Please ensure Javascript is enabled for purposes of website accessibility

Online Security

The Bank of New York Mellon maintains active oversight of all of our systems as part of our efforts to protect the security and privacy of client information.

The Internet is one of the most powerful communication tools available, making it possible to share information instantly, any time of the day or night, around the globe.


Criminals have capitalized on the broad power and wide availability of the Internet and electronic mail (e-mail) to defraud unsuspecting people. It is critical that each of us maintain constant vigilance over the way we use the Internet and all forms of electronic communication.


The Bank of New York Mellon maintains active oversight of all of our systems as part of our efforts to protect the security and privacy of client information.


What Does BNY Mellon Do to Protect Your Identity?


Stronger Authentication is an added layer of security for Internet applications containing non-public information. The Federal Financial Institutions Examination Council (FFIEC) requires Web sites such as to add a form of Stronger Authentication security to comply with Federal regulations.


Since The Bank of New York Mellon has implemented Stronger Authentication security on this site, the first time you log in you will be required to register your Username. Please contact the Phone Center if you have any questions about this process at 800-880-5631.   NOTE: BNY Mellon Wealth Management will never make unsolicited requests for a client’s electronic banking credentials.


Protect Yourself


To help protect yourself and your personal data, do not trust any e-mail communications that request your personal information.


Criminals can be convincing. They make their fraudulent e-mails look like they come from legitimate sources. They publish fake websites that use designs, information and programming stolen from their rightful owners. Cyber criminals use methods to impersonate you over the phone to arrange funds transfers, or imitate communications from the financial institution to verify transactions, or initiate other changes to your account. Don't fall for their ploys.


Protecting Your Username and Password


  • Utilize strong passwords with at least 10 characters that include a combination of mixed case letters, numbers and special characters
  • Do not share with others usernames and passwords for online banking systems
  • Use a different password for online banking sites than you might use for email and other Internet activities
  • Verify use of a secure session (https not http) in the browser for all online banking
  • Do not "script" usernames and passwords for online banking to allow for automatic logins
  • Install commercial anti-virus, desktop firewall, and intrusion detection software on all computer systems and apply updates regularly
  • Ensure computers are patched regularly particularly operating system and key application with security patches
  • Always activate the screensaver locking feature when you need to leave your computer unattended
  • Where practical, carry out online banking activities from a stand-alone and locked down computer from which e-mail and Web browsing are not possible
  • Never access bank, brokerage or other financial services information from public kiosks such as those found at Internet cafes, public libraries, and airports
  • Keep abreast of the continuous cyber threats that occur


If you have any concerns or questions, please contact your BNY Mellon Wealth Management wealth manager or private banker.


E-mail and Website Scams


E-mail is by far the most popular way for criminals to try to get your attention — and your personal information. An e-mail may direct you to a website designed and operated by criminals to trick you into revealing such information. Therefore, treat e-mail from someone you don't know the same way you would treat a telemarketing call from someone you don't know: don't necessarily believe what you're being told.


Fraudulent e-mails and websites are created every day to attempt to steal personal information. It's called "phishing" — a variation of the word "fishing." There are limitless variations of these online scams, so the best defense is education and a healthy dose of skepticism. A few misleading and deceptive techniques in use include the following:


The e-mail or website may appear to be genuine. It may include a logo that appears legitimate. It may ask you to click on a link to go to a website — the website address may, at first glance, appear legitimate and imply importance. The e-mail or website may ask for you to supply account numbers, Social Security numbers, personal identification numbers (PINs), passwords or credit card numbers. The e-mail or website may even already contain some of this information and is asking you to confirm the data. You are right to be suspicious of any e-mail or website asking you to supply or confirm any personal information. As technology and one's ability to detect these scams improves, so, unfortunately, do the criminals. The latest attacks do not even require you to do anything. Merely opening the e-mail can launch "hidden" software — a virus, "spyware" or other malicious code — that will download to and reside on your computer. Should they go undetected, any of these programs could compromise your computer in a variety of ways, including stealing private information, redirecting your Web surfing to unscrupulous sites and transmitting information that you type on your computer directly to the criminals. Therefore you should delete all unwanted and potentially fraudulent e-mails without opening them.


Some fraudulent e-mails, spear-phishing attempts for example, can be very well done and very convincing. These are often created by more sophisticated and more determined criminals who are highly motivated to succeed. More generally, however, most fraudulent e-mails and websites established for fraud may frequently be characterized by the following:


  • Misspellings and other typographical errors
  • Poor grammar
  • Urgent messages in the e-mail subject line
  • Random characters in the e-mail subject line or body
  • "Fuzzy" logos, or logos that are distorted