Privacy & Security

Every year, thousands of people are the victims of identity theft and fraud. You could be targeted in a number of different ways, including over the telephone, through the Internet, and even by criminals digging through your trash. HarborOne is committed to protecting you and your information, as well as providing you with information to help you protect yourself.

View Printer-friendly Privacy Policy

Every year, thousands of people are the victims of identity theft and fraud. You could be targeted in a number of different ways, including over the telephone, through the Internet, and even by criminals digging through your trash. HarborOne is committed to protecting you and your information, as well as providing you with information to help you protect yourself.

HarborOne will NEVER ask our customers for account number/ Debit or ATM Card number or other sensitive personal information by email, telephone or any electronic method. The bank DOES NOT use an automated recorded service to ask for information of any kind. If you receive a call or text asking for any system generated code or your debit card PIN and you DID NOT complete an online transaction, use your debit card in the past 15 minutes or call the bank directly, then DO NOT PROVIDE any information and contact HarborOne's Customer Service Center at 800-244-7592 and report the suspicious activity. As your financial institution we should have this information and do not need to obtain it unsolicited. Likewise, you should never send personal information such as account or social security numbers in emails you send if you do not know the recipient. As a customer, your personal information is secure with us and we want to help you keep your personal information secure from anyone else attempting to use fraudulent methods to obtain it.

If you receive a message or a call that looks like it came from HarborOne and requests personal information, do not respond to the message. If it is an email please forward the email to along with your name and phone number, and keep the email since we may have questions about it.

Privacy Policy

Why?Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
What?The types of personal information we collect and share depend on the product or service you have with us. This information can include:
  • Social Security number and Income
  • Account Balance and Transaction History
  • Payment History and Credit Scores
How?All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons that HarborOne Bank chooses to share; and whether you can limit this sharing.
Reasons we can share your personal informationDoes HarborOne Bank share?Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes — to offer our products and services to youYesYes
For joint marketing with other financial companiesYesYes
For our affiliates’ everyday business purposes — information about your transactions and experienceYesYes
For our affiliates’ everyday business purposes — information about your creditworthinessYesYes
For our affiliates to market to youYesYes
For nonaffiliates to market to youYesYes
To limit our sharingPlease Note:
If you are a new customer, we can begin sharing your information 30 days from the date we sent this notice. When you are no longer our customer, we continue to share your information as described in this notice. However, you can contact us at any time to limit our sharing.
Questions?Call 800-244-7592 or go to any of our convenient branch locations
Who we are
Who is providing this notice?HarborOne Bank
What we do
How does HarborOne Banking protect my personal information?To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does HarborOne Banking collect my personal information?We collect your personal information, for example, when you
  • Open an account or Apply for a Loan
  • Use your debit card or Make deposits/withdrawals
  • Give us your income information
Why can't I limit all sharing?Federal law gives you the right to limit only
  • sharing for affiliates' everyday business purposes — information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you
State laws and individual companies may give you additional rights to limit sharing.
What happens when I limit sharing for an account I hold jointly with someone else?Your choice(s) will apply to everyone on your account unless you tell us otherwise.
AffiliatesCompanies related by common ownership or control. They can be financial and nonfinancial companies.
  • Our affiliates include financial companies such as our Mortgage Company.
NonaffiliatesCompanies not related by common ownership or control. They can be financial and nonfinancial companies.
  • Non-affiliates we share with include insurance companies and investment agents.
Joint marketingA formal agreement between nonaffiliated financial companies that together market financial products or services to you.
  • Our joint marketing partners include credit card companies.

View Printer-friendly Privacy Policy

Fraud & ID Theft Scams

Phishing Threats
Phishing” is the act of sending an e-mail, voicemail or a Text message to as many people as possible requesting that they give personal information (SSN, account numbers, bank numbers, etc.). The message is designed to look like it has come from or is supported by a bank or credit union. At some point, the message may even look like it was sent out by HarborOne.

Beware of Phone Scams
Individuals fraudulently claiming to represent local financial institutions will sometimes call people and ask for confidential information about their accounts. Please be assured that HarborOne will not contact you and ask you to provide us with personal, financial information over the phone, unless you personally initiate the conversation. We urge you to please carefully guard and protect your personal financial data.

Beware of Fraud E-mail and Text Messages
Many Phishing attempts are also involved in electronic communication. Many people have received an e-mail, voicemail or even a Text message to their cell phone requesting that they call, text “the Bank” with personal information (SSN, account numbers, bank numbers, etc.). The message is designed to look like it was sent from the Credit Union (or Their Financial Institution) At some point, the message may even say they are sent out by HarborOne.

