Skip nav to main content.
Pearl Hawaii Credit Union
Android GET - On the App Store
Pearl Hawaii Credit Union
Apple GET - On the App Store






Multi-Factor Authentication (MFA) is a multi-step process that ensures that your Pearl Hawaii accounts are safe. Also, MFA verifies that you’re the only person that can access your account even if someone has your password. Additionally, Multi-factor Authentication is a method that requires the user to provide two or more verification methods to gain access. Rather than just asking for a username and password, MFA requires one or more additional verification. With MFA, the likelihood of a successful cyber-attack decreases.

If you log into PHFCUOnline or our mobile apps using a device that we do not recognize, our system will ask for you to take additional steps. In addition to entering your password, we will also ask you to enter a security code that you can choose to receive via email or text message. Once authenticating your account, you will only need to authenticate your account if you erase the device’s history, use a different browser, or change your password.



One of the keys to multifactor authentication is having accurate contact information for you on file so you can authenticate your login. If we don’t have your correct phone number or email, you may not be able to log in to online or mobile banking.

In addition to the protections Pearl Hawaii has in place, we encourage you to use these best practices to help keep your accounts safe online:


  • Change your passwords frequently
  • Monitor your accounts regularly
  • Authorize account alerts
  • Keep your apps and devices up-to-date with the most recent system updates
  • Run anti-virus software
  • Turn on your firewall
  • Avoid unsecured wireless access points
  • Avoid clicking on links in unsolicited emails




Multi-Factor Authentication is a system to verify that someone is who they say they are. Typically, there are three methods.

Something you…

  • know (username, password, security questions, one-time password, or a code)
  • have (Codes sent to you via text or email, Calls to your mobile device, Software certificates)
  • you are (facial recognition, fingerprint, voice recognition, iris scanning, or some other biometric verification).

If only two factors are present, it’s called two-factor authentication (2FA). For example, you enter your debit card at an ATM. You need to enter something you have (the debit card) and something you know (your PIN). Often, MFA is used interchangeably with two-factor authentication (2FA). 2FA is basically a subset of MFA.

Additionally, another example is when entering your username and password on PHFCUOnline or with our app. We will then ask you for a second verification, like a code to your cell via text, which you need to use to gain access.

MFA can also involve location scanning. If you are in Hawaii and there is a log-in attempt or your cards are used from another country or state, you could be on vacation or you could be the victim of a hacking attempt.

Have you ever been asked to enter your zip code when you buy gas? That would be an example of an older type of MFA.



Multi-Factor Authentication adds another layer of security. If just one of these methods has been compromised by a hacker or if you enter the wrong password in succession, then you won’t gain access to your accounts… and neither will they. As a result, you can simply change your password and start over.

Some people like to use the same password for everything. Unfortunately, this means that if a hacker gets access to one account, they can access all of your accounts. Multi-Factor Authentication is one the most effective ways to protect both cloud-based data and online information.



Overall, the goal is to make it much more difficult for hackers and scammers to gain access to your accounts. It’s not possible to prevent all cybercrime, but you can make it much more difficult for criminals to hack into your account by using multi-factor authentication. You can also use strong passwords and change them every three months.



  • Be wary of phishing scams.
  • Choose strong passwords. Ideally, you will want a password to have a minimum of 12 characters that includes symbols, lower and upper case letters, and numerics.
    Never choose a password that uses personal information such as your name, address or date of birth. Stay clear of short passwords, common words, and simple number combinations.
  • Always change passwords regularly.
  • Choose different passwords for different accounts.
  • Enable two-factor authentication.
  • Stay away from of public Wi-Fi and computers.
  • Sign-up for banking alerts.
  • Choose trustworthy financial apps.


  • Verify the sender’s email address.
  • Call the financial institution, service, or vendor and ask if they sent you an email and verify the email address with them.
  • Do not click on links in an email or text.
  • In and email, hover over links. Hovering over a link inside an email (do not click) can reveal where it will take you.
  • Don’t share personal details.
  • Choose trustworthy financial apps and products. Financial apps can help with banking or sending money, but they arere not equally secure.
  • If you plan to use your bank’s mobile app, make certain you’re using its official app. The best way to do that is to download the app from your bank’s website.
  • Consider which apps you allow to access your online and mobile banking details. For example, you might want to use a budgeting app to manage your money. These apps generally ask you to share your login credentials to pull information and create a financial picture, putting your data at risk.
  • Before downloading a financial app, check its ratings. Research the app’s security policies and look for past data breaches.


  • To learn more about identity theft fraud safety visit ID Theft Center.
  • If you think you’ve been a victim of identity theft, contact the Federal Trade Commission (FTC) at 877-IDTHEFT (438-4338) or visit the Federal Trade Commission’s site to learn more.
  • If you believe your Social Security Number is being used fraudulently contact the Social Security Administration at (800) 772-1213.
  • It’s a good idea to get a copy of your credit report each year from each credit-reporting agency. You can get a free credit report yearly from the Annual Credit Report website at or by calling 1-877-322-8228 where you will go through a simple verification process over the phone. It is important that you obtain and review a copy of your credit report once a year to make sure your information is accurate.
  • For financial literacy, check out  Upgrade| our blog or our financial education page.
  • To file a complaint about a suspected fraudulent email, contact the Federal Bureau of Investigation’s Internet Crime Complaint Center at
  • Consumer Finance Protection Bureau 




Upgrade you.

Building trust, nurturing dreams, inspiring hope. From home or car loans to Hawaii’s most innovative banking services, Pearl Hawaii is committed to you. Bank at any of our Oahu locations in Waipahu, Ewa Beach, Waianae, Honolulu, Pearl Harbor, or near the Airport. Additionally, you can bank using PHFCUOnline just like one of our branches. To contact us, call us at 808.737.4328, toll-free at 800.987.5583, or email us at