suspicious of any offer that requires you to wire money, withdraw cash from your account, or provide account information.
- Verify any calls or emails that you receive about a security or fraud investigation with your bank or financial institution.
- Be wary of telemarketers who want to “draft” your bank account. Do not provide your bank account or personal information over the phone to strangers.
- Be wary of any individual that approaches you outside the bank or in the parking lot and needs you to withdraw money from your account for any reason.
Other things you can do to protect yourself:
- Review your accounts regularly using Online Banking. The sooner fraud is detected, the lower the impact. With Online Banking, you have time on your side because you can view your account daily, and immediately notice any irregularities. You can also set up email alerts that notify you when your account hits certain levels. Online Banking also removes the additional risk of mail fraud.
- Monitor your credit report annually. Look for any new accounts that may be opened that are not yours and alert the credit bureau with any suspicious information.
- Be alert for any irregularities. Did you not receive a bill or statement? Are there unexpected charges on any of your accounts, or charges from unknown vendors? Are there posted checks that are out of sequence? Have you been denied credit for reasons that don't match your financial profile? Are you getting calls from creditors or debt collectors about bills you know nothing about? When you see something unusual, check it out.
- Stay current with the latest fraudulent activities—online and off.
If you would like to know more about Check Fraud or how to protect yourself against Check Fraud, check out this page from the Federal Trade Commission (FTC).

Another excellent resource is the National Consumers League (NCL), the nation's oldest nonprofit consumer organization and a central source of information and advice about fake check scams. NCL works in collaboration with the Alliance for Consumer Fraud Awareness, a coalition of consumer and business organizations, government agencies, and companies that are committed to fighting fake check scams.

Other useful links:

US Postal Inspectors Service

Federal Trade Commission Home
Elderly Fraud
It can be challenging to protect an elderly loved one from financial abuse in any scenario, but COVID-19 exacerbates the problem. Best practice is to stay in touch by phone or video calls. By staying in touch, you are more likely to detect the signs of exploitation.

Red flags:
- Unsolicited phone calls offering products, anti-malware services, cheap medicines, or “won a lottery”
- Changes to estate planning documents
- Odd spending habits or purchases
- Unusual or unexplained ATM withdrawals
- Bills going unpaid
- New accounts being opened up in the elderly person’s name
- Credit cards arriving by mail
- Adding names to real estate, bank accounts, or retirement accounts
- Personal items missing from your loved one’s home
- Newly made friends, acquaintances getting closer
- Widows and widowers are told that their spouse had outstanding debts that must be settled
Warning Signs:
- Care is offered to you in exchange for signing over property or power of attorney
- Your caregiver is using your funds for personal reasons
- Unexplained new and unusual withdrawals, a rise in credit card activity or a change in account beneficiaries
- Being asked or forced to sign documents you haven’t read or don’t understand
- Threatened with harm if you do not agree to certain financial arrangements that are not in your best interest, including access to your finances
- You are asked or coerced to take on someone else’s financial responsibilities, with no regard for your own needs or financial situation
- Unauthorized changes are made to your property title, deeds, mortgages or other financial documents
- You receive notices of unpaid bills, even though you have paid them or have the funds to cover them
Common Schemes:
- Solicited to pay fees and taxes to receive lottery winnings
- Being approached by an individual for help with a federal investigation
- You are asked to have funds pass through your account
- A potential love interest uses you for financial gain
- Receiving a call from someone purporting to be a grandchild or close relative in danger
- Collecting money for fake charities, especially during or after natural disasters
- Receiving a call from anyone who is posing as a government official
- You are asked to pay via gift cards instead of standard methods of payment
- Receiving an email that appears to be sent from the IRS asking you to UPDATE or VERIFY your email or other personal information
Contact Adult Services Helpline at 1-844-697-3505, if you believe your elderly loved one has been subjected to financial or any other abuse.
Email Scams
Phishing attacks may take on a variety of different forms. In the classic “phishing” attack, a virtual trap is set by cyber thieves that use official-looking emails to lure you to fake websites and trick you into revealing your nonpublic information. Another form of "phishing" is when you receive an official-looking email and are requested to click on a link to download a file or report. Once you click the link, malicious software called “malware” is instantly installed on your PC. The malware is then able to detect and steal your authentication credentials which can be used to log in to your online banking account(s).

