Frequently Asked Questions (FAQs)


Cybersecurity involves practices designed to protect systems, networks, and programs from digital attacks, damage, and unauthorized access.

A Deepfake uses Artificial Intelligence (AI) to create convincing images, voices, and videos.

Deep fakes, are defined by Merriam-Webster as “an image that has been convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.”

Bad actors can teach themselves how to use (AI) very quickly. You can’t always believe the person on the other end of the phone is actually who they say they are. If you have any doubts or suspicions, tell the caller you need to call them back. When you return the call, use the phone number you know to reconnect.

As a financial institution, we handle sensitive personal and financial information. Cybersecurity is vital in protecting this data and maintaining trust with our clients.

We employ multiple layers of security, including firewalls, encryption, secure access controls, regular security audits, and ongoing staff training to identify and respond to potential threats.

Phishing is a type of cyber attack in which an attacker impersonates a trusted entity to trick victims into revealing sensitive information. Common signs of phishing include unexpected requests for information, poor grammar or misspelling, and email addresses or URLs that don’t match the company they claim to represent.

We use advanced email filtering, regularly train staff on identifying phishing attempts, and never request sensitive information through unsecured methods.

If you suspect you’ve received a phishing email, please do not click on any links or provide any information. Report the email to us directly.

You can maintain security by regularly updating your passwords, using a secure network connection, regularly updating your devices, and being aware of any suspicious activity on your account.

Two-factor authentication (2FA) is an extra layer of security that requires not only a password and username but also something that only the user has access to, like a piece of information or a physical token. It drastically reduces the chances of fraud, data loss, or identity theft.

In the unlikely event of a data breach, we will follow our robust incident response plan, which includes notifying impacted individuals, working to secure data, and cooperating with law enforcement.


We have compiled a list of resources from various reputable organizations for your convenience. 

By law, you can get a free credit report each year from the three credit reporting agencies (CRAs). These agencies include Equifax, Experian, and TransUnion. is the only website authorized by the federal government to issue free, annual credit reports from the three CRAs. You may request your reports:

Client Portal (Infinity IdP)

Secure Sign-In is a service to help protect you from fraudulent online activity. We use multiple layers and factors beyond access ID and password before allowing access to your account. If we suspect unauthorized account activity, we will ask for additional authentication before permitting access to your account. Secure Sign In provides you with a secure Web site, ensuring that only authorized individuals have access to their financial information online.

When you access the site for the first time using the credentials provided by your financial institution, you are required to change your password and establish a delivery method to receive your One-Time PIN. The One-Time PIN (OTP) is available through one of the following:

  • SMS Text Message
  • Software Authenticator through a supported app. The supported apps include:
    • FIS Authenticator
    • Google ™ Authenticator
    • Microsoft ® Authenticator
  • Callback – if enabled for the institution.

The OTP method is established during your initial sign in. If your institution converted from a different Secure Sign In method to IdP, your first sign in with IdP is treated as your initial sign in.

  1. Enter your Access ID and the new password you received via email.
  2. After the product has validated your access ID and password, you are required to change your password. Your new password must meet the strong password requirements provided.
  3. You are then asked how you would like to receive your One-Time PIN. You must select the OTP method from the following choices:
    • Send a PIN to my phone.
    • Let me use a software app.
    • Call Back to my phone, if institution has option enabled.
  4. You are authenticated into the product after your password has been reset and the OTP method established.

When this OTP method is selected, the PIN is delivered only to your phone, as email delivery is not supported for your institution. You need to enter the following:

  • Device Name – Provide a name that identifies the device to you. You can register multiple OTP method devices, and the name helps you determine which number is which. This field is required.
  • Device Profile – Select either SMS Text or Voice Callback from the drop-down list, only one option is offered. Voice Callback only displays if the institution is providing that option. You will not receive a PIN if you do not select a profile option.
  • Route to Number – Enter the phone number, using the international format. For example, your US phone number is (888) 555-1212. The number must be entered as +18885551212. You will receive an error if you enter the number in a format other than that provided in the example.

If you choose the authenticator app, you can either install an app in advance, or have a link to an app emailed to you. If you choose the email option, you receive a link to download the FIS Authenticator app. If you have already installed an app, you are prompted to scan the QR Code or manually enter the string of characters above the QR Code provided in your OTP method set up.

Please note that the FIS Authenticator app does not have any account requirement, but if you use the Google Authenticator or Microsoft Authenticator you will need to sign into the app with your Google or Microsoft sign in information.

If you do any of the following during the sign in or OTP method set up, the information entered is discarded and you will be required to complete the processes the next time you attempt to sign in. 

  • Click the Cancel button on any page in the process.
  • Are inactive on any of the enrollment pages for an extended period of time.
  • Exit your browser window before the final step is completed.

It is recommended that you register your device on the Desktop Registration page. To register your, select Yes, this is my computer or mobile device that I use regularly. IdP remembers your device, and you will not be prompted to authenticate with a PIN on subsequent sign ins. The option is available to enter a Device Name. This is helpful if you want to register multiple devices.

If you do not choose to register your device, you will be prompted to enter a PIN with each subsequent sign in.  

The registration is device-specific, so we recommend registering each device you regularly use. 

Yes, as a security measure, your device registration periodically expires – generally every 60 days – unless your institution chooses a custom range.  When this happens, you will need to enter a PIN when you sign in and have the option to again register the device.

You may be prompted for a PIN on a registered device if the browser or location used on sign in is different than the browser or location used when the device was registered.

Yes, your PIN is case-sensitive. Enter your PIN in the format in which you receive it.  However, the PIN is typically all numeric in which case it is not case sensitive.

You are the first line of defense for your online account security. We have taken numerous steps to keep your accounts secure, but you also play a role in maintaining the security of your account information. Here’s what you can do:

  • Never provide your access ID and password to anyone.
  • Memorize your password. Your online password authenticates you when you begin an online session. You should memorize this password and never write it down anywhere.
  • Create a password that consists of letters, numbers, and/or special characters. It should be a combination that cannot be easily guessed by others.
  • Change your password regularly. It is important to change your password regularly, which can be accomplished within the product.
  • Remember to sign You may not always be at your own computer when you access your account. It is important to sign out by clicking the Sign Out link in the top-right corner of the page. If you forget to do so, we automatically sign you off after 15 minutes of inactivity.
  • Use your browser’s built-in security features. It is recommended that you use the built-in security features that browsers provide. Choosing certain security settings and options will help protect the privacy of your accounts and personal information. To learn how to maximize your online security, review the security features of your Web browser.

You may change your password often as needed; however, it is recommended that you make no more than one password change per day. 

Use the Trouble signing in? link, and select I forgot or need to change my password. You need to enter your email or access ID and are then prompted to also enter a PIN to verify your identity. You will receive an email that includes a link you must use to change your password.

Use the Trouble signing in? link, and select I forgot my Access ID. You then need to enter your email and are prompted to also enter a PIN to verify your identity. An email is sent that includes your access ID.

Learn More About How We Can Help You Build Your Legacy