Your security is a top priority.

How we protect you

SSN protections

We restrict access to your Social Security Number except for authorized purposes.

Security checks

Identity verification is needed for certain transactions and changes to your account.

MFA security

Multi Factor Authentication requires you to prove your identity in 2 or more ways.

How you can protect yourself

Online banking security

Add an extra layer of protection while banking online

Whether it’s secure login, monitoring alerts, or using digital payments, there are many opportunities for more security.

FRAUD education

Educate yourself on common scams and be vigilant

You can set up account alerts, learn how to avoid oversharing personal information and report suspicious activity.


Protect your information & monitor your credit

Keep sensitive documents in a safe place or shred them if you don’t need them. Check your credit report regularly. 

Help Topics and resources

Our communication practices can help you keep your sensitive information secure. Here's what to expect when you contact us or we contact you.

When you contact us:

  • When you initiate contact with Capital One, we’ll verify your identity before sharing account information or performing transactions on your behalf.
  • Our agents, whether over the phone or in our branches and cafes, may ask you to verify information we have on file or ask other questions to confirm your identity.
  • Our agents will not ask you over the phone to provide your online banking password.

When we contact you:

  • We may contact you by email with offers or to provide account information. If you’re ever in doubt about a communication instance, forward any suspicious emails to
  • Our Fraud department may contact you if we detect unexpected activity on your account. Fraud agents will require verification of your identity prior to discussing your account.
  • We may contact you via text to confirm an attempted charge (to prevent fraud), but we will never ask you to confirm or verify your personal information in an unsolicited text message.
  • If you ever suspect the party contacting you is not Capital One, please tell the caller that you would prefer to contact Capital One directly and call back using the contact numbers on our site or on the back of your card.
  • We’ll never ask you over the phone to provide your online banking password.

Capital One offers various ways to move money electronically for the purpose of paying bills, making purchases and managing your accounts. Such services include, ATM/debit cards, electronic check conversion, phone transfers, online bill payment and online banking external funds transfer. When using these services, we ask that you monitor your account and alert us of any unauthorized transactions.

Types of Electronic Funds Transfers

  • ATM/debit card transactions: You may use ATM/debit cards to withdraw cash, make transfers between your Capital One accounts, deposit funds, complete point-of-sale transactions, make account inquiries, and for other banking activities. Please make your PIN memorable to you and do not share it with other parties.
  • International Transactions: Capital One employs fraud monitoring to help detect and protect against ATM/debit card fraud. The fraud monitoring process is designed to identify and investigate transactions that fall outside of your normal usage patterns. To protect your account, transactions occurring in countries where fraud is elevated may be denied. Please notify Capital One prior to international travel or purchases to prevent inquiries based upon your activity or blocked transactions.
  • Electronic check conversion: You may authorize a merchant or other payee to make a one-time electronic payment from your checking account using information from your check to: pay for purchases, or pay bills.
  • Online Banking External Funds Transfer: You may enroll in online banking to perform electronic transfers to external accounts. When you enroll, you will be provided terms and conditions that apply to electronic transfers using our online banking services. Capital One sets limitations on daily and monthly transactions for your protection.
  • Online Banking Bill Payment: Online payments include payments made from a Capital One account (including scheduled payments via our online bill pay service), any payment to certain Capital One accounts and payments in the form of funds transfers to eligible loan or line of credit accounts.

Protections Provided for Electronic Funds Transfers

  • Capital One sends monthly statements to your address on record unless you elect to go paperless. If you don't receive your statements by mail, we make an electronic version available in Online Banking. Please review your statements and verify that all the transactions shown were authorized by you.
  • In the event you think a transfer or withdrawal shown on your statement is incorrect, or if you believe an unauthorized transfer or withdrawal has taken place—including those made through your ATM/debit card, code, or other means—contact us immediately.
  • We must be notified within sixty (60) days after the first statement on which the suspected problem appeared. If you do not contact us within this sixty (60) day time period, you could be held responsible for all unauthorized transfers and withdrawals that occurred between the end of the sixty (60) day period and the time you actually notified us if those transactions could have been prevented had we been notified.
  • Contact Capital One immediately if you believe your ATM/debit card has been lost or stolen, or if you believe that an electronic fund transfer has been made without your permission. Telephoning is the best way of keeping your possible losses down. If you tell us within two (2) business days after you learn of the loss or theft, your liability could be as much as $50.00 if someone used your ATM/debit card without your permission.
  • If you do not tell us within two (2) business days after you learn of the loss or the theft of your ATM/debit card, and we can prove we could have stopped someone from using your ATM/debit card without your permission if you had told us, you could lose as much as $500.00.
  • MasterCard Zero Liability: You may have additional rights under the MasterCard rules. Provided that the PIN is not used as the cardholder verification method, you will not be responsible for unauthorized use of the Platinum Debit and Business Debit Cards if your account is in good standing, you have exercised reasonable care in safeguarding your card from any unauthorized use, and you have not reported two or more unauthorized events in the past 12 months.
  • If you have questions regarding zero liability coverage or you suspect unauthorized use of your ATM/debit card, contact us immediately.