Here are some best practices for online security which are outlined below:
1. Do not open emails from which you do not recognize the sender.
2. Remember that Amalgamated Bank will never send you an email with a link asking you to update your nonpublic information.
3. Do not click on any hyperlinks within an email that ask you to confirm or resubmit financial transactions such as a bill payment, wire, or ACH.
4. Do not share your security credentials with others.
Contact us as soon as you can if you are receiving suspicious emails purportedly coming from Amalgamated Bank.

The Federal Deposit Insurance Corporation has released an online multimedia educational tool to assist you in protecting yourself from identity thieves. The presentation features valuable tips to safeguard your computer and personal information, and it provides guidelines on the action to be taken if your personal information has been compromised.
Fraud Awareness
Amalgamated Bank is committed to preventing fraud of all types. By reading the information on fraud contained on this website, by monitoring your accounts online, and by regularly reconciling your accounts, you can prevent and/or discover potential problems before they become too severe. If you discover any irregularities in your accounts, contact us immediately.
Fraud Links
Amalgamated Bank is taking every step possible and using the latest technologies in order to protect our customers, employees and assets. We have provided a list of law enforcement agencies for your convenience. Remember, "If you see something, say something."
Identity Theft
According to the FBI, Identity Theft is the fastest growing crime in the United States. Identify Theft occurs when someone uses your name, social security number, credit card number, or other personal information without your permission to commit fraud or other crimes. That's why it's important to protect your personal information. When your personal information is accidentally disclosed or deliberately stolen, taking certain steps quickly can minimize the potential for theft of your identity. If you believe your Amalgamated Bank information has been compromised, please immediately contact us by phone or e-mail or visit your local branch.

To learn more about how you can help protect yourself from identity theft and what to do if you should become a victim, check out the following sources:
1. The Federal Trade Commission - Fighting back against Identity Theft
2. The Federal Deposit Insurance Corporation - Don't Be an Online Victim: How to Guard Against Internet Thieves and Electronic Scams
3. Identity Theft Resource Center (ITRC) - The ITRC is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.
4. The US Department of Justice
5. Social Security Administration
Internet Banking Security
The Internet has made it easier for criminals to deceive individuals into revealing confidential information and clicking on links or attachments that will compromise the security of their computers which ultimately have an impact on Internet banking security. These criminals have continued to use increasingly sophisticated, effective, and malicious methods to fraudulently gain unauthorized access to consumers’ and businesses’ Internet banking accounts.

At Amalgamated Bank, we understand that security measures are a top priority and of utmost importance for Internet banking. We have implemented a significant level of security features to mitigate the risk of fraudulent Internet activity; however, we strongly encourage both our consumer and business customers using Internet banking and cash management services to be aware of current threats to the security of their Internet banking accounts, and to implement internal preventative and monitoring controls to reduce the risk of compromised access and account takeover.

Amalgamated Bank will NEVER request a customer’s personal information (debit card number, account number, social security number, personal identification number, or password) through email or by phone on an unsolicited basis. If you ever receive an unsolicited phone call or email claiming to be from Amalgamated Bank requesting your personal and confidential information, please DO NOT respond. Contact us immediately by calling 800-662-0860. As an additional monitoring control, you should review account statements and online account transaction history to ensure all transactions are correct and authorized.

Fraudsters will commonly use a type of Internet piracy called “phishing.” In a typical phishing case, you'll receive an email that appears to be from Amalgamated Bank. In some cases, the email may appear to come from a government agency or payment network, such as the FDIC or NACHA, respectively. The email will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The email will then encourage you to click on a button to go to our website. In a phishing scam, you could be redirected to a fictitious website that may look exactly like our site. In other situations, it may be our actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your log-in authentication credentials. In either case, you may be asked to update your account information or to provide information for verification purposes: your social security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of Identity Theft which can lead to malicious activity such as Internet banking account takeover.

