Skip to Main Content

Online Banking

Over the past decade, the threat and impact from cybercrime continues to rise. Scams and hacking techniques are more sophisticated, new threats are continually being developed and organized crime groups both in the United States and internationally have become a major force in expanding online fraud and theft. To help combat this, the Federal Financial Institutions Examination Council (FFIEC) has issued supervisory guidance designed to help make online transactions more secure in response to a growing online threat environment.

At Byline, we’re committed to ensuring that our online financial solutions have built-in security features which are continually enhanced to respond to evolving and emerging digital threats.

Important information for users of our online services.

Byline Bank and your login credentials

As good neighbors, we care about protecting your privacy and data. So we want to make sure you know that we’ll never call, email or contact you to request your online banking information, such as your:

  • Access ID
  • Password
  • Other logon credentials

If you receive such a request, do not provide any information over the phone or via email. Instead, contact us immediately at (773) 244-7000 to report the incident.  If you notice any suspicious activity on your account(s) or have received a suspicious call, email, letter or other similar contact regarding your relationship to Byline Bank, please call Byline or contact your local branch for assistance immediately.


Protect yourself by controlling online banking risks.

Password Security Tips

  • Protect your account: Don’t share your user ID or password with anyone. Make sure you safeguard your user ID and password information, and never leave it written down in an unsecured location.
  • Change it up: Create a unique user ID and password for each site that you visit. Don’t use the same identifying information on multiple websites. In the case that one website were to be breached, it will make it harder for hackers to access your data. This also prevents you from having to update all of your credentials if one site is compromised.
  • Strength in numbers (and characters): Create strong passwords that contain a mix of uppercase letters, lowercase letters, numbers and special characters ([email protected]#$%^&*). The longer the password the more secure your account and data will be.
  • Change is good: Many websites force password changes every 30 or 60 days. If a website doesn’t do so, take the initiative and change your password on a regular basis.

Website Security Tips

  • Monitor your account activity. Log in and view your online account activity on a regular basis and review periodic account statements to make sure they’re accurate, on a monthly or quarterly basis.
  • Make sure you always log off from a website—don’t just close the page or “X” out.
  • Secure websites have a web address that includes an “s” (https rather than http). If this is lacking, the site is not genuine. Don’t log in or conduct business on sites that may not be secure.

Computer/Network Security Tips

  • Use your computer’s security monitoring software that includes anti-virus, anti-malware and firewall functions, and take advantage of security features like individual login accounts, when possible.
  • Keep your computer’s system security up to date by applying patches and updates whenever they become available.
  • Always enable passwords on your computer, wireless router or any other physical or wireless system.
Fraud prevention online

Additional Information for Business Users of Online Services

Because businesses frequently have more account transactions, with higher dollar values, the FFIEC recognizes these as riskier transactions, and has identified a steep rise in online account takeovers and unauthorized online fund transfers related to business accounts in the last five years.

Recently, small to medium-sized businesses have been primary targets as cybercriminals have recognized that the security controls they have in place are not as robust as that of larger businesses. Analysis indicates enhanced controls over administrative access and functions related to business accounts and layered security using multiple and independent controls would help to reduce these types of crime.

FFIEC Guidance on Enhanced Controls for Businesses:

  • Business customers should be encouraged to periodically perform a self-identified risk assessment to evaluate the effectiveness of the controls they have in place to minimize the risks of online transaction processing.
  • The password, website, computer and network tips above provide a starting point for this process and the web resource links provide additional detailed information.
  • Business customers should understand the security features of the software and websites they utilize and take advantage of these features. Segregation of duties—the process of separating duties so no one person can perform all steps of a transaction—is an example of a very important security feature.
  • Layered security options that may be available to business customers doing online transactions include transaction thresholds, out-of-band verification (such as telephone or email verifications), fraud detection and monitoring systems, and IP reputation–based services.

