Security Center

Hands holding credit card and laptop
Security Center
Your safety and security is our top priority
Security Center

At Amalgamated, the safety and security of your account(s) is our top priority. Browse the topics below to learn more about how we protect your personal information and finances, and what you can do to further protect yourself and your account(s).


  • Identity Theft

    According to the FBI, Identity Theft is the fastest growing crime in the United States. Identify Theft occurs when someone uses your name, social security number, credit card number, or other personal information without your permission to commit fraud or other crimes. That's why it's important to protect your personal information. When your personal information is accidentally disclosed or deliberately stolen, taking certain steps quickly can minimize the potential for theft of your identity. If you believe your Amalgamated Bank information has been compromised, please immediately contact us by phone or e-mail or visit your local branch.

    To learn more about how you can help protect yourself from identity theft and what to do if you should become a victim, check out the following sources:

    1. The Federal Trade Commission - Fighting back against Identity Theft
    2. The Federal Deposit Insurance Corporation - Don't Be an Online Victim: How to Guard Against Internet Thieves and Electronic Scams
    3. Identity Theft Resource Center (ITRC) - The ITRC is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.
    4. The US Department of Justice
    5. Social Security Administration
  • Internet Banking Security

    The Internet has made it easier for criminals to deceive individuals into revealing confidential information and clicking on links or attachments that will compromise the security of their computers which ultimately have an impact on Internet banking security. These criminals have continued to use increasingly sophisticated, effective, and malicious methods to fraudulently gain unauthorized access to consumers’ and businesses’ Internet banking accounts.

    At Amalgamated Bank, we understand that security measures are a top priority and of utmost importance for Internet banking. We have implemented a significant level of security features to mitigate the risk of fraudulent Internet activity; however, we strongly encourage both our consumer and business customers using Internet banking and cash management services to be aware of current threats to the security of their Internet banking accounts, and to implement internal preventative and monitoring controls to reduce the risk of compromised access and account takeover.

    Amalgamated Bank will NEVER request a customer’s personal information (debit card number, account number, social security number, personal identification number, or password) through email or by phone on an unsolicited basis. If you ever receive an unsolicited phone call or email claiming to be from Amalgamated Bank requesting your personal and confidential information, please DO NOT respond. Contact us immediately by calling 800-662-0860. As an additional monitoring control, you should review account statements and online account transaction history to ensure all transactions are correct and authorized.

    Fraudsters will commonly use a type of Internet piracy called “phishing.” In a typical phishing case, you'll receive an email that appears to be from Amalgamated Bank. In some cases, the email may appear to come from a government agency or payment network, such as the FDIC or NACHA, respectively. The email will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The email will then encourage you to click on a button to go to our website. In a phishing scam, you could be redirected to a fictitious website that may look exactly like our site. In other situations, it may be our actual website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your log-in authentication credentials. In either case, you may be asked to update your account information or to provide information for verification purposes: your social security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother's maiden name or your place of birth. If you provide the requested information, you may find yourself the victim of Identity Theft which can lead to malicious activity such as Internet banking account takeover.

    We have implemented strong preventative and monitoring controls within our Internet banking, bill payment, and cash management systems; however, in order to enhance our customers’ internal security, we recommend our customers implement their own controls to mitigate risks. Examples of controls you may want to consider implementing to mitigate the risks of account takeover and fraudulent account activities are as follows:

    1. Refrain from opening unsolicited emails and attachments.
    2. Refrain from providing authentication credentials to callers claiming to be representing the financial institution, and from responding to emails requesting information or re-directing you to a website.
    3. Daily account activity monitoring via Internet banking account transaction history review.
    4. Review and monitor your account statements for unauthorized transactions.
    5. Safekeeping and confidentiality of Internet banking authentication credentials.
    6. Maintain up-to-date operating system security patches and have installed updated virus/spyware protection software. Anti-virus and anti-spyware software will help to keep your computer safe from malicious software that could install itself on your computer. Contact your hardware or software supplier for further information.
    7. Install a firewall, either software or hardware. A firewall will prevent attacks on your computer through the Internet using established rules to determine if a requested connection is malicious or not.
    8. Implement intrusion detection/prevention software or services.
    9. Prior to disposing, shred all confidential information on hardcopy and on electronic media.

