Marcus Security Center

At Marcus, we make it a priority to protect your privacy and safeguard your account information. That’s why we’ve implemented a variety of services, features and policies designed to help keep your account secure.

How Can I Protect My Marcus Account?

At Marcus, we make it a priority to protect your privacy and safeguard your account information. But your actions will also help to protect your personal information.

Manage your password

Protecting your password is one of the easiest things you can do to help secure your account. While we will ensure that your password meets minimum complexity requirements, you can make your password even stronger to further protect yourself.

Reusing the same password across multiple sites is not advisable. Note: If you use the same password across different websites or services, you are particularly susceptible to credential stuffing, the cybercrime technique where stolen account credentials are used to gain unauthorized access to a user’s other online accounts. 

Ensure your connection is secure

SSL-capable browsers will display a lock symbol that indicates you are operating in secure mode. Check your browser’s documentation for more information about what to look for. (For those wondering, SSL stands for “Secure Sockets Layer” and is used to establish an encrypted link between a browser and web server.)

  • Also check the web address to see if it appears as "https://www...." If so, that means that you have accessed a server with enhanced security features.

Marcus utilizes EV SSL (There are three levels of SSL that differ in how much identity verification is involved– if you’re curious, the EV stands for “Extended Validation”). 

Pay attention to "last logged in" date and time

Every time you log in to your Marcus account, you’ll see your account dashboard and the day and time you last logged in. If that information doesn’t look right (as in, not accurate to when you remember last logging in) call us immediately.

Clear the cache of your browser

Browsers generally cache, meaning they store some information locally on your computer. That could include images of pages that have already been downloaded in order to provide a faster, better web experience. The point of caching is to provide a speedier experience, but it can potentially leave you more vulnerable to hackers.

By clearing your cache after visiting secure sites, you reduce the risk of exposing confidential information stored locally.

Always sign out of your account

Remember to always sign out when you are finished accessing your Marcus account. If you’re going to be away from your computer for an extended period of time, be sure to sign out then as well. Signing out will end your session and you will be asked to submit your unique email address and password the next time you log in.

Closing your browser entirely can also be a good way of preventing others from accessing your information.

Be vigilant when receiving unexpected calls

Not all calls are genuine. Criminals or hackers can use a wide range of tactics to try to get information from you, including posing as your bank, a relative or another organization. They may already know a few personal details about you like your full name and address, and they could use this information to appear genuine. 

If you receive an unexpected call from someone who asks you to give them information about you or your bank account, this could be a scam. If it doesn’t seem right:

  • Ask if you can call them back. A genuine caller shouldn’t mind if you want to call them back directly.
  • Look up the phone number of the organization. Then if you can, use a different phone to call them back. Ask them if they were trying to contact you, and tell them what happened if not.

Reduce your public footprint online

Social media impersonation: Criminals are increasingly using social media to build relationships with victims and ultimately steal data. Typically, these scammers create fake accounts that appear (and claim) to be official accounts for an individual or organization. 

Social media impersonation can also refer to the takeover of real accounts. These accounts can be used for phishing activities and can cause reputational damage to an individual or company.

How Does Marcus Protect You?

Marcus uses multi-factor authentication, SSL encryption, the use of firewalls and other safeguards that are designed to protect the security of your personal and account information. On top of that, we require the use of secure browsers to access your account, we protect your account information with a unique password and our networks are monitored around the clock.

Important security measures at Marcus

Browsers that support encryption

At Marcus, we require you to use a secure browser to access your account information. Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Google Chrome are all browsers that support encryption.

Unique Email Address and Password

To access your account information, you must provide a unique email address and a password to log in. Your password is not displayed when entered (i.e., the password does not appear in clear text on your screen when you enter it).


Firewalls and monitoring systems are used to help protect Marcus systems and proprietary networks from any unauthorized Internet traffic. 

Encrypted Network

After you have entered your information, Marcus uses an encrypted network to transport data between our systems. We use security monitoring devices 24 hours a day, 7 days a week to offer you peace of mind.

Multi-factor Authentication

Marcus uses multi-factor authentication to help us authenticate you. It’s an additional layer of security to help protect your account from unauthorized access. 

EV SSL Certificate (Extended Validation SSL)

EV SSL combines SSL with an Extended Validation, a stringent identity verification process performed by a third-party Certificate Authority. (SSL is what creates an encrypted link between a web server and browser. There are three types of SSL and of the three EV SSL provides the highest level of protection).  

