Cybersecurity and fraud management
We’re committed to safeguarding your financial future
Protecting customer data is more important now than ever. Discover how we keep you safe online.
Your information
Cybersecurity overview
Everyday, criminals are online looking for opportunities to steal money and data, putting you and your accounts at risk. Discover the team and protections we’ve put in place to stop them.
[Narrator] Every day, we spend seven hours online, doing our jobs, communicating with others, and managing our lives, and every minute, our information is under attack from cyber threats. The resulting impact on the industries that TIAA serves comes at a high price, and the attacks are increasing. Cyber criminals recognize how attractive these targets are. That's why TIAA's Cybersecurity Program is always on alert, relying on cutting-edge technology, people, and process to help uncover threats early, protect client data and accounts, and prevent fraud. Our global operation continuously leverages artificial intelligence and machine learning to monitor and analyze network events in real time. This provides faster detection, greater efficiency, and more confidence that data and accounts are secure. TIAA relies on multifactor authentication to help ensure only account owners gain access. Our always-on, user-friendly approach also offers additional security, like one-time pass codes, or biometrics through TIAA's mobile app. While our technology is constantly at work, so is our Global Cybersecurity Team. Hundreds of dedicated specialists with expertise in cybersecurity, fraud, risk management, and information technology. They proactively defend our network, plan sponsors, and participants from data and financial losses, and all TIAA associates remain vigilant in preventing attacks thanks to our award-winning Cybersecurity Awareness Program. Our team is active in the larger world too. We collaborate with clients on their own cybersecurity efforts by providing best practices, timely webinars, thought leadership, and employee education. These efforts help keep data secure throughout our collective ecosystem. Beyond that, we are connected with industry and federal agencies to share threat intelligence. It's all of us working together to help stay one step ahead of cyber attacks. But what if in spite of our best efforts, data is breached from unauthorized activity, and money is lost through no fault of the owner. It is TIAA's practice to reimburse that loss, and will cover the cost of identity theft repair and credit monitoring to help recover any impact. That's our commitment, along with our continued vigilance in helping ensure that never happens in the first place.
Secure your retirement accounts
TIAA’s advanced security features protect your retirement savings more securely than ever.
Protecting your data
We leverage the latest cybersecurity innovations to monitor data, encrypt confidential participant information, and provide timely enterprise data protection training for you and our team.
Protecting your accounts
Our cyber and fraud protection protocols prevent unauthorized parties from accessing your accounts, and we’re constantly on the lookout for scams and breaches targeting our participants.
Providing assurance
If your account is ever compromised by someone gaining unauthorized access and you lose money as a result, TIAA will reimburse you.*
Your accounts
Best practices: Protect your online account with a passkey—no password required
TIAA offers passkeys as a more secure and streamlined method of authentication.
TIAA is going passwordless! That’s right…by making the decision to go passwordless, you will limit the hassle of resetting forgotten passwords. Instead, you will have the opportunity to create a passkey that is unique to your specific device which you can use each time you access your account. In reality, passwords put you more at risk due to the use of the same password for multiple accounts, especially if your password is ever stolen. Removing the need to use a password will add security to your account and better protect your TIAA assets. If you choose to go passwordless, the experience is easy. Once prompted, you’ll be guided through a few simple steps to create your passkey using the biometric capabilities of your device. Once you have created your passkey you now have a simpler, safer, and more seamless way to access your accounts. For more information on how to stay safe online visit tiaa.org/security.
Passkeys combine the power of cryptography with biometric authentication
This technology enables you to access your TIAA account with your fingerprint, face scan, or PIN.
Benefits include:
- Stronger credentials scammers can’t guess or reuse
- Protection from phishing and security breaches
- No passwords to lose or forget
- Unique sign-in from your device to your account
- A better user experience leveraging biometric data
How to set up your passkey
TIAA currently supports passkeys for iOS, Android, and Microsoft users running Chrome, Edge, Firefox, and Safari browsers
- Visit
tiaa.org and log in to your account. - Select Profile, navigate to the Security Preferences page, choose Passkey, and follow the prompts.
