Privacy & Security

Every year, thousands of people are the victims of identity theft and fraud. You could be targeted in a number of different ways, including over the telephone, through the Internet, and even by criminals digging through your trash. HarborOne is committed to protecting you and your information, as well as providing you with information to help you protect yourself.

Under no circumstances will HarborOne EVER ask our members for account number/ Debit or ATM Card number or other sensitive personal information by email, telephone or any electronic method. As your financial institution we should have this information and do not need to obtain it unsolicited. Likewise, you should never send personal information such as account or social security numbers in emails you send if you do not know the recipient.

If you receive a message that looks like it came from HarborOne and requests personal information, do not respond to the message. If it is an email please forward the e-mail to along with your name and phone number, and keep the e-mail since we may have questions about it. If you receive a voice mail or a text message asking you to confirm your account, card or PIN number into an automated service DO NOT ENTER YOUR INFORMATION. Contact HarborOne Customer Service at 800-244-7592 and report the suspicious activity. As a Member, your personal information is secure with us and we want to help you keep your personal information secure from anyone else attempting to use fraudulent methods to obtain it.

View our Fraud & ID Theft Scams page to get more information regarding security and potential risks.

HarborOne Privacy Policy Notice

Phishing Threats

Phishing” is the act of sending an e-mail, voicemail or a Text message to as many people as possible requesting that they give personal information (SSN, account numbers, bank numbers, etc.). The message is designed to look like it has come from or is supported by a bank or credit union. At some point, the message may even look like it was sent out by HarborOne.

Beware of Phone Scams

Individuals fraudulently claiming to represent local financial institutions will sometimes call people and ask for confidential information about their accounts. Please be assured that HarborOne will not contact you and ask you to provide us with personal, financial information over the phone, unless you personally initiate the conversation. We urge you to please carefully guard and protect your personal financial data.

Beware of Fraud E-mail and Text Messages

Many Phishing attempts are also involved in electronic communication. Many people have received an e-mail, voicemail or even a Text message to their cell phone requesting that they call, text “the Bank” with personal information (SSN, account numbers, bank numbers, etc.). The message is designed to look like it was sent from the Credit Union (or Their Financial Institution) At some point, the message may even say they are sent out by HarborOne.

HarborOne does not send E-mails, Voicemails or Text messages requesting personal information under any circumstances. If you receive a message that looks like it came from us and requests personal information, do not respond to the e-mail. Please forward the e-mail to along with your name and phone number, and keep the e-mail since we may have questions about it. As a Member, your personal information is secure with us and we want to help you keep your personal information secure from anyone else attempting to use fraudulent methods to obtain it.

Beware Online(Internet) Phishing Threats

We have discovered “phishing” activity in which users are presented a web page that requests certain personal data such as account number, social security number, ATM card, PIN and credit card information. This web page may be titled “Security Confirmation” and appears to come from within the online banking and bill pay service, but it is actually a fraudulent page caused by malicious code that has infected your personal computers.
•Most anti-virus software providers have recently issued updated software which eliminates the malicious code. It is important that you update and run anti-virus protection software immediately to protect yourself.

As a reminder, we want to protect your identity and will NEVER ask you for your personal information online. If you ever receive a call, e-mail or unusual web page where this information is requested, DO NOT give this information out. As your credit union, it is our responsibility to protect your financial assets and safeguard the confidentiality of your personal information.

We have been advised that there are some fraudulent websites on the internet that appear similar in format to that of a financial institution.
These phony websites may ask or E-mail you for confidential information such as social security number, date of birth, credit, ATM or debit card number and related personal identification number (PIN). The intent of these websites is to obtain information illegally to access customers’ accounts and personal identities.

How Not to Get Hooked by a ‘Phishing’ Scam.

Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: They go “phishing.”
Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with, for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:
•If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address. In any case, don’t cut and paste the link in the message.
•Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
•Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
•Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
•Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
•Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to If you believe you’ve been scammed, file your complaint at, and then follow the steps under the ID Theft Resources page of this website


What is ID Theft?

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make—or until you’re contacted by a debt collector.

Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.

For more detailed information about ID Theft visit the FTC website.

Protecting yourself from ID Theft

The following website is an excellent resource that can aid you to take the steps necessary to help protect against identity theft.

Victim of Identity Theft

If you are a victim of identity theft, take the following four steps as soon as possible, and keep a record with the details of your conversations and copies of all correspondence.
1.Place a fraud alert on your credit reports, and review your credit reports.
2.Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
3.File a complaint with the Federal Trade Commission
4.File a report with your local police or the police in the community where the identity theft took place.