We have implemented strong preventative and monitoring controls within our Internet banking, bill payment, and cash management systems; however, in order to enhance our customers’ internal security, we recommend our customers implement their own controls to mitigate risks. Examples of controls you may want to consider implementing to mitigate the risks of account takeover and fraudulent account activities are as follows:
1. Refrain from opening unsolicited emails and attachments.
2. Refrain from providing authentication credentials to callers claiming to be representing the financial institution, and from responding to emails requesting information or re-directing you to a website.
3. Daily account activity monitoring via Internet banking account transaction history review.
4. Review and monitor your account statements for unauthorized transactions.
5. Safekeeping and confidentiality of Internet banking authentication credentials.
6. Maintain up-to-date operating system security patches and have installed updated virus/spyware protection software. Anti-virus and anti-spyware software will help to keep your computer safe from malicious software that could install itself on your computer. Contact your hardware or software supplier for further information.
7. Install a firewall, either software or hardware. A firewall will prevent attacks on your computer through the Internet using established rules to determine if a requested connection is malicious or not.
8. Implement intrusion detection/prevention software or services.
9. Prior to disposing, shred all confidential information on hardcopy and on electronic media.
For our business/commercial customers, we also strongly recommend that you perform internal periodic risk assessment and controls evaluations related to the security of your Internet banking/cash management environment. Special attention should be directed to high-risk transactions which involve access to personal financial information or the movement of funds to other parties, such as ACH, wire transfers, and bill payment.

For Personal Banking Customers Only: Amalgamated Bank is required under Regulation E: Electronic Funds Transfers to provide certain protections to our individual customers relative to electronic funds transfers (EFT). As applicable to Internet access, this regulation covers transactions initiated through Amalgamated Bank’s Internet banking channels, to either order, instruct, or authorize the financial institution to debit or credit an account. Transactions may include but are not limited to debit card transactions, ACH payments, external transfers, and bill payments. For specific applicability and provisions, please refer to Amalgamated Bank’s Regulation E disclosure in our deposit terms and conditions booklet, which you received when you opened your account with us.

If you notice any suspicious or unauthorized account activity, experience a breach in security of personal information, your log-in credentials or computer security have been compromised, or for more information, please contact one of our support representatives at 800-662-0860.
Online Privacy Policy

Amalgamated Bank (the “Bank”, “we”, “our”, or “us”) understands the importance of privacy, and we respect and take responsibility for protecting personal and financial information. This Online Privacy Policy (“Policy”) describes the type of information we collect from visitors to our online banking and mobile websites and mobile applications (collectively, referred to as the “Site”).

Personal Information — Protecting your personal information is important to us. To protect your nonpublic personal and financial information (“Personal Information”), we have put in place physical, electronic, and procedural safeguards that meet applicable law. We want you to understand what Personal Information we collect and how we use it. Our Privacy Policy serves as a standard for all Bank employees for collection, use, retention, and security of Personal Information. Please review our Privacy Policy by clicking here.

Nonpersonal Information — When you visit our Site, we may collect nonpersonal information (“Nonpersonal Information”) such as the IP address of the device you are using to connect to the Internet, the browser and version being used, the type of operating system you have, which site you came from, pages and content viewed, time and duration of visits, and whether advertisements were clicked. This anonymous information helps us provide you with a more effective online experience. To capture this information we or our service providers may use cookies, pixel tags, or other similar technologies.

Mobile Banking Services – You may access some of our products and services through our mobile banking application. The mobile application requests access to information stored on your device such as location, camera, contacts, or other features you are enrolled in to enrich and simplify your own user experience and improve our services, as well as provide additional security to protect your account. It is important for you to understand that before granting access to this information, you will be prompted to give the application that permission. If you do not wish to grant that permission, you may decline. If you later change your mind, those permissions can be updated in your device’s settings.

