Online Security Frequently Asked Questions

General Questions

1. As a customer, how do I know Capital One is protecting my personal and business information and keeping it secure?

   The security of our customers’ information is of the highest priority to us. Capital One employs an extensive security program supported by board approved security policy and standards. We strive to go beyond industry standards and best practices. What's more, we have processes in place to constantly review and improve controls to stay ahead of new and upcoming threats and security concerns. Learn more about our commitment to security.

2. How can I protect my personal information and keep it secure?

   As a consumer, you can take a number of steps to protect your information. Here are a few tips:

   • Be extremely cautious in sharing your personal information with others.
   • Don’t share your user name, password or security questions with anyone and beware of suspicious e-mails or unsolicited phone calls asking for this information. For more information, review Online Banking FAQ.
   • Don’t put sensitive information such as credit card numbers, debit card numbers, Social Security numbers etc. in e-mails. E-mails are not secure.
   • Shred documents with any personally identifiable information, including pre-approved offer letters, ATM receipts, etc. Learn more about fraud prevention.

3. Is the Capital One Web site where I pay my bills and view my statements secure?

   Capital One employs security devices and techniques such as firewalls, intrusion detection systems, and Secure Socket Layers to protect our online systems. Our Web site helps to protect your data by limiting access to you and encrypting sensitive information. Learn more about our commitment to security.

4. How do I choose a password that is hard to guess?

   • Do not use any easily obtained information in your password, such as your name, e-mail address, spouse's name, child or pet's name, or your birthday. 
   • Do not use the same password you use to access your e-mail or other sites.
   • Choose a password that is 8 to 15 characters long and has at least one number and one letter with no spaces.  Try to mix upper and lower case letters.
   • Do not use single words that can be found in the dictionary.  Try using a phrase that means a lot to you, then shortening it into something easy to remember, but hard for a fraudster to guess, adding in numbers and upper and lower case.  So for example "Green eggs and ham" might become "Grn3ggnHm."

    

5. What is e-mail fraud or phishing? 

   E-mail fraud, or “phishing,” is an Internet scam in the form of an e-mail. The e-mail links to sites that look like well-known legitimate businesses and ask you to provide or confirm personal, financial, or password information. Learn more about fraudulent e-mails.

6. How do I contact Capital One about fraudulent (phishing) e-mails or identity theft?

   If you get an e-mail that claims to be from us but you aren’t sure, or you think it’s suspicious, don’t click any of the links. Just send it to us at abuse@capitalone.com then delete it. Learn more about reporting fraudulent e-mails.
   
   If you believe that an unauthorized person has accessed your account, let us know as soon as possible by calling 1-800-951-6951 for credit card customers; or 1-800-655-BANK (2265) for Retail Bank customers
   

7. How do I remain safe when using my Capital One card at ATMs?

   Use common sense and follow these basic precautions:

   • Observe the area before approaching. 
   • Have all forms (such as deposit envelope) completed in advance.
   • Try to bring someone with you or carry a mobile phone.
   • If the lighting is not adequate or someone is loitering, use another ATM.
   • If someone or something makes you feel uncomfortable, leave the area.
   • If someone appears to be following you, drive to the nearest well-lit, populated area or police station.
   • If someone does approach you and demands your money, do not resist, try to remember everything you can about the person and call the police immediately.
     

   Learn more about ATM safety 

8. Why did my browser bar turn green?

   You are visiting a site secured with Extended Validation (EV) SSL, the highest standard for Web site authentication and encryption. EV SSL signifies that Capital One has passed a rigorous identity authentication process. In high-security browsers like Internet Explorer 7 or later and Firefox 3.x, an EV SSL Certificate triggers the browser address bar to:

   • Turn green.
   • Display https://
   • Show the name of the organization that owns this Web site.
   • Show the certificate authority that verified Capital One's identity using a rigorous authentication process.

9. Why are you asking me to choose and answer new security questions?

   Your security and information privacy are top priorities at Capital One, and to better protect you, we’ll ask you to update your questions sometimes. Answering these new security questions will help us ensure that only you can log in and access your account and personal information. Just be sure to make your answers memorable for yourself and difficult for others to guess.

10. What are the security questions used for?

    The questions are an added layer of protection and may be presented to you when you log in or during your online sessions. If your security questions are presented, you need to answer them to access your account.

11. What if I don’t choose and answer the security questions?

    When you’re asked to establish new security questions, you won’t be able to access your online account(s) until you select and answer new questions.

12. Can I set up my security questions through mobile banking?

    No, you’ll need to log in from a regular desktop or laptop computer.

13. Can I change my questions and answers later?

    Yes. All you have to do is log in to your account and choose the “Update Security Questions” link from the Self Service page.

14. What are the risks of providing your Capital One online access credentials to third party service providers?

    Sharing your Capital One access credentials under these circumstances may represent a breach by you of applicable [agreement or terms and conditions].  One of the reasons that Capital One prohibits this type of sharing is that we may not have any information regarding the use of or security environment around this sensitive information at any third party.  If you choose to share account access information with a third-party, Capital One is not liable for any resulting damages or losses.  Capital One reserves the right to block online third-party financial service providers to protect the safety and security of our customers or otherwise.

15. Are there risks to using the “Remember Me” feature?

    Selecting the “Remember Me” feature on a computer or mobile device may put your personal information at risk. Saving your user name or password on a computer that is shared with others is never recommended. Public libraries, computer labs, and shared work stations are all examples of places where shared computers may be present. User name and password are vital components to the security of online banking accounts. By providing or storing one of these components on a shared computer, you may make it easier for unauthorized persons to access your accounts.

    Choosing to save a user name or password to a private computer is less risky, but may still present a risk. Caution is recommended when choosing to save any user login credentials.

16. What is a denial of service (DDoS) attack?

    A Distributed Denial of Service (DDoS) attack is a malicious disruption caused by organized groups who send an extremely high volume of requests to a targeted website in an attempt to disrupt services or availability. The flood of traffic originates from multiple locations and can completely halt our sites from servicing our customers.

    During a DDoS attack, customers may experience slower connectivity or be unable to log in to the online banking site.  Capital One takes potential threats to our service platforms, network infrastructure and cybersecurity very seriously and continually works to enhance defenses against such attacks.

17. What does Capital One do to prepare for a DDoS attack?

    Capital One is dedicated to the protection of its customers and ensuring that access to online account servicing sites are returned to normal as soon as possible. Capital One employs specialized teams who work with Internet Service Providers (ISPs), federal regulators, law enforcement, and other financial institutions to plan for and respond to denial of service attacks.

18. What can customers do in the event of an attack?

    If you are unable to log in to your Capital One online servicing site, customer service is available via the Capital One phone number associated with your account or at your local bank branch or ATM.