Phishing and Social Engineering

The term “phishing”—as in fishing for confidential information—is a scam that encompasses fraudulently obtaining and using an individual’s personal or financial information. Bank accounts can be the target of thieves and fraudsters. Please be aware of common email phishing scams where the message appears to come from known and trusted sources, such as the Federal Deposit Insurance Corporation, the Internal Revenue Service, or the National Automated Clearing House Association (the ACH payment network). Some red flags that can help you to quickly identify a potential email phishing scam are:

  1. Unusual greeting: A phishing email may not refer to the email recipient by name or it may refer to them in a nonsensical manner such as “Client(s)”.
  2. Sense of urgency: An email that claims an urgent need to communicate with you for your own security, or a request to verify payment information immediately, using  compelling language that urges the recipient to take action.
  3. Random generation of numbers: A phishing email may contain a random sequence of numbers, such as “ACH Payment #38350555 canceled,” that can also be inserted into the subject line or text of the email to make it appear as though it is a specific transaction ID or payment amount. That random number can also be inserted into the file name of the pdf.exe file or file, creating a sense of uniqueness and legitimacy.
  4. Strange or unfamiliar links: The links may look official, but when the mouse cursor rolls over the link the link source code points to a completely different website which may contain malware as a pdf executable file or pdf zip. Never open attachments, click on links, or respond to emails from suspicious or unknown senders.
  5. Fraudulent use of legitimate business logo, website, address, phone: Fraudsters often insert actual identification references to a business into their phishing emails to make them appear legitimate.

Please be aware that bank accounts are at a heightened risk of such scams, and be sure to protect yourself by first trying to recognize fake messages, and by installing up-to-date virus protection software on your business computers. If in doubt, do not click on links presented in any message you think is suspicious, rather attempt to authenticate any requests via trusted communications channels such as calling a company representative.

At Byline, we take great care in safeguarding your personal and financial information. To better protect you, remember that we’ll never send an email requesting your information or asking you to verify a request or transaction.

Please contact us if you have any questions or concerns.

man working at laptop

Fraud and Identity Theft

Identity theft continues to be one of the fastest-growing crimes in the United States and has ranked as one of the top consumer concerns for the past several years.

These crimes continue to evolve and become increasingly complicated, which make it harder for consumers to protect themselves—and easier for criminals to sell confidential personal information on the internet.

If you suspect that your personal information has been compromised, you should:

  • Contact the fraud department at one of the three major credit bureaus and ask that a fraud alert be placed in their file at all three companies;
    • Equifax –
      P.O. Box 740241, Atlanta, GA 30374-0241
    • Experian –
      P.O. Box 2104, Allen, TX 75013-0949
      1-888-EXPERIAN (397-3742)
    • TransUnion –
      P.O. Box 1000, Chester, PA 19022
  • Review your credit reports, annually, to look for inconsistencies or red flags such as accounts you didn’t open, debts you can’t explain or inquiries from companies you haven’t contacted.
  • Contact the companies where the fraudulent activity occurred, and follow up any telephone calls in writing. File a police report with local police or the police department in the community where the crime took place, keep a copy of the report and file a complaint with the Federal Trade Commission.

ATM Safety Tips

Although crimes committed at or near ATMs remain low, you should always use common sense to better protect yourself when using an ATM.

Look around the area first

Before using an ATM, survey the location. Avoid ATMs located in dark areas, that have obstructions blocking your view or the view of the public, or are in the vicinity of anyone or anything suspicious. If you’re already making a transaction and something suspicious happens, stop the transaction and leave the area.

Allow authorized entry only

If you use an ATM in a locked foyer or vestibule make sure the door closes and locks before you start your transaction. Don’t hold the door open for the person waiting behind you. Each person should have their own card to gain entry.

Drive-up safety

At the drive-up ATM, always be alert to the area around you. Keep your doors locked and the engine running. Open your window only when you are ready to make the transaction. If something or someone in the area looks suspicious, don’t stop at the ATM. If you have already started the transaction, stop it and drive away.

Minimize your time at the ATM

Be prepared to start your transaction when you approach the ATM. Use caution when counting your money. When you are finished, put your receipt, card and money away as soon as possible.

Know what to do

If you’re followed after leaving an ATM, go quickly to a well populated, well-lit area. Report the incident to the police as soon as possible.

Your personal identification number (PIN) is confidential

Your PIN is confidential. Memorize it because your ATM/debit card cannot function without it. Your PIN prevents anyone else from using your card. Don’t write your PIN on your card or store it with your card. Avoid using your birth date or Social Security number as your PIN. Never give your PIN to anyone. Stand directly in front of the ATM keyboard or number pad to block the view of others standing nearby when you are using your card at the ATM.

Report missing cards at once

Although your ATM/debit card can be used only with the correct PIN, you should report a lost or stolen card to your financial institution at once.

Save your receipts

Check your receipts against your monthly statement to reduce the chance of transaction fraud. Report any unauthorized transactions or irregularities to your financial institution.

By following these safety tips, you can help protect your personal safety and privacy every time you use an ATM to make a financial transaction.

FDIC Overdraft Education

See here for Your Guide to Preventing and Managing Overdraft Fees.