my pay LOGO
       Security Main  

Protecting Your Computer

As the Defense Finance and Accounting Service (DFAS) continues to protect information and data on myPay – we want to remind customers that they too have a responsibility to take measures to protect their personal information from scams and identity theft.

In the past several months, two private U.S. industry firms disclosed that overseas hackers broke into customer accounts. According to the Chief Information Officer (CIO) at one of these firms, these attacks were carried out by “keylogging” software installed on users PC’s. This software allowed the thieves to steal the users account information from their home computers, by capturing the user's keystrokes. They were able to detect passwords, IDs and other personal information from a diagnostic used in the software development which is also known as “keystroke logging”. Key logging software is often installed on systems when an individual simply views emails or clicks links that look and seem like reputable sites.

myPay uses a variety of security features to protect data and in its transmission to users’ computers. “The secure technology provided to myPay customers meets or exceeds security requirements in private industry worldwide,” said Pat Shine, director DFAS Operations. The features include items such as 128 bit encryption, firewalls, Virtual Private Networks (VPN) and other measures. “It is also important that customers do everything they can to protect data from being compromised or captured on their computers, especially when using personal computers at home,” explained Shine.

“Phishing” attacks trick people into parting with personal information by luring them to false corporate Web sites or by requesting personal information be sent in a return email. According to the Federal Trade Commission, “‘Phishers’ send emails or pop-up messages claiming to be from a business or organization you would routinely deal with – an internet service provider, bank, online payment service or even a government agency. The message usually says that you need to ‘update’ or ‘validate’ your account information and might threaten dire consequences if you don’t respond. You are directed to a Web site that mimics a legitimate organization’s site. The purpose of the bogus site is to trick you into divulging personal information so the scam operators can steal your identity and make purchases or commit crimes in your name.”

Whether it be phishing, identity theft, government email scams, credit card offers or electronic commerce fraud there are scammers on the Internet who are very creative and constantly come up with new scams or variations on old scams. The only way to fight this is with knowledge.

Here are several things customers should consider to protect data not only when using myPay, but any electronic commerce activity (e.g. on-line banking, credit card purchases, etc.):

    1. Install operating system and application software (e.g. Internet Explorer) updates regularly. Many of these updates are issued to fix security problems which have been identified.

    2. Install and use anti-virus software and personal firewalls. Keep this software updated. The correct use of these programs can help protect your system from being compromised by malicious software (e.g. software which can capture information processed on your computer, etc). The DoD Computer Emergency Readiness Team (CERT) makes this type of software available to most DoD employees (check with your agency).

    3. Do not store your various User-IDs and passwords in files on your computer. If someone gains access to your computer this is the type of information they look for and would aid them in accessing your account.

    4. After using your browser (e.g. Internet Explorer, etc) to access a site where you process sensitive information (e.g. myPay, your bank account, etc.) close all of your browser windows and restart a new browser session. Sometimes the browser can hold that information in memory (e.g. cache, etc) and some web sites know where to look to find it.

    5. Be very careful when installing software that gives others access to your computer. Remote service software or peer-to-peer software used for file sharing can create unintended openings into your computer that outsiders can use if the software is not configured correctly.

    6. Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal and financial information through a Web site, look for indicators that the site is secure, such as an image of a lock or lock icon on the browser’s status bar or a Web site address that begins “https:” ( the “s” stands for “secure”).

    7. DFAS does not send email messages asking customers to update or validate information. We do send email messages that provide important information about customer’s pay account, but we never ask for customers to send passwords, login names, Social Security numbers, or other personal information through e-mail.

“Maintaining the safety and security of myPay is a top priority”, said Shine. “We proactively implement new security features on a routine basis to protect our customers against identity theft and scams.”

About DFAS

The Defense Finance and Accounting Service provides responsive, professional finance and accounting services to the men and women who defend America. DFAS pays about 6 million people and in FY 2009 made 7.8 million travel payments, paid 12.8 million commercial invoices, made $553 billion in disbursements to pay recipients, and managed $426.7 billion in military retirement and health benefits funds. For more about DFAS visit