Security | American Funds

  • Forms & Literature
  • CLIENT ACCOUNTS
  • INVESTMENTS
  • PRODUCTS & SOLUTIONS
  • INSIGHTS
  • TOOLS & PRACTICE MANAGEMENT
  • SERVICE CENTER

Security

The security of your clients’ personal information is critically important to us. That’s why we have a robust security program and infrastructure, including a team of cybersecurity and risk management professionals, to help monitor and protect your clients’ personal information 24/7.
We review each report of unauthorized access thoroughly, and file appropriate notices with law enforcement agencies. See Report Fraud or Suspicious Email for more information.

What We Do

We use a variety of controls to detect and prevent unauthorized access to our network and sensitive information. Our cybersecurity response program fulfills the requirements of federal and state laws and includes appropriate notifications to investors and advisors when warranted.

Our security program also features safeguards for your clients’ accounts. To help keep their information safe, we:

  • Regularly refine and update security features. We review industry security standards and perform system testing on an ongoing basis to help identify and implement the most up-to-date techniques and technologies, and verify that our system is performing as expected.

  • Actively monitor threats. We communicate with financial industry security groups and government agencies to monitor the threat landscape for emerging and active threats.

  • Educate employees. American Funds associates receive ongoing security training, including how to handle sensitive data and be aware of security risks.

  • Offer image verification during login. Before your clients enter their online password, we ask that they verify their personalized security image. That way they can be confident that they’re accessing our website, as opposed to a fake site that may be attempting to “phish” for their personal information.

  • Challenge questionable website access. If we’re uncertain about a login attempt on a client’s account, we’ll challenge the user to answer security questions in addition to requiring the client’s password.

  • Display last login information. The date and time of a client’s most recent login will display in their account information.

  • Mask confidential information. Your clients will see asterisks or similar symbols in login fields and in place of their Social Security number. We’ll never mail passwords or answers to security questions.

  • Enforce website timeouts. Online sessions will automatically time out after 20 minutes of inactivity.

  • Use encryption to secure your data. We use industry standard security protocols that leverage encryption to create a secure online environment. The green bar in the browser helps identify that you are on the official American Funds website.

How Your Clients Can Help

Security is a joint effort. Share these steps and best practices with your clients to help them protect their sensitive information.

You can provide them our Account Security Checklist (PDF).

Encourage Clients to Establish Online Access With These Guidelines

  1. Customize passwords and do not share them. Your clients are responsible for protecting your account information. They shouldn’t share usernames, account numbers, passwords and answers to security questions; this information could be used to access accounts inappropriately. They should also be wary of unsolicited requests for personal information online, by email or by phone. Inquiries may seem innocent, but they could be part of a complex fraudulent scheme. American Funds will never ask for a password in an email.

    Create smart passwords and usernames. Your clients should make their passwords and usernames hard for others to guess by using a combination of letters, numbers and symbols that are meaningful only to them. They should avoid using the same password and username for multiple websites, particularly financial websites, and be sure to change their passwords often.

  2. Sign up for e-delivery. Clients who sign up to turn off paper delivery of transaction confirmations, quarterly statements and tax forms are notified by email as soon as their documents are available to access online through secure account login. Current and historical quarterly statements and tax forms will always be accessible in the same location on their Statements and Tax Forms web page. We recommend that clients take advantage of e-delivery from all of their financial institutions that offer this service.
    Learn more

  3. Keep email addresses up to date. If clients have registered their accounts online, sending them an email is the fastest way for us to notify them if changes to their personal information (Security Notification) or certain transactions are initiated online (Account Activity Notifications). We will let them know immediately when the change is initiated and again when the change is processed.

Be Observant

  • Promptly review confirmations and statements. If your clients spot unauthorized activity on their American Funds transaction confirmations, quarterly statements or email notifications, they should contact us immediately.
  • Think before clicking. Your clients should be cautious about clicking on links, especially in emails, and be sure links go to a trusted website. It’s useful to get in the habit of hovering over links to see the underlying Web address. If your clients are unsure about a link, they can go to the firm’s website by typing the correct address in their Web browser.
  • Pay attention to time stamps. Your clients should look for the “last login” date/time stamp when they log in to americanfunds.com and other sites that provide such a stamp. If the stamp doesn’t correspond to their most recent visit, they should follow up.
  • Sign up for a credit-reporting service. Your clients should stay on top of who’s requesting access to their information — and why.

Keep Computers Secure

  • Keep their operating system and software current. When possible, your clients should use the latest operating systems available for their computers and devices. Also, your clients should be diligent about responding to software updates to help ensure the highest level of security for their devices.
  • Activate security features. These include pop-up blockers and other features provided in the range of products your clients use.
  • Use antivirus software. Your clients should consider installing antivirus software designed to detect and remove malicious software (malware) from their computers. Your clients should keep their software up to date to help protect their computers from the latest viruses and malware.
  • Set up a firewall. Your clients should make sure their personal computers and home networks are properly protected from malware. They should check to see that firewalls have been properly installed — or enabled if they came bundled with their operating systems.

