A Commitment to Security

At Paychex, safety and security of your personal and account information is one of our top priorities. Below you will find a brief overview of how we undertake this responsibility and some easy-to-follow tips you can use to safeguard your information.

Our Part

Paychex is committed to protecting the security and integrity of our customer information through procedures and technologies designed for this purpose. Here are some of the things we do with our technology and our internal training to ensure that your information in our systems is protected:

• We maintain policies and procedures covering the physical security of our workplaces, systems, and records.
• Our physical, electronic, and procedural safeguards are built on industry recognized best practices.
• We use technological means such as backup files, virus detection and prevention, firewalls, and other computer hardware and software to protect against unauthorized access or alteration to customer data.
• We encrypt sensitive information that is transmitted over the Internet.
• We limit employee access to customer information to those who have a business reason to know through formal approval processes, access controls, and internal auditing.
• We require our employees to take information security awareness training and to apply this training to their job every day.
• We use advanced technologies for the backup and recovery of customer information.

Your Part

You can help prevent unauthorized access to your account and personal information by following these security tips:

• Enhanced login features to protect against identity theft. Your user ID (user name), password, picture, and pin code represent the keys you use to access your account information on our system. Keep these "keys" in your possession only. Please protect them as you would your house keys.
• Follow the password tips that are presented in the user maintenance page when you create a new password. That way no one else will be able to guess your password.
• When you view your account or perform any other transaction online, make sure that you use the "Log Out" button when you are finished, then close your browser completely. This ensures that no one can use the computer after you and see your account information.
• If you believe that an unauthorized person has accessed your account, let us know as soon as possible by contacting your Paychex representative.

Email Security

What is Phishing?

Phishing is the act of sending an email to a user falsely claiming to be an established, legitimate company in an attempt to trick the user into providing valuable personal data such as credit card numbers, passwords, account information, or other private information. The email often uses fear tactics in an effort to entice the intended victim into visiting a fraudulent website. Once on the website, which generally looks and feels much like the valid company website, the victim is instructed to enter sensitive personal information that is then sent to the attacker and often used to commit identity theft or financial fraud against the victim.

How to Identify a Phishing or Fraudulent Email

Many phishing emails look and feel like the real thing and often include official looking logos or web pages taken from real organizations. Phishing scams have become increasingly sophisticated in their techniques and technology. However there are certain red flags that Internet users can look for that are common in phishing emails. Look over the following to familiarize yourself with common techniques that are used by attackers:

• Urgent Emails or Threats to Accounts Some fraudulent emails claim that the recipient's account has been inappropriately accessed or is in jeopardy and that authenticating information (name, password, account number, credit card number) is required to keep the account from being closed, suspended, billed, or restricted.
• Lost Information Consumers should be cautious of claims that a company is "updating" its files or accounts.
• Personal Information Requests. for a recipient to enter sensitive personal information such as a user ID, password, bank account or social security numbers by clicking on a link or completing an email form should be treated with suspicion.
• Senders Address Email recipients should not rely on the sender's email address to validate the true origin of the email. The "From" field of an email can be easily altered or forged by the sender.
• Links in Emails Can be Easily Forged Links in emails can be misleading, luring the recipient to a forged version of a legitimate website.
• Other Signs of a Fraudulent Email Other telltale signs of fraudulent or phishing emails include spelling errors, incorrect grammar, pop-up windows that look like sign-in pages, and unsuspected attachments which may contain viruses or other malicious software.

How to Protect Yourself

There are ways to protect yourself from a phishing scam. Don't be a victim. Here are some suggestions:

• Be wary of hyperlinks embedded in email messages as they are constructed on the surface to look legitimate but underneath they will often redirect you to a fraudulent website. Rather than click on a suspicious link, type the link into your browser window.
• Be alert to hyperlinks that are misspelled such as -.paychecks.com or -.paychx.com.
• Make sure you use anti-virus, anti-spam, anti-spyware software and a personal firewall. These products should be updated regularly and kept current.
• Always scan file attachments for viruses or malicious software before opening them.
• Routinely review and apply software security patches to your computer operating system and applications.
• Make sure you use the most current versions of Internet browsers.
• Choose secure passwords to protect your account information. They should be at least eight characters in length with a combination of letters, numbers, and special characters and should not be easily guessable.
• Change your password periodically to help reduce the likelihood that it can be guessed.
• Avoid responding to emails that do not come from someone you know. If an email comes from someone you know, but you were not expecting it or it seems suspicious, contact the sender to confirm that they sent it prior to responding.

If You Receive Suspicious Email

If you suspect you have received a suspicious or fraudulent email, please contact your Paychex representative.

Identity Security

What is Identity Theft?

Identity or financial theft can occur when someone uses your personally identifiable information (PII), like your name, social security number (SSN), bank account, or medical insurance number; without your permission to commit fraudulent activities.

Identity crimes can take a variety of forms including the use of your information to obtain a credit card, establish a utility account, rent property, or receive medical services in your name. You may not find out about the theft until you review your credit report or a bank account statement and notice suspicious charges. You may even be surprised by a call from a debt collector.

Identity theft is a serious crime often resulting in consumers spending hundreds of hours and thousands of dollars attempting to repair the damage to their good name and credit record.