HarborOne does not send E-mails, Voicemails or Text messages requesting personal information under any circumstances. If you receive a message that looks like it came from us and requests personal information, do not respond to the e-mail. Please forward the e-mail to along with your name and phone number, and keep the e-mail since we may have questions about it. As a Member, your personal information is secure with us and we want to help you keep your personal information secure from anyone else attempting to use fraudulent methods to obtain it.

Beware Online(Internet) Phishing Threats
We have discovered “phishing” activity in which users are presented a web page that requests certain personal data such as account number, social security number, ATM card, PIN and credit card information. This web page may be titled “Security Confirmation” and appears to come from within the online banking and bill pay service, but it is actually a fraudulent page caused by malicious code that has infected your personal computers.

  • Most anti-virus software providers have recently issued updated software which eliminates the malicious code. It is important that you update and run anti-virus protection software immediately to protect yourself.

As a reminder, we want to protect your identity and will NEVER ask you for your personal information online. If you ever receive a call, e-mail or unusual web page where this information is requested, DO NOT give this information out. As your credit union, it is our responsibility to protect your financial assets and safeguard the confidentiality of your personal information.

We have been advised that there are some fraudulent websites on the internet that appear similar in format to that of a financial institution. These phony websites may ask or E-mail you for confidential information such as social security number, date of birth, credit, ATM or debit card number and related personal identification number (PIN). The intent of these websites is to obtain information illegally to access customers’ accounts and personal identities.

How Not to Get Hooked by a ‘Phishing’ Scam.
Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: They go “phishing.” Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with, for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

  • If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address. In any case, don’t cut and paste the link in the message.
  • Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  • Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
  • Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to If you believe you’ve been scammed, file your complaint at, and then follow the steps under the ID Theft Resources page of this website.

ID Theft Resources

What is ID Theft?
Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make—or until you’re contacted by a debt collector.

Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.

For more detailed information about ID Theft visit the FTC website.

Protecting yourself from ID Theft
The following website is an excellent resource that can aid you to take the steps necessary to help protect against identity theft.

Victim of Identity Theft
If you are a victim of identity theft, take the following four steps as soon as possible, and keep a record with the details of your conversations and copies of all correspondence.

  1. Place a fraud alert on your credit reports, and review your credit reports.
  2. Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
  3. File a complaint with the Federal Trade Commission
  4. File a report with your local police or the police in the community where the identity theft took place.

Here are some important numbers you should know.

HarborOne Bank

Attorney General Consumer Hotline
Visit or call 617-727-8400

Federal Trade Commission Hotline
Visit or call 877-IDTheft

Office of Consumer Affairs Hotline
Visit or call 617-727-7780 or 888-283-3757

The Credit Reporting Bureaus/Fraud Departments

P.O. Box 15069
Atlanta, GA 30348

Experian (formerly TRW)
P.O. Box 9532
Allen, TX 75013

P.O. Box 679
Fullerton, CA 92634

ATM Security

Tips for Your Protection

Take proactive steps to keep your financial information secure, select from any of the following categories to review our security tips when using your HarborOne Visa Debit Card:

Reduce your risk at ATMs
ATM transactions are quick and easy, but you shouldn’t put your common sense aside as you go about your ATM business or make a purchase in a retail store. Using your Visa Debit Card is a convenient and safe way to get cash. Make sure you do it the smart way:

  • Be aware of your surroundings and listen to your gut. If the ATM is poorly lit or in a concealed location, or if you’re just not feeling comfortable, use another machine. Avoid counting cash or rummaging through personal items while standing at the ATM location.
  • Guard your PIN. Memorize it and never write it down. Cover the keypad when you enter your PIN, and if you notice suspicious activity, cancel your transaction. You should also take your receipt with you, as it may contain personal information that could be helpful to identity thieves.
  • When using a drive-through ATM, lock car doors and roll up other windows. If you walk up to the ATM, don’t leave your car running or unlocked. And never leave Debit or ATM Card in your car’s glove compartment.
  • When using an indoor ATM that requires your card for access, avoid letting unknown people in with you.
  • Report lost or stolen cards immediately, and sign your new or replacement card as soon as you receive it.
  • Find out more about common types of fraud on our Learn the Facts page. If you’ve been the victim of fraud or identity theft, get in touch with Call For Action for assistance.

What to watch for at Retail Stores
No matter how many times you’ve visited the same mall, you should still be careful when shopping at retail locations, so keep these tips in mind the next time you’re at the point of purchase.