Here are some important numbers you should know.

HarborOne Bank

Attorney General Consumer Hotline
Visit or call 617-727-8400

Federal Trade Commission Hotline
Visit or call 1-877-IDTheft

Office of Consumer Affairs Hotline
Visit or call 617-727-7780 or 888-283-63757

The Credit Reporting Bureaus/Fraud Departments

P.O. Box 15069
Atlanta, GA 30348
Experian (formerly TRW)
P.O. Box 9532
Allen, TX 75013
P.O. Box 679
Fullerton, CA 92634

Tips for Your Protection

Take proactive steps to keep your financial information secure, select from any of the following categories to review our security tips when using your HarborOne Visa Debit Card:

Reduce your risk at ATMs

ATM transactions are quick and easy, but you shouldn’t put your common sense aside as you go about your ATM business or make a purchase in a retail store. Using your Visa Debit Card is a convenient and safe way to get cash. Make sure you do it the smart way:

Be aware of your surroundings and listen to your gut. If the ATM is poorly lit or in a concealed location, or if you’re just not feeling comfortable, use another machine. Avoid counting cash or rummaging through personal items while standing at the ATM location.

Guard your PIN. Memorize it and never write it down. Cover the keypad when you enter your PIN, and if you notice suspicious activity, cancel your transaction. You should also take your receipt with you, as it may contain personal information that could be helpful to identity thieves.

When using a drive-through ATM, lock car doors and roll up other windows. If you walk up to the ATM, don’t leave your car running or unlocked. And never leave Debit or ATM Card in your car’s glove compartment.
When using an indoor ATM that requires your card for access, avoid letting unknown people in with you.
Report lost or stolen cards immediately, and sign your new or replacement card as soon as you receive it.
Find out more about common types of fraud on our Learn the Facts page. If you’ve been the victim of fraud or identity theft, get in touch with Call For Action for assistance.

What to watch for at Retail Stores
No matter how many times you’ve visited the same mall, you should still be careful when shopping at retail locations, so keep these tips in mind the next time you’re at the point of purchase.
Do business with companies whose reputation and integrity are already familiar to you. If you feel pressured into acting before you’re ready to buy, trust your common sense and take your time.
Find out the store’s return and exchange policy before you hand over your HarborOne Visa Debit Card. If you have questions that the sales staff can’t answer, consider holding off until you have all the information you need to make an informed purchase.
Review receipts before you sign them, save customer copies, and check these against your account statements. Notify HarborOne immediately of any errors or suspicious charges.
If you discover that you’ve bought damaged merchandise, contact the company immediately.

Shopping Online
Everyone knows the Internet is an amazing resource, but do you know the secrets to protecting your personal information during your web surfing? Stay in charge with these tips for keeping your card, account, and identity secure.
Take proactive steps to keep yourself out of harm’s way while you take advantage of the Internet’s convenience and entertainment.
Make sure your computer has a firewall installed and keep your browser software and anti-virus program updated.
When you’re done using a public computer, log off and shut down the browser program completely. This will prevent the next user from being able to hit the back button and discover your personal information.
When shopping online, stick to merchants that have a trustworthy reputation. Read their privacy policy (if you can’t find it, that may be a red flag) and find out what security features are in place.
Never respond to suspicious emails or click on links inside questionable messages. If an offer sounds too good to be true, it probably is. Get more information about email safety and learn how to spot fraudulent messages and websites.
Seek out safety symbols, including the padlock icon in your browser’s status bar and “s” after “http” in the URL, or the words “Secure Sockets Layer (SSL).” These are your assurance that only you and the merchant can view your payment data.
Craft strong passwords with more than six characters and try to mix numbers and letters. Use a new password for each site—and keep it to yourself. Never use one-click shopping on a public computer.
Not sure whether an online merchant is trustworthy? Be sure to check it out prior to entering any personal or financial information.
Activate Verified by Visa to add an extra layer of protection during online checkout.
Watch for Spyware
Spyware is software that consumers unknowingly install on their computers. Once installed, it can be used to track online usage and personal information. You can do a number of things to keep spyware off your system.
Keep your computer current with the latest operating system, install updates and patches, and select the highest security setting possible on your browser to prevent unauthorized downloads.
Download only from sites you know and trust; some free applications may be fronts for getting spyware onto your system. Take time to read the fine print too. If you can’t understand the licensing agreement, don’t download the software.
Enable a pop-up blocker on your browser. Don’t click any links inside a pop-up window, as they can install unwanted software. Instead, get rid of pop-ups by clicking the “X” icon on the title bar.
Buy anti-virus and anti-spyware software from a reputable vendor, keep it up-to-date, and use it to do regular scans of your computer.

