At Marcus, we make it a priority to protect your privacy and safeguard your account information. That’s why we’ve implemented a variety of services, features and policies designed to help keep your account secure.
At Marcus, we make it a priority to protect your privacy and safeguard your account information. But your actions will also help to protect your personal information.
Protecting your password is one of the easiest things you can do to help secure your account. While we will ensure that your password meets minimum complexity requirements, you can make your password even stronger to further protect yourself.
Reusing the same password across multiple sites is not advisable. Note: If you use the same password across different websites or services, you are particularly susceptible to credential stuffing, the cybercrime technique where stolen account credentials are used to gain unauthorized access to a user’s other online accounts.
SSL-capable browsers will display a lock symbol that indicates you are operating in secure mode. Check your browser’s documentation for more information about what to look for. (For those wondering, SSL stands for “Secure Sockets Layer” and is used to establish an encrypted link between a browser and web server.)
Marcus utilizes EV SSL (There are three levels of SSL that differ in how much identity verification is involved– if you’re curious, the EV stands for “Extended Validation”).
Every time you log in to your Marcus account, you’ll see your account dashboard and the day and time you last logged in. If that information doesn’t look right (as in, not accurate to when you remember last logging in) call us immediately.
Browsers generally cache, meaning they store some information locally on your computer. That could include images of pages that have already been downloaded in order to provide a faster, better web experience. The point of caching is to provide a speedier experience, but it can potentially leave you more vulnerable to hackers.
By clearing your cache after visiting secure sites, you reduce the risk of exposing confidential information stored locally.
Remember to always sign out when you are finished accessing your Marcus account. If you’re going to be away from your computer for an extended period of time, be sure to sign out then as well. Signing out will end your session and you will be asked to submit your unique email address and password the next time you log in.
Closing your browser entirely can also be a good way of preventing others from accessing your information.
Not all calls are genuine. Criminals or hackers can use a wide range of tactics to try to get information from you, including posing as your bank, a relative or another organization. They may already know a few personal details about you like your full name and address, and they could use this information to appear genuine.
If you receive an unexpected call from someone who asks you to give them information about you or your bank account, this could be a scam. If it doesn’t seem right:
Social media impersonation: Criminals are increasingly using social media to build relationships with victims and ultimately steal data. Typically, these scammers create fake accounts that appear (and claim) to be official accounts for an individual or organization.
Social media impersonation can also refer to the takeover of real accounts. These accounts can be used for phishing activities and can cause reputational damage to an individual or company.
Marcus uses multi-factor authentication, SSL encryption, the use of firewalls and other safeguards that are designed to protect the security of your personal and account information. On top of that, we require the use of secure browsers to access your account, we protect your account information with a unique password and our networks are monitored around the clock.
At Marcus, we require you to use a secure browser to access your account information. Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Google Chrome are all browsers that support encryption.
To access your account information, you must provide a unique email address and a password to log in. Your password is not displayed when entered (i.e., the password does not appear in clear text on your screen when you enter it).
Firewalls and monitoring systems are used to help protect Marcus systems and proprietary networks from any unauthorized Internet traffic.
After you have entered your information, Marcus uses an encrypted network to transport data between our systems. We use security monitoring devices 24 hours a day, 7 days a week to offer you peace of mind.
Marcus uses multi-factor authentication to help us authenticate you. It’s an additional layer of security to help protect your account from unauthorized access.
EV SSL combines SSL with an Extended Validation, a stringent identity verification process performed by a third-party Certificate Authority. (SSL is what creates an encrypted link between a web server and browser. There are three types of SSL and of the three EV SSL provides the highest level of protection).
You can verify that you are connected to the real Marcus website by observing the padlock icon. While the specific display of the padlock varies slightly between different browsers, all browsers supported by the Marcus website display EV SSL.
You can view details of the certificate, indicating that Goldman Sachs Bank USA has been verified as a registered business in New York, NY. The details of the certificate also provide information about the Certificate Authority that performed the Extended Validation and created the certificate.
If you connect to the Marcus website, but do not observe the green shading or the certificate details, please call us immediately for more information or assistance:
For a brief overview, check out the tips below for some convenient ways to increase your cybersecurity know-how and help you stay protected. (And if you want a deeper dive on cybersecurity, you can check out our informative guide here.)
Phishing is a cybercrime where someone poses as a legitimate source to get you to reveal sensitive information. How do they do this? Phishers will typically send you an email, text message or call you, looking for personal info such as your name, date of birth and Social Security Number. They also may try and “phish” for financial data by asking you for credit card numbers and bank account information. (You can check out more information on phishing here.)
One typical phishing scam: Phishers might call you pretending to be your bank and ask you to verify (read: give them) your account credentials or one-time PIN information. Once they have it, the phisher can call your bank’s customer center pretending to be you. Armed with your personal information, they could potentially access your accounts.