Avoid Public Computers and Wi-Fi

  • Skip the use of public computers. Clients should access financial and other sensitive personal information online using known devices, such as their personal computers, with the necessary protections and security features in place.
  • Be wireless-wise. Your clients should not use public Wi-Fi to access websites with sensitive information such as financial records, banking transactions, business-related documents or other personal information. When setting up their home networks, your clients should follow manufacturer security recommendations to be sure their wireless signals are properly encrypted.

Protect Physical Documents

  • Promptly retrieve and secure incoming postal mail after delivery. Your clients should place outgoing mail in a U.S. Postal Service mailbox instead of their home mailboxes to reduce the chance of mail theft. Suspected mail theft should be reported to a Postal Inspector.
  • Look out for paper confirmations. We mail a confirmation to the address of record following address changes and website password updates. Your clients should make sure that they made or authorized the changes.
  • Protect their Social Security numbers. Your clients should keep their cards in a safe place, avoid giving their numbers to others and take measures to keep any other documents containing the number confidential.
  • Shred documents. These include credit card offers, bank statements, junk mail and any other documents that may reveal personal information about themselves.

Report Fraud or Suspicious Email

Fraud

1. Contact us

Contact us immediately in the event of fraudulent activity. We’ll take the appropriate steps to monitor your clients’ American Funds accounts.

2. Contact a consumer credit company

We recommend that your clients place a fraud alert on their accounts by contacting one of the following three consumer credit companies:

  • Equifax: www.fraudalerts.equifax.com
    (800) 525-6285
    Equifax Credit Information Services, Inc.
    P.O. Box 740241, Atlanta, GA 30374-0241
  • Experian: www.experian.com
    (888) EXPERIAN (397-3742)
    P.O. Box 9532, Allen, TX 75013
  • TransUnion: www.transunion.com
    (800) 680-7289
    Fraud Victim Assistance Division
    P.O. Box 6790, Fullerton, CA 92834-6790

Please note: Your clients only need to inform one consumer credit company since it’s required by law to share their fraud alert request with the other two.

3. Review credit report

Once your clients request a fraud alert, they’re entitled to free copies of their credit report. These should be reviewed for suspicious activity and inaccuracies. If your clients find unauthorized accounts or charges, they should take the appropriate steps to get them corrected.

Suspicious Email

We’ll never ask for account information, including passwords, via email. If your clients suspect that they’ve received a fraudulent email, please forward it to us at emailfraud@capgroup.com. Do not click on any links in the email.

If your clients are uncomfortable forwarding suspicious email, they may also call us. Please be sure to write down the title of the email they received, along with the sender’s name or address and the file names of any attachments.

Fraud Basics

Phishing

Phishing is the most widely known form of fraud. It typically involves someone sending an email that appears to be legitimate from a reputable source. It may contain real information, including a company logo and branding, or even personal information gleaned from your social networking site. These emails then urge you to take action — e.g., click on a link, open an attachment or respond to a message.

There are two primary types of phishing: broad phishing, where the attacker casts a wide net and hopes to “hook” one or more victims, and spear phishing, where the attacker carefully researches their victims using publicly available information in order to make the message appear more legitimate.

Phishing attempts typically:

  • Pretend to be from banks and other financial institutions, entities that process payments or individuals with an offer that’s “too good to be true”
  • Appear convincing due to copycat logos, fonts and other graphic elements
  • Include a link to an illegitimate webpage where you’ll be asked to enter your personal or account information

Phishing attacks may also occur over the phone.

Malware

Malware includes spyware, viruses and other types of malicious software that are installed on your computer, smartphone and other devices without your authorization. Malware typically collects information about you — the passwords you use, the websites you visit — simply by watching you type or surf the Web. Malware may also take over your computer for nefarious purposes such as sending email you didn’t write or spreading computer viruses.

Malware is typically installed through:

  • Malicious websites that attack computers with out-of-date operating systems or antivirus software
  • Links in pop-up ads
  • Shareware and other downloadable software
  • Deceptive security software offers

Computers with malware may:

  • Operate slowly
  • Be inundated by pop-ups
  • Redirect users to URLs different from those entered
  • Include unknown toolbars and icons
  • Display out-of-the-blue error messages

If your clients suspect their computer has been infected by malware, they should take the necessary steps to remove the unwanted software from their computer.

Identity Theft

Identity theft involves the impersonation of an individual through the fraudulent use of their personal and account information — e.g., driver’s license, Social Security number, bank account and other numbers, as well as usernames and passwords.

Identity thieves obtain information in a number of ways:

  • From the trash
  • By stealing mail, purses and other personal items
  • By copying credit card or other information during a transaction
  • Through phishing attacks
  • By submitting false address changes

More information on identify theft and protecting your clients’ identities can be found at these websites:

Learn More

Learn more about fraud and how your clients can spot it at OnGuardOnline.gov.

Social Media

Please see Twitter Terms of Use.


Investments are not FDIC-insured, nor are they deposits of or guaranteed by a bank or any other entity, so they may lose value.

This material is intended for use by financial professionals or in conjunction with the advice of a financial professional.

Investors should carefully consider investment objectives, risks, charges and expenses. This and other important information is contained in the fund prospectuses and summary prospectuses, which can be obtained from a financial professional and should be read carefully before investing.