We use the following methods to help keep your online transactions and personal information safe and secure.

Username and password requirements

To help prevent unauthorized access, we prompt you to create a unique username and password when you first access your account. A password is a string of characters used to access information or a computer. Passwords help prevent unauthorized people from accessing files, programs, and other resources. When you create a password you should make it strong, which means it should be difficult to guess or crack. See below for hints in creating a password that would be difficult to crack.

A Strong Password

• Minimum of eight characters long
• Includes numbers, symbols, upper-case and lower-case letters
• Does not contain your username, real name or company name
• Does not contain a dictionary word
• Is significantly different from the previous passwords

 

Image verification during login

Before you enter your online password, we ask that you verify your personalized security image. This image would be one that you selected during the creation of your web account. Once the image you have selected is displayed, you can be confident that you are accessing our website, as opposed to a fake site that may be attempting to "phish" for your personal information. If you ever log in and do not see the image you've selected or the image is incorrect, STOP, do not input your password. Please immediately report this to your plan's customer service team.

Note that for some sites where there exists a partner relationship, some users may seamlessly sign into their financial institution's website without seeing a security image. This occurs because of an industry standard technology called federated authentication which exists between your financial institution and us. When you securely log into your financial institution's site and wish to then view your 529 plan account, you will seamlessly and securely be transitioned to our website. Users should familiarize themselves with their financial institution's security and login process to be more able to effectively identify when the process behaves differently than expected.

Security Questions
If you forget your password, answering the security questions you selected when creating your account will allow you to reset your password online. The security questions are designed to be personal to you. The answers should also be easy for you to remember but hard for others to guess. We highly recommend that you do not use questions that may be answered by someone viewing your social media profiles or other information that may be publically available.

Customer verification
Whether you visit us online, or by phone, we always verify your identity before granting access to your accounts.

Strong encryption
Transport Layer Security (TLS) technology is used to establish an encrypted connection between your browser and our Web applications. TLS websites start with "https://" instead of "http://" and signify that you are in a secure online session with us. For your protection, we require a modern version of TLS and industry standard encryption strength - these are supported by current versions of all modern browsers.

Systems surveillance
We're on the lookout for suspicious irregularities across our network and infrastructure every day, all day.

Firewalls
Firewalls are protective barriers that defend our networks and computer systems from hackers and cyber- attackers trying to gain access into our systems. We use some of the strongest firewalls available in the industry to guard the information housed in our servers.

Logging
System activity is logged in order to preserve the information necessary to validate the transmission of data or the completion of a transaction.

Fraud detection
We monitor transactions for suspicious and unusual behavior to help verify that they are authentic and legitimate.

Restricted access to data
We limit access to systems containing customer data to only those employees who need it to conduct business or support key business functions. Access is continually monitored and only granted to new associates as their role may require.

Employee education
We make sure that our employees know and adhere to our security policies. We require all associates to participate in ongoing security training, including how to handle sensitive data and to be aware of security risks.

Regularly refine and update security features
We review industry security standards and perform system testing on an ongoing basis to help identify and implement the most up-to-date techniques and technologies, and verify that our systems are performing as expected.