You can verify that you are connected to the real Marcus website by observing the padlock icon. While the specific display of the padlock varies slightly between different browsers, all browsers supported by the Marcus website display EV SSL.

You can view details of the certificate, indicating that Goldman Sachs Bank USA has been verified as a registered business in New York, NY. The details of the certificate also provide information about the Certificate Authority that performed the Extended Validation and created the certificate.

If you connect to the Marcus website, but do not observe the green shading or the certificate details, please call us immediately for more information or assistance:

  • For Deposits and Insights customers, call 1-855-730-SAVE (7283)
  • For Loans customers, call 1-844-MARCUS2 (627-2872)


For a brief overview, check out the tips below for some convenient ways to increase your cybersecurity know-how and help you stay protected. (And if you want a deeper dive on cybersecurity, you can check out our informative guide here.)

Tip #1: Avoid pop-ups, unfamiliar links and emails from unknown and suspicious senders 

  • While surfing the web, you might have received a pop-up with a sale offer that seems too good to be true – it could be a phisher.
  • Phishers masquerade as trustworthy sources like your favorite clothing brand and might even present offers that seem too good to be true so you click on it (all in order to convince you to hand over sensitive information).
  • Phishing scams often use text messages, emails and even phone calls to pose as a reputable source and ask for personal details, such as your Social Security Number, account numbers and passwords. They can then potentially access your bank accounts, email and other sensitive information.

Tip #2: Keep your software up to date

  • If you don’t already use anti-virus software, getting it can add a helpful layer of protection, for both your desktop and mobile devices. Anti-virus software works to prevent and remove malware on your computer. 
  • However, anti-virus software doesn’t guarantee you’re safe from all cybersecurity risks. It should be viewed as an additional step to protect your information, rather than a cure-all.
  • Firewall software, which adds another layer of security, is typically included with most operating systems, so you just need to be sure to enable it.
  • Before installing Anti-virus software, especially free products, make sure to check the vendor. Malicious actors often create free products in order to get you to unknowingly install malware on your device.

Tip #3: Keep your own Wi-Fi network secure

  • To help protect your home network, change your router name from the default to something only you know. If it is configurable, be sure to change your router’s pre-set password too.
  • Use long, complex passwords with a mix of upper and lower case letters, numbers and symbols.


Phishing is a cybercrime where someone poses as a legitimate source to get you to reveal sensitive information. How do they do this? Phishers will typically send you an email, text message or call you, looking for personal info such as your name, date of birth and Social Security Number. They also may try and “phish” for financial data by asking you for credit card numbers and bank account information. (You can check out more information on phishing here.)

Common phishing tactics

One typical phishing scam: Phishers might call you pretending to be your bank and ask you to verify (read: give them) your account credentials or one-time PIN information. Once they have it, the phisher can call your bank’s customer center pretending to be you. Armed with your personal information, they could potentially access your accounts.

Phishers might also create fake email addresses that look like the name of your bank and send you emails requesting information or verification of your account credentials. And if you give it to them, they can then use this information to either hack your accounts or impersonate you, even to your own bank. 

Help protect yourself from phishers with these 7 tips

Tip #1: Verify that the sender’s name matches the sender’s email address 

Before you open emails or click on any links, carefully check that the email address matches the sender’s name before you open the email. It’s also a good idea to check the email address’ spelling to ensure it matches the business name – if it’s from a phisher, the name might be off by just a letter or two in the hopes you’ll breeze right past, so pay close attention.

Tip #2: Avoid pop-ups, unfamiliar links and emails from unknown senders 

Common messages you might receive from a phisher include emails or texts saying there’s been suspicious activity on one of your accounts and asking you to verify your account info. These messages may also include links to make payments, say you’re eligible for a government refund or even offer promotions for free things.

A smart way to protect yourself against phishers is to not enter your personal information in any window, pop-up box or email that you have not opened or initiated yourself. 

If you receive suspicious emails you don’t recognize, delete them or send them to spam. Don’t open or click to further investigate.

Tip #3: Immediately contact your mobile operator if you suddenly lose service on your cell phone

It could be a sign that you’re a victim of sim swapping – a type of cyberattack where fraudsters hijack your cell phone number and potentially gain access to your data and personal accounts.