Protecting your business’s financial assets is a top priority at HarborOne Bank, but we can’t do it alone. Just as you protect your business’s physical location from intruders by activating a burglar alarm at closing time, your business’s computers must be protected from cyber thieves attempting to exploit weaknesses in your computer network.
Please be aware that FDIC Insurance or Regulation E (the Electronic Funds Transfer Act) does not cover fraud losses for business customers. HarborOne Bank recommends that all business owners discuss online fraud protection with their insurance carriers to ensure they are adequately protected in the event of a loss.
The tips below provide information and security measures you can take to help protect your accounts from scams and other harmful attacks.
Harden your computer against cyber-attacks.
Computers that are not appropriately protected can become an open gateway for cyber criminals to access your online account or perform malicious activity. Unfortunately, antivirus products alone are not enough to protect you from malware that can give cyber criminals control of your computers. Below are basic tips to protect the computers at your business.
Use a dedicated computer: If possible, dedicate a computer to be used ONLY for online banking purposes to mitigate against the risk of computer and user credentials being compromised. Your business’ computer information technology system should not be used for email, social media, or web browsing.
Password Protection: A unique password or token PIN is the first step of securing your online information. Select a password/PIN that is easy for you to remember but do not select birthdays, sequential numbers or street addresses. Do not share your password/PIN with anyone. Remember, HarborOne employees will never ask for your password.
Keep your operating systems, antivirus and other software up to date. Scan your computers for viruses regularly.
Fraud Awareness: Fraudsters use official-looking e-mails (Phishing) and websites to lure you into revealing confidential financial information. The phishing messages appear to be from trusted banks, retailers or other companies. Be suspicious of any e-mail with urgent requests to “verify account information.” When in doubt, call the sender directly and validate the message. If you receive a suspicious email, do not click on any links or attachments, since they could contain malware. Just delete the email.
Transaction Review: Check your account balances and transaction activity daily and promptly report any suspicious activity to your account manager or call877-997-9957 and speak to a HarborOne Customer Service Representative.
Make your computer less vulnerable to cyber thieves.
Your business online account has built-in security options you can use to protect and monitor your online activity.  Don’t wait until your business is a victim of cyber fraud before you protect yourself.
Enroll and Check your Email Alerts: Reviewing email alerts immediately can protect against fraudulent activity on your account. 
Review Account Activity:  Review your online accounts for any transactions you did not initiate.  Early detection may prevent large losses.
Requiring two individuals to execute transactions (dual control) can prevent fraudulent activity even if one employee’s computer is compromised.
Change your Password:  Changing your password periodically reduces the chance of it being compromised.
Only use Company Computers:  When accessing online business accounts, only use designated company computers that use the company network.  Non-business computers and networks are more likely to be infected with malware.
How to identify common attacks by cyber criminals.
No one wants to become a victim of cyber fraud, but if it does happen, responding to it quickly is of the utmost importance. Below are ways to help your employees identify when they may be the victim of cyber fraud, or when you should consider contacting  HarborOne for assistance. Be sure that all employees that participate in online banking are aware of these tips.
Contact customer support if you experience any of the following scenarios:
If you receive an email alert regarding a wire, ACH, or bill pay transaction you did not initiate
If you receive an email alert regarding a change of password or email address you did not create
If the login screen looks different or has unusual fields or prompts
If you see unknown transactions or balance inconsistencies on your account
If you receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in
If you log on to HarborOne online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes
Learn about your liability in the event of a cyber-attack.
HarborOne provides online business banking to its business customers to add convenience for conducting financial transactions, but we cannot assume liability for fraud on business accounts as a result of malware and system vulnerabilities on our customers’ Information Technology systems.  Our business customers must ensure that adequate security controls are in place on their Information Technology systems before accessing online banking to minimize risk.
Business customers are contractually obligated to maintain the security of their computers and must monitor their accounts proactively and frequently. This means that you will be responsible for any fraudulent financial activity on your account if your business’s computers or accounts are compromised. Business customers who use their Information Technology systems to house proprietary, financial, or personnel information should employ an Information Security Professional periodically to conduct a thorough review of their systems and security controls.

Enhance security with Trusteer Rapport

To help protect you from online banking fraud and identify theft, we have partnered with the online security firm of Trusteer to offer a free download of their Trusteer Rapport software. Rapport works with your existing firewall and anti-virus protection and is easy to install and use. Rapport is also entirely transparent and does not require you to change the way you work or sign into websites.
Download Trusteer Rapport Here!