    For our business/commercial customers, we also strongly recommend that you perform internal periodic risk assessment and controls evaluations related to the security of your Internet banking/cash management environment. Special attention should be directed to high-risk transactions which involve access to personal financial information or the movement of funds to other parties, such as ACH, wire transfers, and bill payment.

    For Personal Banking Customers Only: Amalgamated Bank is required under Regulation E: Electronic Funds Transfers to provide certain protections to our individual customers relative to electronic funds transfers (EFT). As applicable to Internet access, this regulation covers transactions initiated through Amalgamated Bank’s Internet banking channels, to either order, instruct, or authorize the financial institution to debit or credit an account. Transactions may include but are not limited to debit card transactions, ACH payments, external transfers, and bill payments. For specific applicability and provisions, please refer to Amalgamated Bank’s Regulation E disclosure in our deposit terms and conditions booklet, which you received when you opened your account with us.

    If you notice any suspicious or unauthorized account activity, experience a breach in security of personal information, your log-in credentials or computer security have been compromised, or for more information, please contact one of our support representatives at 800-662-0860.

  • Online Privacy Statement

    Amalgamated Bank (the “Bank”, “we”, “our”, or “us”) understands the importance of privacy, and we respect and take responsibility for protecting personal and financial information. This Online Privacy Statement (“Statement”) describes the type of information we collect from visitors to our online banking and mobile websites and mobile applications (collectively, referred to as the “Site”).

    Personal Information  Protecting your personal information is important to us. To protect your nonpublic personal and financial information (“Personal Information”), we have put in place physical, electronic, and procedural safeguards that meet applicable law. We want you to understand what Personal Information we collect and how we use it. Our Privacy Policy serves as a standard for all Bank employees for collection, use, retention, and security of Personal Information. Please review our Privacy Policy by clicking here.

    Nonpersonal Information — When you visit our Site, we may collect nonpersonal information (“Nonpersonal Information”) such as the IP address of the device you are using to connect to the Internet, the browser and version being used, the type of operating system you have, which site you came from, pages and content viewed, time and duration of visits, and whether advertisements were clicked. This anonymous information helps us provide you with a more effective online experience. To capture this information we or our service providers may use cookies, pixel tags, or other similar technologies.

    “Cookies”  Cookies are pieces of information stored directly on the device you are using. We use cookies to enhance your experience with our Site by making navigation easier and providing important security features.

    You may change your acceptance of cookies through your browser settings. Please remember that if you choose to delete or block cookies, you will likely affect how the Site works, and you may no longer be able to access all or parts of the Site.

    Online Marketing  We advertise our products and services within our Site as well as on other websites not affiliated with us. We may engage third-party ad service providers and media companies to conduct these activities on our behalf. In an effort to deliver relevant digital advertising to you, we may use cookies and related technology to track digital advertising performance of our ads on our Site and other websites. Our ad service providers may also use behavioral information such as how you browse websites to determine which of our ads may be of interest to you.

    Please note that we do not control third-party websites where our ads may be placed, and those third parties are not subject to our privacy notices. You should review such third-party websites for information on their privacy practices.

    We do not respond to “do not track” signals transmitted by web browsers or similar mechanisms. However, you may opt out of receiving online behavioral ads by clicking on the Advertising Options Icon associated with the ad and follow the instructions, or visit Aboutads. The Advertising Options Icon is a part of the cross-industry Self-Regulatory Program for Online Behavioral Advertising, which is managed by the Digital Advertising Alliance. You may also opt out of receiving behavioral ads through the Network Advertising Initiative (NAI) opt-out tool, or other tools provided by the NAI by visiting Network Advertising Initiative. These opt-outs work via cookies, so if you delete or block cookies, use a different device, or change web browsers, you will need to opt out again. Please note that even if you opt out of online behavioral advertising as referenced above, you may still receive generic online advertisements for our products or services through our Site or other websites.

    Children’s Online Privacy Protection Act (COPPA)  Our Site is not intended for children under the age of 13, and should not be used by them. Please do not access or use our Site if you are under 13 years of age. For more information about COPPA, visit the Federal Trade Commission.

