Security image

Security and Fraud Center

BSF is committed to protecting your information. While our privacy policies are the same whether you are online or offline, we have extra measures in place to protect your privacy when you bank online.

Protecting our clients’ information is a top priority—one that we take very seriously. As online services evolve, we work continuously to enhance our systems and processes. As there is no one solution that can ensure online security, we have developed a layered security approach with industry-leading solutions.

We have two major objectives in selecting electronic safeguards for our clients:

  • Protecting our clients' information
  • Minimizing client impact while providing multiple layers of protection wherever client transactions call for added security

Security, quite simply, protects the confidentiality of your account information and prevents theft of your financial assets.

Protecting sensitive data is critical for maintaining financial security. We are committed to protecting your privacy and providing resources to mitigate the risk of fraud.

To enhance the security and integrity of your business operations, it is advisable for business leaders to regularly perform a risk assessment and controls evaluations to protect assets and maintain a secure environment. Refer to the next dropdown for fraud prevention tips for business owners.

We encourage you to adhere to the following tips shared by the FDIC to avoid frauds and scams, as listed on the FDIC's Website:

  • Be aware of incoming email or text messages that ask you to click on a link because the link may install malware that allows thieves to spy on your computer and gain access to your information.
  • Be suspicious of any email or phone requests to update or verify your personal information because a legitimate organization would not solicit updates in an unsecured manner for information it already has.
  • Confirm a message is legitimate by contacting the sender (it is best to look up the sender’s contact information yourself instead of using contact information in the message).
  • Assume any offer that seems too good to be true, is probably a fraud.
  • Be on guard against fraudulent checks, cashier’s checks, money orders, or electronic fund transfers sent to you with requests for you to wire back part of the money.
  • Be wary of unsolicited offers that require you to act fast.
  • Check your security settings on social network sites. Make sure they block out people who you don’t want to see your page.
  • Research any “apps” before downloading and don’t assume an “app” is legitimate just because it resembles the name of your bank or other company you are familiar with.
  • Be wary of any offers that pressure you to send funds quickly by wire transfer or involve another party who insists on secrecy.
  • Beware of disaster-related financial scams. Con artists take advantage of people after catastrophic events by claiming to be from legitimate charitable organizations when, in fact, they are attempting to steal money or valuable personal information.

Protecting your business from risks, including fraud and cybersecurity attacks, is crucial for its long-term success. Below are ten essential tips that will help you assess and manage information security risks effectively:

  1. Conduct Regular Risk Assessments: Conduct regular security risk assessments to identify vulnerabilities and uncover any issues before they escalate. By creating strategies to mitigate risks, you can stay ahead of any potential problems.
  2. Promptly Notify Your Bank of Fraudulent Activities: If you detect fraud, it is critical to contact your bank immediately. Banks can provide guidance on fraud mitigation and prevention resources and may assist you with recovery efforts.
  3. Protect Sensitive Financial Information: It is critical to safeguard your systems by implementing strong password policies, only granting system access on a need-to-know basis, keeping your antivirus software updated, and securing your WiFi networks.
  4. Utilize Encryption: Always encrypt company emails and use secure information channels to convey important information.
  5. Implement Strong Internal Controls: Establishing comprehensive internal control systems can help safeguard your business assets and financial transactions. This includes requiring dual authorization for sensitive transactions and preventing unauthorized access to confidential information.
  6. Vet Employees Thoroughly: It is important to conduct comprehensive background checks on all employees to verify that the information provided by job applicants is accurate. Verifying education, employment history and checking references will minimize the risk of hiring someone with fraudulent claims on their resume.
  7. Establish a Culture of Transparency: Your organization should encourage all employees to follow the correct reporting procedures. By cultivating an atmosphere of integrity and offering training on fraud prevention, you will empower employees to report any errors quickly, leading to faster resolution.
  8. Exercise Caution with Third Parties: When working with external vendors, business associates, and third parties, always verify their legitimacy and be aware of any indications of suspected fraud or cybercrime.
  9. Back Up Your Data: Regularly backing up your data is important for preventing the loss of important information in the event of a cyberattack or other disaster.
  10. Create an Effective Incident Response Plan: Develop an incident response plan for your organization that details what actions to take should your business be affected by a cyberattack or data breach. Regularly update the plan and ensure employees are well-trained on their roles in the event of such an incident.

It is important to verify that only authorized users log in to our online banking portal. We use multi-layered security, including password verification, to ensure user authorization. We limit the number of times you can enter your password incorrectly. We monitor and record incorrect login attempts to detect suspicious activity, such as someone trying to guess your password. You play a crucial role in preventing others from logging in to your account. Never use weak passwords that are easy to guess. Examples of poorly crafted passwords are: birthdays, first names, pet names, addresses, phone numbers and social security numbers. Never reveal your password to another person. You should periodically change your password, which is an option within our online banking portal.

Our enhanced login security provides additional peace of mind when you are using BSF’s online banking portal. Enhanced login security protects against online fraud by requiring an additional authentication factor beyond your ID and password each time you log in to online banking. This additional layer of security is a browser-based secure cookie, a piece of information that is stored on your computer and is recognized by our system when you log in. We also time out an online banking session after a specified period of inactivity. This keeps others from viewing or continuing online banking activity if you leave your computer unattended. However, we recommend that you always log off from your session when you have finished your online banking activity.

In case of questions about transactions on any of your accounts, please contact your Relationship Manager, or telephone us at 415-744-6700. You can write to us at our mailing address. Please provide us with information that will assist us in researching the issue, such as name, dollar amount and description of the error or problem.

Social engineering refers to the use of deception as a way of manipulating others into performing actions or divulging confidential information for fraudulent purposes. The deception could take place via phone, email, online, postal mail or direct contact.

There are several types of social engineering, including baiting, phishing, whaling, pretexting, and scareware. Each type of attack focuses on confusing an individual through malware-infected devices, downloads, and links, or by tricking someone in order to gain access to personal or financial information.

Learn more about social engineering in this video.

Messages sent by email may not be secured, may be intercepted by third parties and may not be immediately received by the appropriate department at BSF. Please do not use email to send us communication that contains confidential information; that is required in writing; or that needs our immediate attention. Please call us instead at 415-744-6700.

The Bank will never contact you on an unsolicited basis to request any information about your accounts or your online banking credentials.

At BSF, we take the security of client information very seriously. Please contact us if you have received a suspicious email, such as a phishing email, or suspect potential unauthorized activity involving your account. Please report suspicious emails to

Several links on this website lead to external, third-party websites, not affiliated, monitored or controlled by BSF. BSF is not responsible for the content available on other internet sites. These links are provided as a convenience to users. Access to any other internet site linked from this website is at the user's own risk. The inclusion of any link does not imply a recommendation or endorsement by BSF of the linked site.

If you believe you have been a victim of identity theft, follow these steps as soon as possible:

  • Contact the three national credit bureaus (Experian, Equifax, TransUnion) and ask them to place a "fraud alert" on your credit file.
  • File a report with your local police department or FBI office.
  • Order your credit reports. Once you have placed an initial fraud alert, you are entitled to a free credit report from each of the three credit reporting companies.
  • Contact all your creditors (by phone and in writing) to inform them of the problem.
  • If mail use is suspected, notify your local postmaster.
  • Alert our bank (415-744-6700) and any other institution you bank with. Your bank(s) can watch for any unusual activity or suggest other means of protecting your account.
  • Request any Personal Identification Number (PIN) or passwords are changed.

If you believe there has been fraudulent activity on your business accounts, file a complaint with the California Attorney General's Office and the Better Business Bureau immediately.

Resources to Report Fraud