If you receive a suspicious email, phone call, or text message from someone claiming to be Capital One, please report the incident to using the following guidelines:

Suspicious Email

What is Phishing?
Phishing occurs when a fraudster sends an email message appearing to be from a legitimate entity. The email is designed to trick users into providing personal information like credit card information, Social Security numbers, and login credentials.

How to Identify Phishing
Here are some ways to spot potential phishing emails:

  • Check the Details. Inspect the sender’s email address and hover over (do not click) any URL links included in the message. Although the email address and URL may appear to be legitimate at first glance, this information can be spoofed or direct you to an unauthorized site.
  • Beware the Scare. Scare tactics are often used to prompt victims to quickly respond to requests for personal or financial information. Email notices that threaten to close your account or impose fines or penalties should be treated as suspect.
  • Look Out for Errors. Spelling, grammatical errors, and oddly structured sentences can indicate that the email is not from a legitimate source. Furthermore, emails that use generic titles (like Mr., Mrs., Sir or Madam, etc.) instead of your legal name should be treated with caution.
  • Go to the Source. Phishing emails may use official logos and headers, so it can be hard to verify validity. If you ever question the legitimacy of an email, try going directly to that company's website rather than clicking links in emails or downloading attachments.

Reporting Phishing
If you received a suspicious email that claims to be from Capital One or misuses the Capital One brand, do not click any links contained in the message or download any attachments, and instead forward the entire email with the original subject line to

Suspicious Phone Call

What is Phone Phishing?
Phone phishing, also known as “voice phishing” or “vishing,” occurs when a fraudster calls directly and asks you to do something like provide personal information like credit card information, Social Security numbers, and login credentials.

How to Identify Phone Phishing
Many of the phishing indicators also apply to vishing attacks, such as an urgent timeline or intimidating language. You can also spot phone phishing using the following helpful hints:

  • Do Not Comply. If the caller leaves a message, you can listen to their message, but DO NOT comply with their demands.
  • When In Doubt, Call It Out. It is fairly easy to spoof the number for an incoming call. If you receive a suspicious call that is claiming to be from an actual company, call the company directly to verify whether the request is legitimate. You can also search the web for the suspicious phone number to see if it routes back to a legitimate source.

Reporting Phone Phishing

  • If you receive a suspicious phone call that claims to be from Capital One, do not provide the caller with any account information, and end the call. See our Communication Guidelines below for how you can tell if the call is legitimate.
  • Report the suspicious phone call to Be sure to include in your email the phone number that called you and the information the person was trying to acquire.
  • If you provided a caller with information related to your account and think the inquiry was suspicious, contact us using the number on the back of your credit card.

Suspicious Text Message

What is Text Message Phishing?
Text message phishing, or “SMS phishing,” occurs when a fraudster uses text messages appearing to be from a legitimate source in order to entice individuals to reveal personal information like credit card information, Social Security numbers, and login credentials.

How to Identify Text Message Phishing

  • Don’t Do Business Via Text. A legitimate business will never ask you to reveal your account number, user name, password, or full Social Security number via text message.
  • Know the Signs. Just as with email and phone phishing, be aware of urgent language, grammar or spelling errors, or unknown senders. Furthermore, be wary of clicking on shortened URL links like TinyURL or Bitly.

Reporting Text Message Phishing

  • If you receive a suspicious text message that claims to be from Capital One, do not reply to the message or click on any links within the message.
  • Instead take a screenshot of the message and send the screenshot to Be sure to include the sending phone number and the content of the message. After sending the information to Capital One, delete the text message from your mobile phone.
  • If you clicked a link and provided information related to your account, contact us using the number on the back of your credit card if you think the text was suspicious.

Please use the online Password Reset tool to reset your password. If you're coming from a mobile device, you'll need to access the Password Reset tool at our full website, (not our mobile app or mobile site).

If you’re trying to use the temporary password in the Capital One Mobile app, the Capital One WalletSM or on the mobile web browser (, it won’t work. You’ll need to sign in on one of our other apps or our desktop site.

Note: Temporary passwords expire after a period of time. Please check the email containing your temporary password to ensure it’s still valid. If your temporary password has expired, use the Password Reset tool at our full website, (not our mobile app or mobile site):

For Credit Card
1. Go to
2. Click on the Forgot Password link.

For Capital One Bank
1. Go to and select “Banking” in the sign-in menu.
2. Enter your user name and click Continue.
3. Select “Capital One Bank.”
4. Click on the Forgot Password link.

For Capital One 360
1. Go to and select “Banking” in the sign-in menu.
2. Enter your user name and click Continue.
3. Select “Capital One 360.”
4. Click on the Forgot your Password link.

For Capital One Auto Finance
1. Go to and select “Auto Loans” in the sign-in menu.
2. Enter your user name and click Continue.
3. Click on the Forgot your Password link.

For Capital One CreditWise
1. Go to
2. Click on the Forgot Password link.
3. Enter your user name and last four digits of your Social Security number.

Tools you can use

Tools you can use

Verify  your account with the Capital One app

Use your sign-in credentials and phone to ensure that only you can access your account. Find this feature in the security menu of the app.

Need fraud support? Contact us

Customer service

Servicing existing accounts and reporting a lost or stolen card

Fraud protection
International collect calls to report a lost or stolen card
Request replacement card
Request replacement card