    Protecting your information  While the Bank takes important steps to protect your information, there are important steps you can take to protect yourself. Always protect your password(s) and other confidential information from disclosure to others. Be sure the computer or mobile devices you use to access our Site has up-to-date security software. Use programs that scan for viruses and other malicious software that could steal your password(s) or other confidential information. Change your passwords regularly and create passwords that are difficult to guess or reach by trial and error. For more information on data security and protecting your data, please visit our Information Security Center on our website.

    Social Media  To promote awareness and collaboration among our customers and community members, the Bank uses social media platforms such as Facebook® and Twitter®. Any information that you post and make available on those social media platforms (including any personal information, pictures, or comments) is subject to the Terms of Use and Privacy Policies of those platforms. Please review the terms of those sites in order to understand your rights and obligations with respect to information you post to those sites.

    Acceptance of the Statement  By using the Site, you confirm that you have read, understand, and agree to this Statement. If you do not agree to this Statement, please do not use our Site. Your continued use of the Site following the posting of any changes to this Statement will be deemed your acceptance of those changes.

    Notice of Change  We may add to, delete from, or otherwise amend and update this Online Privacy Statement from time to time. The effective date of this statement, as indicated below, shows the last time the statement was revised.


    Effective Date  April 15, 2014.

  • Safeguarding Your Online Transactions

    Federal financial regulators are now reporting that there has been an increase in Internet threats in recent years, and that Internet-based attacks on personal information and data networks are increasingly sophisticated. Advanced hacking techniques and the increase in cyber-criminal groups are putting additional strain on financial institutions, compromising security controls, and engaging in online account takeovers and fraudulent electronic funds transfers. Amalgamated Bank is committed to increasing vigilance and safeguarding your personal information, and we would like you to know:

    1. We will never ask you to confirm your username, password, or other electronic banking credentials over the phone, by email, or otherwise.
    2. Make sure you use an adequately safe username and password—these should mix upper and lower case letters, numbers, and symbols to make the password difficult to guess.
    3. Periodically change your password. You should change it every 90 days at minimum.
    4. Safeguard your username and password information—don’t leave it on a sticky note on your computer monitor or in your wallet.
    5. Make sure your anti-virus software is up to date. If it’s not up to date, renew your subscription.
    6. Make sure you have a firewall in place when conducting your financial transactions.
    7. Log off the system when you’ve finished using online banking or making your financial transactions. Don’t just close the page or “X” out of the system.
    8. Monitor your account activity on a regular basis.

    In addition, we sometimes require owners of commercial accounts to perform their own risk assessment and control evaluations.

    For example:

    Make a detailed listing of the risks related to online transactions that your business faces, such as:

    1. Passwords and log-in credentials being left out in the open.
    2. Use of passwords that do not meet basic security criteria (birthdays, first names, etc.).
    3. Considerations for internal theft and fraud.
    4. The lack of a proper control method for financial transactions. For example, checks and balances to an individual’s access into the system, or rerouting for approval once a transaction has been performed.
    5. An evaluation of the controls your business has in place could include:
    6. Using password-protected software to house passwords.
    7. Conducting employee background checks.
    8. Initiating a policy and process to terminate access for former employees immediately.
    9. Spreading duties among two or more people so no one person has too much access or control over the system.
    10. Using firewalls to protect from outside intrusion, pirates, or hackers.

    Federal regulations provide you with some protection in the case of electronic funds transfers. These regulations apply to accounts with Internet access, limiting a consumer’s liability for unauthorized electronic funds transfers. They also outline the steps you’ll need to take to resolve an error with your account. The general rule here is that to take advantage of these protections, you need to act as quickly as possible to notify us if you suspect unauthorized activity on your account. Make sure you notify us immediately if you think your information has been stolen or lost, and remember to review your account periodically for any evidence of errors or unauthorized activity. Please see the Electronic Funds Transfer disclosures that were provided when you opened your account, or contact your nearest branch for a copy of them. Remember, if you become aware of suspicious account activity, you should immediately contact the authorities and notify us at 800-662-0860 RIGHT AWAY.