To protect your Personal Information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. The application information is retained in accordance with state and federal record retention laws. Please contact us to determine specific timeframes for your personal stored information and if that information may be deleted. You can also access the bank’s full Privacy Policy by clicking here

“Cookies” — Cookies are pieces of information stored directly on the device you are using. We use cookies to enhance your experience with our Site by making navigation easier and providing important security features. Cookies we use do not contain or capture unencrypted Personal Information. Cookies allow us to collect information such as browser type, time spent on the Site, pages visited, language preferences, and your relationship with us. This site uses Google Analytics to track performance and visitor sessions, visitors across multiple sessions, and referral sources to our sites. At no time is personally identifiable information passed to Google Analytics. (To understand how Google collects and processes information gathered from this site visit www.google.com/policies/privacy/partners/). Note that Google Analytics stores its data within the United States of America and is subject to United States laws. We use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize/tailor your experience while engaging with us, and to recognize your device to allow your use of our online products and services. We collect statistical information about the usage of the Site in order to continually improve the design and functionality, to monitor responses to our advertisements and content, to understand how account holders and visitors use the Site and to assist us with resolving questions regarding the Site. We also utilize cookies for advertising purposes. You may change your acceptance of cookies through your browser settings. Please remember that if you choose to delete or block cookies, you will likely affect how the Site works, and you may no longer be able to access all or parts of the Site.

You may change your acceptance of cookies through your browser settings. Please remember that if you choose to delete or block cookies, you will likely affect how the Site works, and you may no longer be able to access all or parts of the Site. You also may not receive tailored advertising or other offers from us that may be relevant to your interests and needs.

Online Marketing — We advertise our products and services within our Site as well as on other websites not affiliated with us. We may engage third-party ad service providers and media companies to conduct these activities on our behalf. In an effort to deliver relevant digital advertising to you, we may use cookies and related technology to track digital advertising performance of our ads on our Site and other websites. Our ad service providers may also use behavioral information such as how you browse websites to determine which of our ads may be of interest to you.

Please note that we do not control third-party websites where our ads may be placed, and those third parties are not subject to our privacy notices. You should review such third-party websites for information on their privacy practices.

We do not respond to “do not track” signals transmitted by web browsers or similar mechanisms. However, you may opt out of receiving online behavioral ads by clicking on the Advertising Options Icon associated with the ad and follow the instructions, or visit Aboutads. The Advertising Options Icon is a part of the cross-industry Self-Regulatory Program for Online Behavioral Advertising, which is managed by the Digital Advertising Alliance. You may also opt out of receiving behavioral ads through the Network Advertising Initiative (NAI) opt-out tool, or other tools provided by the NAI by visiting Network Advertising Initiative. These opt-outs work via cookies, so if you delete or block cookies, use a different device, or change web browsers, you will need to opt out again. Please note that even if you opt out of online behavioral advertising as referenced above, you may still receive generic online advertisements for our products or services through our Site or other websites.

Children’s Online Privacy Protection Act (COPPA) — Our Site is not intended for children under the age of 13, and should not be used by them. Please do not access or use our Site if you are under 13 years of age. For more information about COPPA, visit the Federal Trade Commission.

Protecting Your Information — While the Bank takes important steps to protect your information, there are important steps you can take to protect yourself. Always protect your password(s) and other confidential information from disclosure to others. Be sure the computer or mobile devices you use to access our Site has up-to-date security software. Use programs that scan for viruses and other malicious software that could steal your password(s) or other confidential information. Change your passwords regularly and create passwords that are difficult to guess or reach by trial and error. For more information on data security and protecting your data, please visit our Information Security Center on our website.

Social Media — To promote awareness and collaboration among our customers and community members, the Bank uses social media platforms such as Facebook^®, Twitter^®, Instagram^®, and LinkedIn^®. Any information that you post and make available on those social media platforms (including any personal information, pictures, or comments) is subject to the Terms of Use and Privacy Policies of those platforms. Please review the terms of those sites in order to understand your rights and obligations with respect to information you post to those sites.