Tip #4: Sign up for transaction alerts on your accounts

Enabling transaction alerts means you’ll be notified each time a transaction occurs on any of your financial accounts, allowing you to quickly take action if the activity is fraudulent. 

Did you Know?

If you receive an unsolicited call from Marcus and you have concerns about the call, we encourage you to call us back using a number from our contact page, so you can be sure you’re speaking with Marcus.

If a suspicious email claims to be from Marcus forward it to [email protected].

Tip #5: Regularly monitor your financial statements

Keeping a close eye on your bank and credit card statements is another way to spot fraudulent activity and take action as soon as possible. 

Tip #6: Reduce your online footprint

Social media impersonation: Criminals are increasingly using social media to build relationships with victims and ultimately steal data. Typically, these scammers create fake accounts that appear (and claim) to be official accounts for an individual or organization. 

Social media impersonation can also refer to the takeover of real accounts. These accounts can be used for phishing activities and can cause reputational damage to an individual or company.

In general, be cautious with any information you post online. That can include things like “checking in” to businesses you frequent, and “liking” local companies/musical artists/etc. on social media platforms. All of that information could potentially be used by scammers in order to impersonate you on social media to friends and family. 

Tip #7: Don’t give someone remote access to your device(s) 

Phishers may contact you posing as a government agency or “tech support” and request remote access to your devices. They might say you’re entitled to some kind of payment or have a computer virus, and the remote access will let them assist you. While that could sound legitimate, don’t give anyone remote access to your devices unless you have confirmed they are who they say they are.

Identity Theft

Identity theft is a crime in which someone wrongfully obtains access to your personal information and uses it to commit any sort of fraud or deception, usually for economic gain.

An identity thief can use your stolen identity to open credit cards, file taxes and even get medical services – all in your name. 

While the tips ahead aren’t comprehensive, they can be a good starting point if you’re concerned about identity theft. 

Tips to help protect yourself from identity theft

Tip #1: Regularly monitor your credit reports

Checking your credit reports will also help you spot any unauthorized financial transactions or see if any new lines of credit have been opened in your name. The earlier you spot suspicious activity, the quicker you can work to resolve and (hopefully) keep any damage to a minimum.

Bonus tip: You’re entitled to one free copy of your credit report every year from the major credit reporting bureaus, including Experian, TransUnion and Equifax. 

Tip #2: Review your financial statements on a regular basis

If you notice any unauthorized transactions, contact your bank/provider immediately and report the fraudulent activity.

Tip #3: Keep your Social Security Number secure

Don’t carry your Social Security card around with you and be careful any time you share your SSN.

Tip #4: Collect your mail every day

If you’re going on vacation or will be away from your home for an extended period for any reason, be sure to place a hold on your mail delivery. If you don’t, criminals could potentially steal mail that gets delivered, and if that stolen mail includes any kind of sensitive information (like personal data or account details) they could use that information to steal your identity and order new credit cards in your name.

What you can do if you think you’re the victim of stolen identity

We’ve covered some of the preventative measures you can take to possibly reduce the risk of stolen identity. Now let’s go over the steps you can take if your identity has been stolen. Hopefully you won’t find yourself in this situation, but in case you do, it’s good to be prepared.

Step 1: Review your credit report

If you think you might’ve been the victim of identity thief, carefully review your credit report. If you see any accounts or transactions that you don’t recognize, get in touch with the respective credit bureau immediately.

Step 2: Dispute inaccurate information you find on your credit report

While the process might differ depending on the credit bureau, you can usually file a dispute/investigation request online. The credit bureau will then contact the creditor for verification, or they might just change the information directly if it doesn’t require verification.

If the creditor provides verification, the credit bureau will remove or revise the incorrect information. Disputes are usually resolved within 30 days.

Step 3: File a police report

If you believe your identity has been stolen, you may want to file a police report, as you would with any type of theft. You also might want to reach out to your creditors and bank to make them aware of the situation.

Step 4: Protect your credit

Even though it might feel a little like closing the stable door after the horse has bolted, you’ll still want to take steps to protect your credit after having your identity stolen. You can refer to the earlier section on how to protect yourself, but you’ll probably want to freeze your credit to help prevent any more damage. (You’ll have to freeze your credit with each credit bureau individually).