BankFinancial is committed to protecting your personal financial information from fraud and providing you with complete online security and privacy. We comply with all laws relating to the privacy and security of customer personal and financial information and we maintain electronic security safeguards that comply with federal regulations and security standards.

Email Phishing  back to top
Phishing is an Internet and email scam designed to elicit personal and confidential information for fraudulent purposes. Such email messages often are mass-mailed or "spammed" to thousands of potential victims. This is typically how it works:
  1. You receive an email from what appears to be a legitimate organization such as a bank, credit card company or a retail merchant with whom you may already have established a business relationship.
  2. The email often times includes a warning regarding a so-called "problem" related to your account and asks you to validate or update your personal or financial information in order to maintain your account.
  3. The information requested includes account numbers, passwords, PINs, Social Security numbers or other personal identifying information.
  4. The email is formatted to include the company's logos and branding and directs you to a link to a "spoofed" website disguised to appear like the company's site.
  5. Once you provide your personal or financial information at the site or by responding to the email, the perpetrators quickly use the information in a variety of identity theft crimes, including accessing your financial accounts or creating credit card accounts in your name.
For more information on phishing and other identity theft scams, visit the Federal Trade Commission (FTC) website.

Fraudulent Text Messages and Voice Mails - Smishing & Vishing  back to top
Similar to email phishing, "smishing" targets your mobile phone through text messages and "vishing" targets voice mail systems. If you receive a text message or voice mail asking you for information about yourself, your account, or your card information, contact BankFinancial immediately at 1.800.894.6900. Do not respond to the text message or voice mail, do not call a number they have provided you, and do not share any information with them.

For more information on smishing and vishing, visit the Federal Bureau of Investigation's website.

Other Phone-Related Scams
Smartphones are now a main target for scammers trying to install malware to steal your information.

Texts. Beware of texts from unknown numbers that include a link to a website or app.  Cybercriminals will try to trick people into downloading viruses, Ransomware and other malware onto their smartphones and tablets- not just computers and laptops. Remember- do not click on any links embedded in text messages from unknown numbers.

QR Codes and Apps. Beware of fake apps and QR codes. Scammers will place QR codes in inconspicuous spots and links to free apps to steal your information. They may even steal existing apps and then make money from in-app purchases.  
ID Theft. If you think you gave out your information, or that someone already has your identifiable information- like your social security number or your bank account information- call your bank or financial institution as soon as possible and report it to the FTC Identity Theft site to protect yourself from further harm. 

Online Security, Everyday, Everywhere  back to top
Your online security has always been a top priority. That's why Enhanced Login Security is so important. This security service is free, easy, and most importantly, gives you extra protection from fraud and identity theft. Enhanced Login Security identifies you as the true "owner" of your accounts. Not only will your password be recognized, your computer will be recognized as well. If we don't recognize your computer - you've logged in from a public computer or one you haven't used before - you will be prompted to answer challenge questions as an additional line of defense against unauthorized access to your accounts. Enhanced Login is just one more way to prevent fraud, protect against identity theft, and strengthen your online security as a whole. 

Reporting your BankFinancial ATM or Debit Card Lost or Stolen  back to top
  • Online
    • Log into Online Banking and click on "Cancel Cards Request"
    • Select the card you would like to cancel and follow the prompts
    • Select why you want to cancel your card. You may select the box to order a new card.
  • Call the Customer Service Center
    • During regular business hours (Monday - Friday, 8am - 8pm and Saturday, 8am - 3pm CST), call 1.800.894.6900 or 1.847.279.900 if calling from outside the U.S. 
  • By phone, when the Customer Service Center is closed
    • Lost or Stolen ATM/Debit Card:
      Hours: 24/7
    • International Lost or Stolen ATM/Debit Card:
    • You will then need to call the Customer Service Center at 1.800.894.6900 during normal business hours (Monday - Friday, 8am - 8pm and Saturday, 8am - 3pm CST) and speak to a representative to order a new card.
Customer Identification Program  back to top
In accordance with the U.S. Patriot Act, all financial institutions are required by law to obtain the following information for each individual or entity opening any new account:
  • Legal Name
  • Address of Permanent Residence or Principal Place of Business
  • Social Security Number or Taxpayer Identification Number
  • Date of Birth (for individuals)
We may also ask to see your driver's license or other identification documents. Thank you for your cooperation in providing this required information.