Acceptance of the Policy — By using the Site, you confirm that you have read, understand, and agree to this Policy. If you do not agree to this Policy, please do not use our Site. Your continued use of the Site following the posting of any changes to this Policy will be deemed your acceptance of those changes.

Notice of Change — We may add to, delete from, or otherwise amend and update this Online Privacy Policy from time to time. The effective date of this Policy, as indicated below, shows the last time the Policy was revised.

Questions? — Please contact us at 800-662-0860 or email at ab-online@amalgamatedbank.com regarding questions about this Online Privacy Policy. You can also access the bank’s full Privacy Policy by clicking here.

Effective Date — March 1, 2022.
Safeguarding Your Online Transactions
Federal financial regulators are now reporting that there has been an increase in Internet threats in recent years, and that Internet-based attacks on personal information and data networks are increasingly sophisticated. Advanced hacking techniques and the increase in cyber-criminal groups are putting additional strain on financial institutions, compromising security controls, and engaging in online account takeovers and fraudulent electronic funds transfers. Amalgamated Bank is committed to increasing vigilance and safeguarding your personal information, and we would like you to know:
1. We will never ask you to confirm your username, password, or other electronic banking credentials over the phone, by email, or otherwise.
2. Make sure you use an adequately safe username and password—these should mix upper and lower case letters, numbers, and symbols to make the password difficult to guess.
3. Periodically change your password. You should change it every 90 days at minimum.
4. Safeguard your username and password information—don’t leave it on a sticky note on your computer monitor or in your wallet.
5. Make sure your anti-virus software is up to date. If it’s not up to date, renew your subscription.
6. Make sure you have a firewall in place when conducting your financial transactions.
7. Log off the system when you’ve finished using online banking or making your financial transactions. Don’t just close the page or “X” out of the system.
8. Monitor your account activity on a regular basis.
In addition, we sometimes require owners of commercial accounts to perform their own risk assessment and control evaluations.

For example:

Make a detailed listing of the risks related to online transactions that your business faces, such as:
1. Passwords and log-in credentials being left out in the open.
2. Use of passwords that do not meet basic security criteria (birthdays, first names, etc.).
3. Considerations for internal theft and fraud.
4. The lack of a proper control method for financial transactions. For example, checks and balances to an individual’s access into the system, or rerouting for approval once a transaction has been performed.
5. An evaluation of the controls your business has in place could include:
6. Using password-protected software to house passwords.
7. Conducting employee background checks.
8. Initiating a policy and process to terminate access for former employees immediately.
9. Spreading duties among two or more people so no one person has too much access or control over the system.
10. Using firewalls to protect from outside intrusion, pirates, or hackers.
Federal regulations provide you with some protection in the case of electronic funds transfers. These regulations apply to accounts with Internet access, limiting a consumer’s liability for unauthorized electronic funds transfers. They also outline the steps you’ll need to take to resolve an error with your account. The general rule here is that to take advantage of these protections, you need to act as quickly as possible to notify us if you suspect unauthorized activity on your account. Make sure you notify us immediately if you think your information has been stolen or lost, and remember to review your account periodically for any evidence of errors or unauthorized activity. Please see the Electronic Funds Transfer disclosures that were provided when you opened your account, or contact your nearest branch for a copy of them. Remember, if you become aware of suspicious account activity, you should immediately contact the authorities and notify us at 800-662-0860 RIGHT AWAY.
Tech Support Scam
The tech support scammer pretends to be an employee of a well-known company and encourages you to provide them with access to your device by:
- Offering technical help (i.e. virus removal, unlocking an account)
- Promising a refund
- Requesting an unpaid fee or declaring that you have an outstanding balance
- Claiming to assist with recovering lost funds
Some warning signs include being asked to:
- Download certain software on your computer or mobile device
- Sign into your online banking account, conduct wire transfers or buy gift cards
Just some of the ways you can protect yourself include:
- Not calling numbers listed on pop-ups
- Not giving out personal information
Most importantly, if someone is claiming to be an Amalgamated Bank employee, please contact our customer service team at (800) 662-0860 to verify that individual.

Stay updated