Health savings accounts (HSAs) have been rapidly growing in popularity over the last several years, with more than 35.5 million active accounts totaling $104 billion in assets. Since many people choose to save their HSA funds for future medical expenses, balances tend to be much higher than other types of benefit accounts. These higher balances make fraud prevention an important focus for the HSA industry. While we at EBC use industry-recognized fraud prevention practices, accountholders also play an important role in fraud prevention.  

Keep an eye on HSA emails and alerts

One key way accountholders can protect their HSA is by regularly monitoring alerts and emails with updates to their account. EBC sends accountholders an email when information to their account is changed, such as their contact information or security questions. If an accountholder receives an email with updates they did not make, they should immediately call EBC’s Participant Services Team so we can temporarily lock their account.

Regularly monitor HSA transactions

Just as it’s a best practice for individuals to monitor their bank statements or credit card transactions, HSA accountholders should regularly check their online account or mobile app to verify that their transactions were made by themself or a family member. Suspicious activity should be reported to EBC’s Participant Services Team and we will work to secure their account. Accountholders can also lock their Benefits Card using EBC Mobile to prevent further use of their account.

Create long, complex, and unique passwords for each account

Here are three important steps HSA accountholders can take to maintain a secure password for their online account:

First, the HSA accountholder should never use the same password for their HSA online account as they use for any other account. This is because if someone’s password appears in a data leak, it can be reused to gain access to the accountholder’s other online accounts.

Second, the HSA accountholder should create passwords that are long, unique to each account, and possibly randomized if the accountholder uses a password manager to store and recall passwords. 

Third, the HSA accountholder should update their password regularly, at least once per year, for added protection.