Online Security

Protecting your information is important to us.

Here's how to protect your account and identity.

Secure your BancFirst account

Take precautions online

Financial education resources

Let's work together to secure your BancFirst accounts.

When bank employees are working with a customer over the phone, several steps must be taken to validate or authenticate the identity of the customer. To expedite the process, ask your local bank representative to set up an authentication code and register your cell phone number.

BancFirst's Debit Card Controls allow you to help safeguard your debit card from fraud by blocking authorizations, setting alerts, establishing spending limits, and controlling transaction types.

Set up mobile banking alerts and notifications on our online banking page. Alerts can notify you on low balance, large withdrawal, loan payment date and more.

Authentication – Secure Sensitive Online Information

Hackers have published over 555 million stolen passwords on the dark web. And 80% of hacking incidents are caused by stolen or reused login information. Authentication to online applications is a serious concern to anyone who uses the Internet.

Multifactor Authentication – a safer way to sign in you your online accounts. Authentication is the mechanism that a website or application uses to verify who you are and what access you have. Simple authentication is in the form of a Username and Password – the same information that is stolen on the dark web. Multifactor Authentication (MFA) provides an added layer of security to your accounts by requiring a second method of verification after you enter your password. The second level verification often comes via text providing a one-time passcode to further validate your credentials. How to protect your online access:

  1. Do not share your username and password with anyone. Many scams include a “technician” who calls and asks for your username and password to help you with a site. Do not share information giving anyone access to your personal information.  

  2. Use a password phrase for extra security. For example, use a long title of a movie replacing and capitalizing different letters: CatchM3ifyouc@n.

  3. Use a password manager app to store and manage your passwords. These applications can maintain your list of username and passwords with different websites.

  4. Do not use the same password on multiple sites. A common username is an email address. If you use the same email address and password, this will give a hacker access to all those websites or applications.

  5. If given the option, use multifactor authentication.









Business Email Compromise


Business E-mail Compromise (BEC) is a sophisticated scam commonly targeting businesses through spoofed email accounts in order to modify or generate fund transfers, such as wires or ACH, so that the funds arrive at the scammer’s bank account or money mule account!

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, like in these examples:

•    A vendor your company regularly deals with sends an invoice with an updated mailing address.

•    A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.

•    A homebuyer receives a message from his title company with instructions on how to wire his down payment.

Versions of these scenarios happened to real victims. All the messages were fake. And in each case, thousands—or even hundreds of thousands—of dollars were sent to criminals instead.




Scammer might:

Spoof an email account or website. Slight variations on legitimate addresses ( vs. fool victims into thinking fake accounts are authentic.

Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.

Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.

  • Be wary of e-mail-only wire transfer requests and requests involving urgency
  • Establish a reliable phone number of the entity you are doing business with and call them confirming your wiring or transaction information. 
  • Don’t click on anything in an unsolicited email or text asking you to update or verify account information.  Use a known good phone number to verify with the company if the request is legitimate.
  • Inspect the email for a mimicked e-mail addresses
  • Use multi-level authentication



We go online for everything from shopping and communicating to banking and bill paying. While the benefits of more convenient services are clear, the strategies for preventing online fraud and theft may not be as well-known. We want you to be aware of fraudulent situations so you can make informed online decisions.

Please view the FDIC's Consumer Assistance Topics page on CyberSecurity:

The FDIC's Consumer Assistance Topics page provides tips on how to best protect your identity:

Mastercard's provides ID Theft protection services to its debit card holders. The service alerts when personal information, such as your Social Security number, debit card number or and email address, is known to be compromised.

Your Guide to Preventing and Managing Overdraft Fees explains options to help you prevent overdrafts.

Learn helpful ways to manage your money from the FDIC.

FDIC Money Smart -
FDIC Consumer News -
Home Ownership through Ginnie Mae and Freddie Mac 

Other Helpful Links
FDIC Electronic Deposit Insurance Estimator

Online & Mobile Banking

Manage your money anywhere, anytime with online and mobile banking.

  • Up-to-the-minute account updates
  • Transfer funds and pay bills
  • Deposit checks from your phone

Customer Service
Outside Oklahoma
Hours of Operation
  • M-F: 7 a.m.-10 p.m.
  • Sat: 8 a.m.-10 p.m.
  • Sun: Noon-10 p.m.

Open all holidays except Easter, Thanksgiving, and Christmas.