  • Do business with companies whose reputation and integrity are already familiar to you. If you feel pressured into acting before you’re ready to buy, trust your common sense and take your time.
  • Find out the store’s return and exchange policy before you hand over your HarborOne Visa Debit Card. If you have questions that the sales staff can’t answer, consider holding off until you have all the information you need to make an informed purchase.
  • Review receipts before you sign them, save customer copies, and check these against your account statements. Notify HarborOne immediately of any errors or suspicious charges.
  • If you discover that you’ve bought damaged merchandise, contact the company immediately.

Shopping Online
Everyone knows the Internet is an amazing resource, but do you know the secrets to protecting your personal information during your web surfing? Stay in charge with these tips for keeping your card, account, and identity secure.

  • Take proactive steps to keep yourself out of harm’s way while you take advantage of the Internet’s convenience and entertainment.
  • Make sure your computer has a firewall installed and keep your browser software and anti-virus program updated.
  • When you’re done using a public computer, log off and shut down the browser program completely. This will prevent the next user from being able to hit the back button and discover your personal information.
  • When shopping online, stick to merchants that have a trustworthy reputation. Read their privacy policy (if you can’t find it, that may be a red flag) and find out what security features are in place.
  • Never respond to suspicious emails or click on links inside questionable messages. If an offer sounds too good to be true, it probably is. Get more information about email safety and learn how to spot fraudulent messages and websites.
  • Seek out safety symbols, including the padlock icon in your browser’s status bar and “s” after “http” in the URL, or the words “Secure Sockets Layer (SSL).” These are your assurance that only you and the merchant can view your payment data.
  • Craft strong passwords with more than six characters and try to mix numbers and letters. Use a new password for each site—and keep it to yourself. Never use one-click shopping on a public computer.
  • Not sure whether an online merchant is trustworthy? Be sure to check it out prior to entering any personal or financial information.
  • Activate Verified by Visa to add an extra layer of protection during online checkout.
  • Watch for Spyware
  • Spyware is software that consumers unknowingly install on their computers. Once installed, it can be used to track online usage and personal information. You can do a number of things to keep spyware off your system.
  • Keep your computer current with the latest operating system, install updates and patches, and select the highest security setting possible on your browser to prevent unauthorized downloads.
  • Download only from sites you know and trust; some free applications may be fronts for getting spyware onto your system. Take time to read the fine print too. If you can’t understand the licensing agreement, don’t download the software.
  • Enable a pop-up blocker on your browser. Don’t click any links inside a pop-up window, as they can install unwanted software. Instead, get rid of pop-ups by clicking the “X” icon on the title bar.
  • Buy anti-virus and anti-spyware software from a reputable vendor, keep it up-to-date, and use it to do regular scans of your computer.

Business Banking Security/Best Practices

Protecting your business’s financial assets is a top priority at HarborOne Bank, but we can’t do it alone. Just as you protect your business’s physical location from intruders by activating a burglar alarm at closing time, your business’s computers must be protected from cyber thieves attempting to exploit weaknesses in your computer network.

Please be aware that FDIC Insurance or Regulation E (the Electronic Funds Transfer Act) does not cover fraud losses for business customers. HarborOne Bank recommends that all business owners discuss online fraud protection with their insurance carriers to ensure they are adequately protected in the event of a loss.

The tips below provide information and security measures you can take to help protect your accounts from scams and other harmful attacks.

Harden your computer against cyber-attacks
Computers that are not appropriately protected can become an open gateway for cyber criminals to access your online account or perform malicious activity. Unfortunately, antivirus products alone are not enough to protect you from malware that can give cyber criminals control of your computers. Below are basic tips to protect the computers at your business.

Use a dedicated computer
If possible, dedicate a computer to be used ONLY for online banking purposes to mitigate against the risk of computer and user credentials being compromised. Your business’ computer information technology system should not be used for email, social media, or web browsing.

Password Protection
A unique password or token PIN is the first step of securing your online information. Select a password/PIN that is easy for you to remember but do not select birthdays, sequential numbers or street addresses. Do not share your password/PIN with anyone. Remember, HarborOne employees will never ask for your password.

Keep your operating systems, antivirus and other software up to date
Scan your computers for viruses regularly.

Fraud Awareness
Fraudsters use official-looking e-mails (Phishing) and websites to lure you into revealing confidential financial information. The phishing messages appear to be from trusted banks, retailers or other companies. Be suspicious of any e-mail with urgent requests to “verify account information.” When in doubt, call the sender directly and validate the message. If you receive a suspicious email, do not click on any links or attachments, since they could contain malware. Just delete the email.