Learn more about Trusteer Rapport (Video)

What are the benefits of using Rapport?
Protect the connection between HarborOne Banks Online Banking site and your computer against common online threats. The green arrow signals that you have logged into HarborOne Bank’s genuine Online Banking site and not a website claiming to be Online Banking.

What is Trusteer Rapport?
Trusteer Rapport creates a secure tunnel between your keyboard and HarborOne’s Online Banking platform to minimize the risk of your information captured by an outside party. Rapport works alongside your existing firewall and antivirus solutions to provide added protection to your HarborOne Bank Online Banking session.

Why Use Trusteer Rapport?
Trusteer Rapport is free for you as a customer of HarborOne Bank, is easy to install, and has an unintrusive user interface. It enhances the security of the browser when you connect to HarborOne’s Online Banking platform by verifying that the connection with the web site is direct and encrypted to prevent “man-in-the-middle attacks.” The security software validates the Online Banking web site you see is hosted by HarborOne Bank, thereby reducing risk of sending information to phishing sites.

What’s the User Experience?
The user interface is designed to be as simple as possible.  An icon is added to your browser’s address bar, and when you connect to HarborOne online banking platform, the icon will turn green.  When you visit sites that do not use Trusteer Rapport, the icon browser will be gray in color.  The icon is for your information only and does not require any action on your part. If you require any assistance using the software, please visit the Trusteer support page

By downloading and installing Trusteer’s Rapport Software, you agree with and accept all of Trusteer Inc.’s terms and conditions for use of the Rapport Software. HarborOne Bank is not associated with Trusteer Inc., Trustee, Ltd. or any of their affiliates. HarborOne Bank is making Trusteer’s Rapport Software available free of charge solely as a service to its customers and the bank is not responsible for, and does not guarantee, the effectiveness, content, services or operation of Trusteer’s Rapport Software. All problems, questions or concerns regarding Trusteer’s Rapport Software should be directed to Your access and use of the Rapport Software is also subject to the online banking services agreement between you and HarborOne Bank.

As a HarborOne business we are concerned about your security. Protect yourself as a merchant when accepting purchases over the internet. Working in cooperation with Visa, HarborOne wants you to feel secure in your business processing over the worldwide web. Learn more >

Before you go

A little bit of preparation on the front end can ensure you don’t hit any bumps when you hit the road.
  • If you plan to use your HarborOne Debit Card you should contact Customer Service at 800-244-7592 or log into your online banking account and access the "Service Center" to submit your travel plans.  Once we know of your travel plans we can notify our Card Monitoring service of your trip to ensure that your card transactions are successful.
  • Check your card Expiration date to make sure it won’t expire while you’re away.
  • Confirm your debit card limit for both Purchases and ATM withdrawals, as well as your account balance so you’ll know how much you’ll be able to charge each day.
  • Please Note that many Car Rental Agencies do not accept Debit Cards as a form of securing your Car rental.
  • As a safety precaution, note your debit card number, as well as HarborOne’s Customer Service phone numbers, and keep them in a safe place, so you won’t have to scramble in the unlikely event your card is lost or stolen. NEVER write down your PIN number.

During your trip

  • Don’t leave common sense behind when you’re away from home.
  • Follow our advice for traveling safely: Avoid leaving cards unattended at work, in a hotel room, recreation areas, or in a locked or unlocked vehicle.
  • Take advantage of the safe or security box provided by the hotel for your valuables.
  • Save all of your receipts for proof of purchase.
  • And, when you get home, carefully check them against your monthly statements.

Traveling Overseas?

The growing number of fraudulent ATM & Debit transactions has caused us to review locations that pose a higher fraud risk. Unless you contact us before you leave access to your HarborOne Accounts through ATM, Debit Card purchases and Online Banking access may not be available in the following countries: 
Continent Country
Africa Botswana
South America Brazil
Asia China & Hong Kong
North America Cuba
Europe Estonia
Asia India
Asia  Iran
Asia Japan
Asia Jordan
Africa Lesotho
Asia Malaysia
North America Mexico
Asia Myanmar AKA Burma
Africa Namibia
Africa Nigeria
Asia North Korea
Europe Poland
Europe Romania
Asia Russia
Asia Saudi Arabia
Asia Singapore
Africa South Africa
Europe Spain
Africa Swaziland
Asia Taiwan
Asia Thailand
Europe Turkey
Europe Ukraine

We apologize for any inconvenience this may cause, and the above list could change at any time; therefore as a reminder Contact HarborOne before you leave and we can note your travel plans and activate the countries during your travel dates. 


Enabling Cookies