In a credential stuffing attack, criminals harvest lists of legitimate user credentials that have been compiled from previous data breaches and attempt to use them to gain access to accounts at financial institutions and other service providers. Fraudsters are very aware that users have a tendency to re-use credentials across multiple websites.

What to Know about Credential Stuffing

  • Credential stuffing attacks are possible because many users reuse the same password across many sites. In fact, 80% of users have reused a password on two or more sites, and 25% use the same password on many of their accounts.
  • For more information about malicious cyber activities, visit the Internet Crime Complaint Center (IC3).

How KeyBank Safeguards Your Information

  • KeyBank constantly evaluates and updates our systems as needed with the most advanced firewall and encryption tools available. We use state-of-the-art virtual monitoring to identify potential suspicious account activity.
  • Your KeyBank online banking settings require passwords consisting of at least eight characters up to 20 characters, allowing any combination of letters and numbers except for Social Security and tax identification numbers.
  • If you forget your sign-on information, KeyBank protects your account from unauthorized access by using unique online banking security questions before releasing forgotten login information. We require additional identification verification in online banking areas that contain particularly sensitive information.

What to Do to Maximize Your Security

  • Create different passwords for each of your online accounts, and change all passwords at least once a year or more.
  • Protect your information, including account passwords, by verifying the source any time you receive a telephone call, email or text from someone seeking information. KeyBank will never call, text or send an email seeking your account information.
  • Keep your electronic devices up to date with the most recent security patches provided by the device manufacturer.
  • Monitor all accounts regularly, whether that’s through statements or by using online and mobile banking. Use online and mobile banking account alerts to track activity. These alerts are sent when transactions that exceed a specified amount are made, and when an account balance drops below a certain amount. Clients enrolled in KeyBank’s financial wellness program can use our personal finance tool to track transactions.
  • If you discover a fraudulent transaction on your KeyBank account, immediately contact the KEY2YOU call center at 800-539-2968. For clients using a TDD/TTY device, please call 1-800-539-8336.
  • If you have been the victim of a scam, you can file a complaint at the Internet Crime Complaint Center (IC3).

This material is presented for informational purposes only and should not be construed as individual advice.

KeyBank does not provide legal advice.