How Do Thieves Steal a Person's Identity?

Identity theft starts with the misuse of your personally identifiable information. Skilled identity thieves may use a variety of methods to get hold of your information including:

• Dumpster Diving. The identity thief may rummage through a person's trash looking for bills, pre-approved credit card offers, or other paper that includes personal information on it.
• Phishing. The identity thief may send an email to a user falsely claiming to be an established, legitimate company in an attempt to trick the user into providing valuable personal data such as credit card numbers, passwords, account information, or other private information. The email often uses fear tactics in an effort to entice the intended victim into visiting a fraudulent website.
• Skimming. The identity thief may steal credit or debit card numbers by using a special storage device when processing your card for payment.
• Pretexting. The identity thief may access your personal information under false pretenses. Very similar to a phishing attack, but is usually performed by calling a person directly and claiming that they have something to offer that would entice the person to disclose personal information.
• Old Fashioned Stealing. The identity thief may steal your wallet, purse, or mail.
• Changing Your Address. The identity thief may divert your mail such as billing statements to another location by completing a change of address form.

What Do Thieves Do With a Stolen Identity?

Once an identity thief has your information, they may use it in a variety of different ways.

Credit Card Fraud:

• The identity thief may open new credit card accounts in your name and not pay the charges that appear on the victim's account statement.
• The identity thief may also change the billing address on the credit card and accumulate large charges. Since the bill is going to an alternate address, it often takes the victim some time before they realize what has happened.

Bank and Financial Fraud:

• The identity thief may open a bank account in the victim's name and write bad checks.
• The identity thief may take a loan in the victim's name.
• The identity thief may create counterfeit checks using the victim's name and bank account number.
• The identity thief may create a fake ATM or debit card using the victim's name and account number and make withdrawals against the victim's account.

Phone or Utilities Fraud:

• They may open a new phone or wireless account in the victim's name and rack up charges.
• They may use the victim's name to acquire utility services such as heating, electricity, or cable TV.

Government Documents Fraud:

• The identity thief may sign up for a driver's license or other official ID card using the victim's name and social security number.
• The identity thief may use the victim's social security number to apply for government benefits.
• The identity thief may file a fraudulent tax return using the victim's information.

Other/Miscellaneous Fraud:

• The identity thief may apply for a job using the victim's social security number.
• The identity thief may rent a house or obtain medical services under the victim's name.
• The identity thief may give the victim's personal information to the police during an arrest. If they do not show up for a scheduled court date, a warrant is issued in the victim's name.

How Can You Find Out If Your Identity Was Stolen?

The best way to find out is to monitor your accounts and bank statements each month and check your credit report on a regular basis. If you check your credit report regularly, you may be able to limit the damage caused by identity theft.

What Should You Do If Your Identity is Stolen?

If you believe your information has been stolen, you should act immediately to minimize the damage. Filing a police report, checking your credit reports, notifying creditors, and disputing any unauthorized transactions are some of the steps you must take to restore your good name. For more information on how to respond to perceived identity theft or to file a complaint, contact the Federal Trade Commission at (1-877-ID-THEFT) or visit them online at www.ftc.gov

What Can You Do to Protect Yourself Against Identity Theft?

Awareness is an effective weapon against many forms of identity theft. Be aware of how information is stolen and what you can do to protect yours, monitor your personal information to uncover any problems quickly, and know what to do when you suspect your identity has been stolen. Here are some basic steps that you can take to protect yourself.

• Do not throw documents in the trash that could be used to identify you. Buy a cross-cut or confetti type shredder and be sure to destroy all documents that may have your personally identifiable information on them.
• Protect your online accounts with difficult to guess passwords. Do not share these passwords with others and change them periodically to ensure they are not compromised.
• Do not use common identifiers such as mother's maiden name, date of birth, children's names, pet's names or other easily guessable information.
• When using your ATM or Debit card, be wary of "Shoulder Surfers" that may be watching over your shoulder in an attempt to steal your PIN number.
• Mail theft is common and easy to do. Do not use your home mailbox to mail bills or checks. Use an official U.S. Post Office or U.S. mailbox to mail documents that contain your personal identifying information.
• Be sure to cancel all credit cards that you do not use on a regular basis. Open credit is a favorite for identity thieves.
• Remove any identifiers you do not need from your wallet or purse. Don't carry your birth certificate, social security card, or passport, unless necessary.
• If you receive a call at home or work, never give out any of your personal information over the phone. If they claim to be a credit grantor or provider of a service, request an application be mailed to your home or work address. You may also look up the official company number and return the call to ensure you are speaking to a legitimate business representative.
• Do not put your telephone number or social security number on your checks.
• Take your name off all promotional lists. Call the three credit reporting bureau numbers below to monitor your credit history. Additionally, subscribe to the various opt-out services listed below or provided by your utility, bank, credit card, medical, or similar service provider.

Additional Resources

Credit Reporting Bureaus:

Federal Government:

Federal Trade Commission
Department of the Treasury
Identity Theft Resource Page

Opt-out Services:

Do Not Call Registry
Prescreened Credit Card Offers
Direct Marketing Association

Consumer and Professional Organizations:

Privacy Rights Clearinghouse: Identity Theft Resources