Security Awareness

Dear PassTo Customer,
We wish to assist you in preventing online crime and fraud. This list of security measures has been compiled to assist you in protecting your online credentials from identity thieves, fraudsters, and other criminals. Individual user security measures are essential to protecting your identity and accounts during any online transaction, from authenticating your PassTo account to making a money deposit or transferring funds.

PassTo Customer Security Awareness and Education

It is important to be aware of the threats and to approach anything online that involves your identity or account numbers with caution as cybercriminal attacks on individuals are at an all-time high and the perpetrators are becoming more sophisticated constantly.
Cybercriminals have done a remarkable job of creating fake websites and mobile applications that imitate legitimate sites such as PayPal, the FDIC, and the IRS in order to steal sensitive information. It is an unfortunate reality that a significant amount of identity theft and fraud is committed by family members, friends, and acquaintances of victims who have relatively easy access to account numbers and passwords saved on computers and mobile devices.
There are a number of safeguards in place to protect your PassTo account from unauthorized access, but there are also steps you can and must take to further reduce the risk of a breach.This applies to all of your online accounts, whether they're with us or other financial institutions, companies, or websites.

Social Networking Risks

Fraudsters have mastered the art of breaching password-protected accounts by using personal details that users voluntarily disclose on social networking sites, such as your favorite books, foods, cities of birth, etc., to bypass secondary verification systems and reset passwords.
Be wary of making any part of your identity public, as most of it can be used by identity thieves. When creating a PassTo account, it is important to carefully select a set of challenge questions to verify your identity.This is required to avoid using information that could be obtained by identity thieves or easily deduced by an impersonator with basic knowledge of the target.

Password Secrurity

Online systems have difficulty distinguishing between a legitimate user and a criminal user who has gota legitimate user's password. PassTo users must therefore keep their credentials confidential and quickly report any suspected security breaches. Avoid the following list of typical password choices:

• A word in any foreign or English dictionary, even when spelled backwards

• Sequences such as "12345678", or "33333333", "abcdefgh"

• Your name, or the name of a family member or pet

• Social Security, account, or telephone numbers

• Any portion of your physical address

• Anyone's birth date

• Other readily accessible information about the user

• A password used on a different website

Security Practices to Help You Avoid Identity Theft

• Investigate an application (app) prior to downloading it. Do not assume that a similar-sounding app is the PassTo app because its name is similar. It may be a malicious app designed to deceive users into believing the service is legitimate. The App Store or Google Play Store is the best location to download the PassTo mobile app. Be mindful that criminals will continue to submit fraudulent applications.

• PassTo will never claim to have "lost" your login details and contact you to get it back. Such requests are always, without exception, fraudulent as they entail some form of coercion, such as a threat to withhold cash unless login information is provided immediately. PassTo will under no circumstances request your password. Under no circumstances should you reveal your password to anyone, including the support team, compliance team, etc.

• If you're inputting your password into the PassTo website or anywhere else online, ensure that you're using a secure session (https:// instead of http://).

Pay careful attention to the URL (web address) of the website you are currently viewing! Password harvesting spoofs frequently use web addresses that resemble the official PassTo website,, to deceive users into thinking they are visiting the legitimate PassTo site, where they have an account. This is a common method used by fraudsters to trick users into divulging their passwords to phony versions of authentic websites!

• Avoid saving passwords on computers and mobile devices.

• Always utilize the Logout button to discontinue secure sessions when you are finished. This helps avoid session hijacking attacks, in which hackers maintain open sessions when you believe they have been closed.

• When using the PassTo service to send money, you must never leave your computer or phone unattended.

• Do not log onto PassTo from a shared computer in a public place such as a hotel, library, internet cafe, or from a shared wireless network using your own personal devices.

• Offers of employment as a mystery shopper, payment processor, etc. that require you to provide your PassTo credentials are never legitimate.

• PassTo will never attempt to transfer funds via an individual's personal account. There is never an exception to this rule; it is always a fraud. In the event that you are approached about taking part in a scheme of this nature, immediately contact local law enforcement.

We hope you find this information useful. Please do not hesitate to contact us if you have any questions or concerns about cyber security. We would be delighted to help you.