Protect Your Confidential Information  back to top
BankFinancial does not solicit confidential or sensitive Customer information - including your account number, Social Security number, Personal Identification Number (PIN) or password - via email. Beware if someone emails you claiming to represent BankFinancial and asking for your account number or personal identification information. BankFinancial associates will not ask for such information via email. Use of Social Security information has become an increasingly transparent security device. Your Social Security number should not be used as your user identification or password. Unauthorized individuals can use your Social Security number to access other information to which they are not entitled. BankFinancial continues to take steps to protect against this and other security threats. As you experience these increased security measures, we ask for your patience. Please understand that they are for your own protection.

PIN Reversals - Misinformation Could Lead to Personal Safety Issues  back to top
The Internet can often quickly spread "urban myth" stories, but few stories gain such rapid appeal with so many potentially negative impacts on cardholder safety and confidence as the misleading stories circulating the Internet regarding PIN reversal to signal duress. PIN reversal technology is a concept based upon the possibility that a cardholder could reverse his or her PIN at an ATM to draw attention to a dangerous situation like a kidnapping or a robbery. Critics say that it is unlikely that anyone under duress could successfully employ this technique without compromising personal safety. Financial institutions within the United States have not deployed this technique despite several well-circulated email chain letters that have misstated this. PIN reversal is not a valid security option at an ATM.

Protect Yourself from Cyber Attacks  back to top
Recently, there have been a number of cyber attacks targeted at financial institutions. These attacks are designed to exploit potential vulnerabilities in financial institution servers and Customer web browsers in an effort to gain login identification and password information. BankFinancial strongly urges you to take the following precautions to protect yourself from cyber attacks and keep your personal financial information private and secure.
  1. Never use information that is easily accessible - such as your Social Security number, birthday or home address - as your Personal Identification Number (PIN) or password.
  2. Keep the PIN you use to log into Online Banking a secret, and never allow anyone else to use it.
  3. Never leave your computer without exiting from Online Banking. In the Online Banking module, under User Options you will find a selection to change your timeout setting. This feature will automatically close your Online Banking session after a specific period of inactivity. You are in control of the length of time between your last command and when the session will close. If the session ends before you are done, all you have to do is log back in.
  4. Use extreme caution when opening email attachments from any site and following URLs. If you have not received email from a site before, even a trusted one, be very careful opening attachments or following other links.
  5. Do not provide any personal financial information via email, and never respond to unsolicited emails asking for personal and financial information. Be cautious with the type of information you send via email. Do not include personal information such as your Social Security number or provide financial information such as account numbers, account balances, or charge card numbers.
  6. Periodically check your credit report for unauthorized activity. Three major credit report agencies are Equifax, Experian and TransUnion. You can obtain a free credit report online.
  7. Use the latest available version of your browser, for example, Microsoft Edge, Google Chrome, Firefox and Apple Safari. Be sure to keep up to date on the latest security patches.
  8. Apply vendor-supplied software patches in a timely manner. Regularly visit the Microsoft web site for the most current patches to the operating system.
  9. Install anti-virus software and keep it up to date. Install anti-virus software and configure your computer to run it on a regular basis. Regularly visit the anti-virus software vendor's site for the most current updates and apply them.
  10. Disable features/services that are not explicitly required. "Active content," delivered by items such as JavaScript or Java and Active X controls, can provide increased functionality and embellishments on web pages, but also are ways for attackers to download or execute malicious code on a user's computer. You can prevent "active content" from running on most browsers. However, realize that added security may limit functionality and break features of some sites you visit. Before clicking on an unfamiliar site or a site you do not trust, take the precaution of disabling "active content." If you suspect fraudulent activity related to your BankFinancial accounts, contact us immediately at 1.800.894.6900.

Electronic Security Safeguards  back to top
BankFinancial uses various methods to ensure our Online Banking is secure:
  1. Secure Socket Layer (SSL) - SSL is an encryption tool. Whenever you see a little picture of a lock on your browser, it means that you are communicating in a secure mode with us. Any personal information you send us is encoded so that it cannot be intercepted. Likewise, information we send back to you when the lock is visible will be encrypted so your confidential information stays confidential.
  2. Site Certificate - We have registered with Verisign and received a Site Certificate. This certificate will check to ensure that all content you receive from our site originated from our site. This prevents others from sending back information to you, acting as if they were BankFinancial.