Phishers might also create fake email addresses that look like the name of your bank and send you emails requesting information or verification of your account credentials. And if you give it to them, they can then use this information to either hack your accounts or impersonate you, even to your own bank.
Before you open emails or click on any links, carefully check that the email address matches the sender’s name before you open the email. It’s also a good idea to check the email address’ spelling to ensure it matches the business name – if it’s from a phisher, the name might be off by just a letter or two in the hopes you’ll breeze right past, so pay close attention.
Common messages you might receive from a phisher include emails or texts saying there’s been suspicious activity on one of your accounts and asking you to verify your account info. These messages may also include links to make payments, say you’re eligible for a government refund or even offer promotions for free things.
A smart way to protect yourself against phishers is to not enter your personal information in any window, pop-up box or email that you have not opened or initiated yourself.
If you receive suspicious emails you don’t recognize, delete them or send them to spam. Don’t open or click to further investigate.
It could be a sign that you’re a victim of sim swapping – a type of cyberattack where fraudsters hijack your cell phone number and potentially gain access to your data and personal accounts.
Enabling transaction alerts means you’ll be notified each time a transaction occurs on any of your financial accounts, allowing you to quickly take action if the activity is fraudulent.
If you receive an unsolicited call from Marcus and you have concerns about the call, we encourage you to call us back using a number from our contact page, so you can be sure you’re speaking with Marcus.
If a suspicious email claims to be from Marcus forward it to [email protected].
Keeping a close eye on your bank and credit card statements is another way to spot fraudulent activity and take action as soon as possible.
Social media impersonation: Criminals are increasingly using social media to build relationships with victims and ultimately steal data. Typically, these scammers create fake accounts that appear (and claim) to be official accounts for an individual or organization.
Social media impersonation can also refer to the takeover of real accounts. These accounts can be used for phishing activities and can cause reputational damage to an individual or company.
In general, be cautious with any information you post online. That can include things like “checking in” to businesses you frequent, and “liking” local companies/musical artists/etc. on social media platforms. All of that information could potentially be used by scammers in order to impersonate you on social media to friends and family.
Phishers may contact you posing as a government agency or “tech support” and request remote access to your devices. They might say you’re entitled to some kind of payment or have a computer virus, and the remote access will let them assist you. While that could sound legitimate, don’t give anyone remote access to your devices unless you have confirmed they are who they say they are.
Identity theft is a crime in which someone wrongfully obtains access to your personal information and uses it to commit any sort of fraud or deception, usually for economic gain.
An identity thief can use your stolen identity to open credit cards, file taxes and even get medical services – all in your name.
While the tips ahead aren’t comprehensive, they can be a good starting point if you’re concerned about identity theft.
Checking your credit reports will also help you spot any unauthorized financial transactions or see if any new lines of credit have been opened in your name. The earlier you spot suspicious activity, the quicker you can work to resolve and (hopefully) keep any damage to a minimum.
Bonus tip: You’re entitled to one free copy of your credit report every year from the major credit reporting bureaus, including Experian, TransUnion and Equifax.
If you notice any unauthorized transactions, contact your bank/provider immediately and report the fraudulent activity.
Don’t carry your Social Security card around with you and be careful any time you share your SSN.
If you’re going on vacation or will be away from your home for an extended period for any reason, be sure to place a hold on your mail delivery. If you don’t, criminals could potentially steal mail that gets delivered, and if that stolen mail includes any kind of sensitive information (like personal data or account details) they could use that information to steal your identity and order new credit cards in your name.
We’ve covered some of the preventative measures you can take to possibly reduce the risk of stolen identity. Now let’s go over the steps you can take if your identity has been stolen. Hopefully you won’t find yourself in this situation, but in case you do, it’s good to be prepared.
If you think you might’ve been the victim of identity thief, carefully review your credit report. If you see any accounts or transactions that you don’t recognize, get in touch with the respective credit bureau immediately.
While the process might differ depending on the credit bureau, you can usually file a dispute/investigation request online. The credit bureau will then contact the creditor for verification, or they might just change the information directly if it doesn’t require verification.
If the creditor provides verification, the credit bureau will remove or revise the incorrect information. Disputes are usually resolved within 30 days.
If you believe your identity has been stolen, you may want to file a police report, as you would with any type of theft. You also might want to reach out to your creditors and bank to make them aware of the situation.
Even though it might feel a little like closing the stable door after the horse has bolted, you’ll still want to take steps to protect your credit after having your identity stolen. You can refer to the earlier section on how to protect yourself, but you’ll probably want to freeze your credit to help prevent any more damage. (You’ll have to freeze your credit with each credit bureau individually).