Transaction Review
Check your account balances and transaction activity daily and promptly report any suspicious activity to your account manager or call877-997-9957 and speak to a HarborOne Customer Service Representative.
Make your computer less vulnerable to cyber thieves. Your business online account has built-in security options you can use to protect and monitor your online activity.  Don’t wait until your business is a victim of cyber fraud before you protect yourself.

Enroll and Check your Email Alerts
Reviewing email alerts immediately can protect against fraudulent activity on your account.

Review Account Activity
Review your online accounts for any transactions you did not initiate.  Early detection may prevent large losses.

Dual Control
Requiring two individuals to execute transactions can prevent fraudulent activity even if one employee’s computer is compromised.

Change your Password
Changing your password periodically reduces the chance of it being compromised.

Only use Company Computers
When accessing online business accounts, only use designated company computers that use the company network.  Non-business computers and networks are more likely to be infected with malware.
How to identify common attacks by cyber criminals.

No one wants to become a victim of cyber fraud, but if it does happen, responding to it quickly is of the utmost importance. Below are ways to help your employees identify when they may be the victim of cyber fraud, or when you should consider contacting  HarborOne for assistance. Be sure that all employees that participate in online banking are aware of these tips.

Contact customer support if you experience any of the following scenarios:

  • If you receive an email alert regarding a wire, ACH, or bill pay transaction you did not initiate
  • If you receive an email alert regarding a change of password or email address you did not create
  • If the login screen looks different or has unusual fields or prompts
  • If you see unknown transactions or balance inconsistencies on your account
  • If you receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in
  • If you log on to HarborOne online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes

Learn about your liability in the event of a cyber-attack
HarborOne provides online business banking to its business customers to add convenience for conducting financial transactions, but we cannot assume liability for fraud on business accounts as a result of malware and system vulnerabilities on our customers’ Information Technology systems.  Our business customers must ensure that adequate security controls are in place on their Information Technology systems before accessing online banking to minimize risk.

Business customers are contractually obligated to maintain the security of their computers and must monitor their accounts proactively and frequently. This means that you will be responsible for any fraudulent financial activity on your account if your business’s computers or accounts are compromised. Business customers who use their Information Technology systems to house proprietary, financial, or personnel information should employ an Information Security Professional periodically to conduct a thorough review of their systems and security controls. 

VISA® Purchase Alerts for Debit Cards

Stop fraud in its tracks with real-time text or email alerts when you pay with your HarborOne VISA® Debit Card.

Purchase alerts are available for both consumer and business debit card holders. You can choose to be alerted to any or all of the following transactions:

  • Reaching a purchase amount threshold set by the cardholder
  • Transactions made outside of the US
  • Transactions made without the card, such as telephone or web orders

Sign Up for Visa Purchase Alerts for Debit Cards

Before you go
A little bit of preparation on the front end can ensure you don’t hit any bumps when you hit the road.

  • If you plan to use your HarborOne Debit Card you should contact Customer Service at 800-244-7592 or log into your online banking account and access the "Service Center" to submit your travel plans.  Once we know of your travel plans we can notify our Card Monitoring service of your trip to ensure that your card transactions are successful.
  • Check your card Expiration date to make sure it won’t expire while you’re away.
  • Confirm your debit card limit for both Purchases and ATM withdrawals, as well as your account balance so you’ll know how much you’ll be able to charge each day.
  • Please Note that many Car Rental Agencies do not accept Debit Cards as a form of securing your Car rental.
  • As a safety precaution, note your debit card number, as well as HarborOne’s Customer Service phone numbers, and keep them in a safe place, so you won’t have to scramble in the unlikely event your card is lost or stolen. NEVER write down your PIN number.

During your trip
Don’t leave common sense behind when you’re away from home.

  • Follow our advice for traveling safely: Avoid leaving cards unattended at work, in a hotel room, recreation areas, or in a locked or unlocked vehicle.
  • Take advantage of the safe or security box provided by the hotel for your valuables.
  • Save all of your receipts for proof of purchase.
  • And, when you get home, carefully check them against your monthly statements.

Traveling Overseas?

The growing number of fraudulent ATM & Debit transactions has caused us to review locations that pose a higher fraud risk. Unless you contact us before you leave access to your HarborOne Accounts through ATM, Debit Card purchases and Online Banking access may not be available in the following countries: 

South AmericaBrazil
AsiaChina & Hong Kong
North AmericaCuba
Asia Iran
North AmericaMexico
AsiaMyanmar AKA Burma
AsiaNorth Korea
AsiaSaudi Arabia
AfricaSouth Africa

We apologize for any inconvenience this may cause, and the above list could change at any time; therefore as a reminder, Contact HarborOne before you leave and we can note your travel plans and activate the countries during your travel dates.