To give you the best possible experience, this site uses cookies. You’re agreeing to the terms of our Privacy Policy by continuing to use the site. Learn how to disable cookies.

Online Safety and Security

Keeping your financial information safe and secure is very important to us. We want you to know what we’re doing to protect your information, and what you can do to help.

It’s unlikely that an unauthorized transaction would happen through online banking or that information obtained from the online banking site would result in the unauthorized use of your credit card account. However, if it ever does occur, don’t worry – as a Capital One® cardholder, you’re protected.

Zero Liability

We provide Zero Liability for unauthorized use of your account. That means you won’t pay for any unauthorized purchases on your account, as long as you meet these conditions:

  1. You’ve used reasonable care in safeguarding your account number and card, your PIN and your password;
  2. You haven’t contributed to any unauthorized use of your account; and
  3. You notify us immediately if your account number or card is lost or stolen, if somebody discovers your PIN or if a person uses your account without your permission.

Check the terms and conditions of your account for more information on protection from unauthorized use.

  • How to spot phishing (suspicious emails, texts or phone calls).

    What is phishing?

    Phishing is a type of cyber attack or scam where fraudsters use emails, texts or phone calls in an attempt to collect personal, private information – including banking information.

    Suspicious emails.

    Phishing emails often appear to be from legitimate companies and can use official logos or headers. If you receive an email that says it’s from Capital One, but it seems suspicious, it’s important to remember that we’ll always reach out to you from a credible email address.

    In an email, Capital One will never:

    • Ask you for your personal identification number (PIN) or online banking password
    • Ask you for your Social Insurance Number
    • Make grammatical errors in written communications to you
    • Use fear tactics to get money or gifts from you
    • Make threats to suspend your account or claim your account has been compromised

    To help verify if an email is from us, take a look at the sender’s email address and hover over any URL links included in the message.

    If you think you’ve received a fraudulent email that claims to be from Capital One:

    • Do not reply to the email
    • Do not click on any of the links embedded in the email
    • Forward the email to abuse@capitalone.com
    • After forwarding the email to Capital One for investigation, delete it
    • Be sure to monitor your account, and call the number on the back of your card if you notice any unusual activity

    If you clicked a link within a suspicious email or responded to it with information related to your account, contact us immediately by calling the number on the back of your card.

    Suspicious phone calls.

    If an unknown number calls you and asks you to provide personal information, such as your credit card information, Social Insurance Number or sign-in credentials, do not provide this information. Instead, hang up the phone and report the call.

    How to report a suspicious phone call:

    1. Send an email to abuse@capitalone.com.
    2. In your email, provide as much detail as possible including the caller’s phone number and the information requested during the call.

    If you gave any information about your account on a suspicious phone call, contact us immediately by calling the number on the back of your card.

    Suspicious text messages.

    If you receive a text message appearing to be from Capital One that asks for personal information, such as your credit card information, Social Insurance Number or sign-in credentials – do not respond. Also, use caution before clicking links within text messages like TinyURL or Bit.ly. These are used to shorten links, and they create the opportunity to hide a phishing link.

    How to report a suspicious text:

    1. Take a screenshot of the text and email it to abuse@capitalone.com.
    2. Include the sender’s phone number and message content in your email.
    3. Delete the text message from your phone.

    If you responded to a text with information about your account, contact us immediately by calling the number on the back of your card.

  • How to report a suspected vulnerability.

    Capital One is committed to maintaining the security of our systems and our customers’ information. We appreciate and encourage security researchers to contact us to report potential vulnerabilities identified in any product, system, or asset belonging to Capital One.

    For more information on how to report potential vulnerabilities, visit our enterprise’s Responsible Disclosure Program page.

  • How we communicate with you safely.

    When you contact us:

    • We’ll verify your identity before we share any account information or perform any transactions.
    • Our agents may ask you to verify information we have on file for you or ask other questions to confirm your identity.
    • Our agents will not ask you to provide your online banking password or PIN over the phone.

    When we contact you:

    • We may contact you by email with offers or to provide account information. If you ever suspect that an email is fraudulent, forward it to abuse@capitalone.com, and then delete the email.
    • We may contact you by text, email or over the phone if we detect unexpected activity on your account.
    • Fraud agents will require you to verify your identity prior to discussing your account.
    • We may contact you by text to confirm a potentially suspicious transaction (to help prevent fraud), but we’ll never ask you to confirm or verify your personal information in an unsolicited text message.
    • If you ever suspect the person contacting you is not from Capital One, please tell the caller that you would prefer to contact Capital One directly, and then contact us by calling the number on the back of your card.
    • We’ll never ask you to provide your online banking password or PIN over the phone.
  • How we keep your information safe.
    • We’ll send you alerts informing you of any changes made to your online banking profile.
    • You’ll be automatically signed out of online banking after a period of inactivity to protect your information.
    • We’ll occasionally verify your identity by asking you to enter a one-time code to sign in to online banking. When we do this, we’ll send you the code by email or text message. To help ensure you receive this code, please make sure to keep your contact information (email address and/or mobile phone number) up to date in your online banking account.
  • How you can keep your information safe.
    • Choose your passwords carefully and don’t share them with anyone.
    • Never carry your password with you.
    • Install and maintain up-to-date firewall and virus protection software on your computer.
    • Keep your software updated with the latest version and install manufacturer-provided patches.
    • Make sure you sign out when you finish checking your transactions in online banking, and close your browser.
    • Report a lost/stolen card or compromised password immediately.
    • Never respond to emails asking for personal information, like passwords or account information – we’ll never ask for this type of information through email.
    • Never share your personal/banking information and password on social media.
    • Don’t access personal accounts or make any purchases with your credit card on unsecured or public Wi-Fi networks.
    • When using public or shared computers, keep your screen hidden from people around you. Do not select Remember Me after entering usernames and passwords when signing in to any accounts.
    • Do not download programs or files from unknown sources or third-party websites. Look for legitimate sources. It’s not uncommon for malware to be embedded within an otherwise legitimate program or file.
    • Report any suspicious emails, phone calls, text messages or social media communications claiming to be from Capital One to abuse@capitalone.com.
  • How to keep your information safe on social media.

    Fraudsters sometimes use social media platforms to pose as legitimate organizations in order to trick users into sharing personal information. If you’ve received a suspicious communication through social media that targets you as a Capital One customer, please forward the entire communication to abuse@capitalone.com. Provide as much detail and background information as possible, including screenshots if available.

  • What is multi-factor authentication (MFA)?

    Multi-factor authentication is a secondary form of authentication used to confirm a customer’s identity and prevent unauthorized users from accessing their information. In order to make sure it’s really you accessing your online banking account, we occasionally confirm your identity by asking you to enter a one-time code while signing in. When we do this, we’ll send you the code by email or text message. To help ensure you receive this code, please keep your contact information up to date in your online banking account.

Visit our Fraud Protection page for more information.