A practical reference on credential hygiene, phishing awareness, device trust, and card fraud reporting for Exchange Bank customers. Written to help real people recognize problems early and find the right phone number when something goes wrong.
A strong Exchange Bank login starts with the basics. Pick a passcode that is long rather than clever: a passphrase of four unrelated words outperforms a short string with substitutions. Never reuse the passcode across other financial sites. Store it in a reputable password manager rather than on paper or in a browser sync that is easy to breach on a shared device. When the bank rotates password policy, follow the prompt instead of appending a number to the old passcode.
Good credential hygiene also means treating the username with the same care as the passcode. A username that leaks in a phishing campaign gives an attacker half the ingredients they need. Exchange Bank allows a username that is not the account number, and customers should use that option rather than exposing a routing-plus-account pattern in any online form.
Modern password-cracking rigs chew through short, mixed-character strings quickly but slow dramatically against longer passphrases. The math rewards length. A sixteen-character passphrase made of four common words with spaces is harder to brute-force than an eight-character string with symbols. The Federal Trade Commission's consumer-protection guide on personal information walks through the same logic in plain language.
If a caller claiming to be from Exchange Bank asks for a passcode, a one-time code, or a social security number in full, hang up. Call back using the verified number on the contact page. No legitimate security team will penalize a customer for taking that extra step.
Phishing messages pretending to be from Exchange Bank share the same shape as phishing aimed at any bank. They press urgency, suggest an account is frozen, invite the reader to click a link, and then ask for credentials on a page that looks almost right. The giveaway is usually the URL — a misspelling, a different top-level domain, or an unusually long path — and the request for information that a real bank already has on file.
Smishing and vishing have grown faster than email phishing in recent years. A text that says "Exchange Bank security alert: reply YES to unlock" is a prompt for the recipient to call the verified customer service number and verify, not a reason to click or reply. The CFPB publishes ongoing guidance on recognizing financial scams on its fraud resource page, and customers should feel comfortable sharing those links with family members who are common scam targets.
Every Exchange Bank debit and credit card ships with card-present transaction alerts available at no cost. Enabling those alerts, plus a balance-threshold alert and a large-transfer alert, turns routine account monitoring from a monthly task into a real-time safeguard. The vast majority of card fraud cases resolved quickly at community banks involve a customer who saw the alert within minutes and called in before the second charge posted.
| Practice | Who handles it | How it protects you |
|---|---|---|
| Long unique passcode | Customer | Blocks credential-stuffing attacks from breaches of unrelated sites |
| Two-factor prompt on new device | Exchange Bank | Stops an attacker with a stolen passcode from completing a sign-in |
| Card-present transaction alert | Customer opt-in | Surfaces unauthorized charges within minutes |
| Automated session timeout | Exchange Bank | Closes abandoned sessions on shared or lost devices |
| Device trust review | Shared | Removes old devices from the trusted list so a stolen laptop cannot sign in silently |
| Card freeze from app | Customer | Blocks new charges while a misplaced card is located |
The fastest path is the 24-hour card fraud line at (707) 555-0188. After identity verification, the agent deactivates the card, initiates dispute paperwork for any unrecognized charges, and ships a replacement card. Customers who suspect a card is merely misplaced can use the freeze toggle inside online banking or the mobile banking app, which blocks new authorizations without canceling the card outright.
Customers arriving from a security concern should also read the login help guide, the step-by-step Exchange Bank login page, and the contact directory. Digital-channel explainers live under online banking, mobile banking, bill pay, wire transfers, account alerts, and mobile check deposit. Product pages cover personal checking, personal credit cards, and business checking. Background reading includes about Exchange Bank, leadership, the help resources hub, and policy documents at privacy, terms, and accessibility.
Call the Exchange Bank card fraud line at (707) 555-0188, which is staffed around the clock. After verifying identity, the agent will deactivate the card and order a replacement. Customers can also freeze a card temporarily from inside the online banking or mobile banking app if they think the card is misplaced rather than stolen.
The first sign-in from an unrecognized device triggers a one-time passcode to the phone or email registered on the account. Entering the code marks the device as trusted until the customer removes it. If a code arrives that the customer did not request, treating it as a security event and calling customer service is the safer path.
A phishing message typically pressures urgency, includes a shortened or look-alike link, and requests credentials, one-time codes, or social security numbers. Real Exchange Bank communications will never ask a customer to provide a full passcode, read back a two-factor code, or install remote-control software. When in doubt, close the message and call the customer service line listed on this reference.
Account alerts are one of the most effective low-effort security controls a customer can enable. Balance thresholds, card-present transaction alerts, and large-transfer notifications reach the customer in minutes and surface suspicious activity long before a statement cycle closes.