2nd Quarter 2019

Ask ICMA-RC: What are some best practices to help prevent fraud and help protect my account?

ICMA-RC focuses on making it easy and secure for you to access your retirement-savings account, while we strengthen our existing processes for authenticating participants in order to identify and help prevent fraud. We take the security of participant accounts very seriously, and we continuously apply enhancements to safeguard your assets. For instance, we have implemented two-factor authentication, which provides a means to authenticate your identity when performing certain online activities by sending a one-time code to your email address or mobile phone number on file.

As we put processes in place to help protect your accounts, we encourage you to take the following prudent steps as well.

  • Register your account by signing up for online access, if you have not already done so, to help prevent someone from doing so fraudulently.
  • Check your account(s) online regularly, and notify ICMA-RC immediately of any suspicious activity.
  • Promptly review all mail, email, and other communications from ICMA-RC, and report any discrepancies.
  • Be careful of phishing and social engineering communications via emails and phone calls. Thieves and fraudsters may use these means to try and collect personal identifiable information for the purposes of stealing your identity and/or compromising your account(s). ICMA-RC will never ask you to provide credential information or your Social Security number; we strongly suggest participants never provide their online account information to anyone who calls or sends them an email.
  • Update your contact information promptly with ICMA-RC whenever you have a change.
  • ICMA-RC will send critical security and transaction-related alerts to your email address and/or mobile number, so make sure we have both on file to receive these time sensitive alerts.
  • Create non-dictionary, unique, and strong passwords such as those that include numbers, symbols, and uppercase and lowercase letters. Don’t use weak passwords, e.g., “password123,” “1Welcome!,” “JohnSmith50,” etc.
  • Don’t use passwords you utilized for other online accounts or websites, or that can be easily guessed, such as family or participants’ names and birthdates.

Logging In or Setting Up Your Online Account
Need to create a user ID and password? Follow these steps:

  • Click “Set Up Your Online Access” in the account log-in box in the upper-right corner of the screen. Follow the prompts to enter your information — this sets up online access to your account.
  • Create your user ID — Your user ID must be 6-32 characters in length and is not case-sensitive.
  • Create your password — Your password must be 8-24 characters in length and is case-sensitive.

If you’ve already set up your account, you can simply log in (www.icmarc.org/login). Also, here are a few helpful reminders:

  • To change your user ID and/or password while logged into your account, go to My Profile and select the Change User ID and/or Change Password option.
  • To reset your password, select the Forgot User ID or Password? link in the log-in box. Once you provide some of your personal information to verify your identity, you can create your new password immediately.
  • Make sure that cookies are enabled — you can find this information under the Internet Options setting in your browser.
  • Look for "https://" and the lock (Secure Website Lock Icon) in your browser address bar to signify a secure site before logging in.

Learn about more ways to help secure your account and about ICMA-RC’s Security Guarantee.

If you are a victim of identity theft or believe that your personally identifiable information has been illegally obtained, contact ICMA-RC immediately at (800) 669-7400. For more information about identity theft protection and resources, see the Federal Trade Commission's website at www.ftc.gov/idtheft.

Return to top