Security Center

Find help for security issues, stay up-to-date on fraud trends, and read up on best practices to protect your accounts and devices.


Account Password and Security Questions

Create unique passwords

Use a different password for every account. The longer the password, the more difficult it is to hack.

  • Never include personal info or common words and phrases
  • Combine 3 or more words together to create a phrase that’s meaningful only to you
  • Include numbers, symbols, and both UPPERCASE and lowercase letters

Account security questions

Account security questions may add an extra layer of protection to your account but can be a vulnerability if your answer is something that could be easily discovered.

For example, a common security question is, “What city were you born in?” This information can be easily found online, so it’s actually better to enter a city that you were not born in. This will keep your account more secure.



Report Fraud or Unauthorized Activity

Step 1

  • Contact your financial institutions.
    Ask for the fraud department, explain what’s happened, and be clear what they—and you—can do to resolve it.

Step 2

  • Contact your credit card companies. 
    Call the number printed on the back of your card. You can usually notify them online or in their app as well.

Step 3

  • Notify your local law enforcement. 
    Filing a report with your local police department will help you document your case. Some institutions, agencies, and credit bureaus will ask for the report number or a copy of the police report.

Step 4

  • Check your info in all accounts.
    Scammers can change info in your accounts so check for things like phone numbers, email, or mailing addresses that have been added or changed.

Step 5

  • Change your account logins. 
    Change your password, PIN, and security questions for all accounts—including your email accounts and those that don’t seem to have been compromised.


Guard Against Phishing and Other Scams

Phishing

Phishing is an attempt to steal your personal information via email. Phishing emails often begin with impersonal greetings like “Dear user” or “Hello member” and will look like they’ve been sent by a legitimate company or person. They’ll typically be poorly written with typos, misspellings, and incorrect grammar.

Vishing

With vishing, fraudsters use an automated system to make voice calls. The message will usually be about an urgent account problem and ask you for your account information. The Caller ID may look legitimate, but scammers can easily fake that.

Smishing

Smishing is when a scammer sends an SMS message to your phone from a fake phone number or URL. Like the other types of scams, the message will usually be about an urgent account problem and ask you to call and provide your account information. Smishing message may also try to get you to click on a fake URL.

Tips to avoid phishing, vishing, and smishing scams

  • Never provide personal, credit, or account info via email.
  • Don’t click on links in emails and SMS text messages unless you’re 100% sure the sender is legitimate.
  • Don’t return calls from an unknown or suspicious number and provide any personal, credit, or account info.
  • Attachments can contain malware, so never open them unless you’re 100% sure they’re legitimate.
  • Ignore pleas for you to take fast action or warning you of problems that will compromise your account status if you don’t take action.

Tips for browsing websites

  • Don’t rely on the “s” in https. 
    One letter used to make a big difference, but now the “s” doesn’t always mean the site is legitimate. Hackers can build encrypted sites, too.
  • Don’t rely on the padlock symbol. 
    Authentic sites will have this icon in the address bar, but many fake sites can also have it.
  • Type out the URL. 
    Phishers create fake websites with URLs that are very similar to the real one. To be safe, manually enter the URL you want to visit.

Tips for recognizing fake phone calls

  • Never share sensitive info.
    Account info, passwords, or validation codes are for your eyes and ears only. Even a customer service rep shouldn’t ask for them.
  • Never trust Caller ID. 
    Scammers can easily fake a Caller ID, so don’t rely on it as confirmation that a call is legitimate.
  • Never return an automated call. 
    Scammers use automated systems to make voice calls. If an automated call provides a number and asks you to call back, don’t.


Report Fake, Fraudulent, or Suspicious Messages and Sites

Emails and websites

If you receive a suspicious email or website link:

  1. Don’t click on any links inside of the email or on the website, and don’t download any attachments.
  2. Forward the email and/or website to hw-phishing@paypal.com and delete it from your inbox.
  3. If you notice any unexpected activity on your Hyperwallet account, contact our support team.

Text message

If you receive a text message with a link inviting you to visit a website:

  1. Don’t click on any links in the message.
  2. Screenshot the message and email it to hw-spam@paypal.com. (Make sure it shows the full phone number.)

Phone call

If you receive a suspicious phone call:

  1. Take a screenshot of your phone log showing the phone number, and email the screenshot to hw-spam@paypal.com.
  2. In your email, include details of the phone call, including what the caller said or asked from you.
  3. After you send your email, you’ll receive an automatic confirmation message that we received it.

If the caller left a voicemail and you’re able to view a transcript on your phone, also include a screenshot of it in your email.



Protect Your Devices

Keep software up-to-date

Maintaining the latest version of apps and operating systems helps protect you from security vulnerabilities. Enable automatic updates whenever possible.

Use only reputable apps

Downloading an app invites its creators into your world. Only install apps from companies you know and trust. Repackaged and third-party apps have a much higher potential for harm, so be careful. You should also remain cautious with app permissions. Restrict access to your contacts, location, and photos only to apps that absolutely require this sensitive info to function.

Install anti-virus software

Anti-virus software detects and protects against malware. It will catch most things, but not everything. Remain vigilant and enable automatic updates since new viruses are discovered every day.

Follow basic security protocols

  • Set your screen to auto-lock after a short period of inactivity
  • Use strong PINs and passwords
  • Enable biometric authentication (fingerprint or Face ID) for additional security and faster access to your device

Activate “Find My iPhone” or “Find My Device”

This useful functionality can help you locate your device if it’s lost or stolen. Hopefully, it was accidental and you’re able to retrieve it. If this isn’t the case, you can lock your device or wipe it clean remotely before replacing it.

Regularly back up your data

Should a scammer hack your device, you may need to wipe it clean. If so, you’ll be glad to have a current backup to use when setting up your new device.



Hyperwallet’s Compliance and Security Controls

Financial network safeguards

We protect our network and payouts platform against cyber threats and privacy breaches. We adhere to PCI Data Security Standards and maintain banking redundancy in high-traffic jurisdictions to build resiliency and guard against service outages.

Privacy and security practices

Protecting your personal information is our top concern, and we aim to not only meet but exceed industry standards. We use multiple methods to ensure the safety and security of all personal data in our systems.

We are a PCI Level 1 compliance service provider, SOC1, SOC2, and ISO27001 certified organization. We will not share personal information, unless to provide requested services or as otherwise permitted by law. Individuals can request access to their personal information in our possession and can request updates to that information, subject to applicable legal or regulatory record-keeping or related requirements. For a detailed explanation of how we collect, use, protect, and disclose personal information, read our Privacy Policy.



Hyperwallet’s Data Security Methods

Data encryption

End-to-end encryption is an important element in helping you to keep your personal data and Hyperwallet transactions secure.

Data protection

Hyperwallet is Payment Card Industry Data Security Standard (PCI-DSS) Level 1 certified. This means we comply with stringent data protection requirements. Hyperwallet’s Information Security Policies and Controls are reviewed by independent third parties for adherence to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE18 SOC1, AT-C105 and AT-C205 SOC2, and ISO 27001.

TLS Connection

When you register or log into Hyperwallet from your computer or mobile device, we make sure you’re connecting with Transport Layer Security (TLS), a cryptographic protocol providing communications security, and an HTTPS connection (HSTS). Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. We only allow HTTPS connections to help keep you safe from passive and active attacks.