- Return to the TIAA secure login page and select the Setup passkey button.
Seamless protection behind the scenes
TIAA’s Multifactor authentication (MFA) provides advanced safeguards in the background that won’t interrupt your experience.
Enhance your authentication
You can optionally add more verification factors to increase your account security:
Add a trusted contact
A trusted contact is an adult (age 18 or older) you trust to serve as our point of contact should concerns arise about your potential:
- Well-being
- Whereabouts
- Fraud victimization
- Exploitation
- Abuse
Please note that your trusted contact can’t access your account information, is not an authorized user, can’t approve transactions, and won’t assume power of attorney.
Award-winning phone authentication solution
Our phone authentication solution analyzes key omnichannel attributes to mitigate fraud risk, while our advanced voice biometrics, multifactor authentication, and other controls safeguard your personal information.
Assurance
We’re always working for you
From safeguarding your data on the backend to providing opportunities for you to take charge and strengthen your own security measures, protecting you and your information is our top priority.
Stay safe online
Learn ways to protect yourself and your loved ones in an age of uncertainty.
It happens to all of us and if it hasn't happened to you, it eventually will. You receive a phone call, text, or email you weren't expecting, but the contents make you pause and pay attention. The message you receive makes your heart race or you might wonder if you're in trouble. The message seems urgent, and wants your attention and action immediately. It seems bizarre, but the message is convincing you that you should act and fast. You're not alone with these types of messages. These are all common traits of scams. Scammers use common tactics no matter what the scam is. Scams utilize common tactics such as a sense of urgency. The message, whether email, text, or phone will convince you that you must act and rectify a situation or take advantage of some benefit. With the sense of urgency, tactics might also be used. This could include convincing you that something has happened to a loved one or that you must send money right away. The sender, a caller might request payment in unusual payment methods such as gift cards or tell you that you've been overpaid for a product or service and must return the extra amount. If you receive a phone call, text, or email with any of these common trades, hang up, delete, or ignore the message altogether. Someone is trying to scam you. Remember, being informed and vigilant is the best way to avoid scams. Stay safe and never give into these fraudulent schemes. If you are the recipient of a scam attempt you can report it to the Federal Trade Commission. Visit the TIAA Security Center for more resources on how to protect yourself and your accounts.
Protect yourself
Learn about common scams to help you recognize red flags, prevent fraud, and report issues. Discover ways to better protect yourself, your loved ones, and your money.
Protecting older adults
Avoiding account takeovers
Tax scams
Government scams
Romance scams
Tech support scams
You’re covered if an incident occurs
You’re reimbursed for any loss due to unauthorized access.*
- View TIAA’s
customer protection policy - State and federal law-based incident response and notifications
- Credit monitoring and identity theft repair if your data is breached
- Regulatory oversight, independent audit, and certification of alignment with industry expectations
Resources
Cybersecurity Best Practices
We offer tips and best practices to help you address a broad range of cybersecurity challenges. For information about a specific issue, browse the options below.
Keeping kids safe online
Working remotely
Multifactor authentication (MFA)
Avoiding malware
7 steps to protect yourself from voice deepfakes hitting higher ed
Essential fraud prevention for educators
New era of AI phishing
New rules for protecting passwords
Report a security concern
Help us keep you safe
No matter what security challenges may arise, we’re here for you. Here’s how you can take action.
Suspicious account activity
To report unauthorized account access, balance concerns, or other security issues, call us at
Suspicious email
To report a suspicious email, send it to us at
Resources
We’ve
*Our practice is to reinstate a client's TIAA account in full if there is a loss that is determined to be the result of unauthorized activity through no fault of the client.
**You are about to leave TIAA’s website and access a website that is unaffiliated with TIAA. TIAA does not assume responsibility or liability for the content or privacy policies of external sites.