Your Security

Your protection is our priority
We strive to safeguard your data. We do this by:

  • setting policies and procedures for carefully handling your information;
  • limiting employee access to sensitive information;
  • protecting against unauthorized access to customer data using data encryption, authentication, and virus detection technology;
  • requiring service providers who do business with Balboa to comply with privacy laws;
  • auditing company security practices;
  • monitoring our websites through recognized online privacy and security organizations such as Cybertrust Corporation; and
  • conducting background checks on all employees and providing privacy training.

TruSecure® Certified Logo; 

About our websites
Our systems automatically switch to "secure" mode when you are asked to enter personal information on a Balboa Insurance Group ("Balboa") website (such as your policy or certificate number or social security number). To keep your data safe we use:

  • Encryption and authentication technology
  • Website design that blocks or limits online display of customer information when not necessary to the transaction
  • IDs and passwords to protect customer information

For more details on Internet security, please see our About Internet Security section.

Use of cookies and Web beacons
We design many features of our website so new visitors may anonymously learn about our products and services, without revealing their identity. For new visitors, we use "cookies", Web beacons (GIFs) or similar files to collect limited information (such as the date, time and areas of our website visited and the website the new visitor came from). When you select one of our products or services, review your accounts online or respond to marketing materials sent to you directly, we will try to identify your browser and may combine information from "cookies," Web beacons and other similar devices and other information collected online with any other information we maintain about you. By improving the marketing and content of our website and making your online experience more convenient, we are able to better serve our customers' financial needs.

Cookies are required to access your online accounts
You can have your Web browser disable “cookies” but if you turn off “cookies,” it is not possible to access your online accounts. Cookies are used for security purposes when you log into your account so that we can recognize your computer.  Cookies used to access your online account are encrypted and used solely to support your online account activity.

Similar Files
Balboa sometimes uses technologies similar to cookies to store information.  For example, we also use files called Flash objects to help assure security as part of the online account log-in process.  Flash objects are also encrypted and used solely to support your online account activity.

About Internet Security

How Does Browser Security Work?
Recent versions of most internet browsers support the encrypted transmission of on-line documents and the data you enter on a web page. This means that instead of sending readable text, both your browser and the website's secure server encode all text using a security key. That way, personal data sent to your browser or data you send back would be extremely difficult to decode in the unlikely event it was intercepted by an unauthorized party. The key used for encoding is a random number that is unique to your session at the secure website.

There are two grades of internet security: International-grade encryption uses a 40-bit random number negotiated between your browser and the web-server. This means that only one out of about 1,000,000,000,000 possible decoding keys can be used to decipher your data. Domestic-grade encryption uses a 128-bit key, so that the number of possible keys is vastly larger. The Balboa site uses the highest grade of encryption supported by your browser and your internet connection.

How Do I Know If Security Is Operating?
Your internet session is encrypted if your security-enabled browser is connected to a website using the Secure Hypertext Transport Protocol. URL strings beginning with "HTTPS://" instead of the usual "HTTP://" indicate that the secure protocol is in effect. Your browser may also tell you if security is operating. For example, Mozilla's Firefox will display the lock icon icon in the lower right corner of your screen in secure mode. Microsoft Internet Explorer show a Microsoft Internet Explorer key icon icon in either case. Note that security may be operating without any visible indication if the web page you are viewing employs frames (see below).

If secure transmission is not in effect or only part of a frame-based page is secure, Firefox shows the "red slashed lock" red slashed lock, no security available icon, and Explorer does not show the "lock" icon.

Most browsers can be set to give you a pop-up announcement when you enter or leave a secure web page. In Firefox, these settings are on the Security section when you select "Options" on the Tools menu. In IE, the setting is on the "Advanced" tab when you select "Options" on the View menu.

Secure Mode and Frame-Based Web Pages
Security may be operating without displaying any security icons (or Netscape may show the "broken key" icon) if only part of the frame-based pages is employing security. You can verify the security of a page within a frame by opening it in a new browser window. Both IE and Netscape allow you to open a link in a new window by right-clicking on the link and selecting that option from the pop-up context menu. When a secure page is open in its own window, instead of being viewed within a frame, you can then see the security icons provided by your browser as well as the "https://" secure protocol prefix in the URL string.

Cookies
When you visit a website, a small file called a "cookie" may be saved to your computer's hard drive during your visit. When you revisit the site, the website's server may open the cookie file and access the stored information. You can usually set your browser to limit or let you know about cookies that a website places on your computer.

Web Beacons
A Web beacon is a graphic image (such as a pixel tag or clear GIF) that is placed on a web page or in an e-mail message to monitor user activity (such as whether the web page or e-mail message is read or clicked). They are often invisible because they are very small in size. They are also used on many web pages for alignment purposes. We sometimes use Web beacons to provide an independent accounting of how many people visit our websites or to gather statistics about browser usage at our websites. Some of our web pages and HTML-formatted e-mail newsletters use Web beacons in conjunction with cookies. It is difficult for you to limit the use of Web beacons because there is no easy way to distinguish their use from alignment and other purposes. They may be loaded from a different web server than the rest of the page.

Third Party Advertising
We sometimes use third party advertising companies to serve our internet ad banners on our site and other sites on which we advertise. If you click on one of those ads, you will be directed to one of the Balboa sites offering that particular product or service. If you view a web page where our ads appear, the advertising company may place a cookie on your computer or use a Web beacon to access a cookie they previously placed on your computer. These companies do not collect information that can identify you personally, but may use information about your visits to our sites and other sites to measure the effectiveness of ads. We do not give any personally identifiable information to these companies. Unless you are fist notified, these advertising companies do not link any online actions or cookie to any information that can be used to personally identify you (such as your name, address or e-mail address). The companies that distribute our ads are prohibited by contract from using information other than for the agreed upon purpose -- to help us market our products and services and to measure response rates.

Third party advertisers are subject to their own privacy policies.  Currently, we use web beacons provided by Doubleclick, Yahoo!, Google, and MSN.  If you prefer that Doubleclick does not record your information by means of these web beacons on our website, please click here.  http://www.networkadvertising,org/consumer/opt_out.asp. If you prefer that Yahoo! not record information by means of these Beacons on our website, visit Yahoo! at http://privacy.yahoo.com/privacy/us/beacons/details.html to opt out.  To prevent other advertising companies from placing cookies on your computer, you may adjust the privacy settings for your browser to block or filter cookies, or visit each website individually and opt-out.

Similar Devices
For example, we include URLs in email marketing materials sent directly to you (such as special offers) so that we can identify that it is you responding to the campaign and provide details on the offer available to you.

Special protections for health information
We may also collect non-public personal health information to provide you with insurance quotes and service your insurance policies.  We only share this health information for marketing purposes with your written authorization.  We disclose some of this health data to third parties (such as regulators and insurers).

Shared Secrets

What are Shared Secrets?
Shared secrets are the most common security method for accessing confidential information. A shared secret is something known to both the user and the holder of the confidential information. The most common shared secrets are a user ID and password. These shared secrets allow the user to log into the site of the holder of confidential information such as a financial institutions or online merchants. Shared secrets form an integral part of user authentication in today's online environment.

Protecting Your Shared Secrets
Protecting your shared secrets ensures that information accessed via those shared secrets is protected. You should never record your shared secrets electronically such as in documents or spreadsheets. In the event of a compromise of your computer hard drive, your shared secrets can be compromised as well placing all the data protected by those shared secrets at banks and merchants at risk. Likewise you should never store credit card numbers, expiration dates, bank account number, social security numbers, driver’s license number or other personal identifying information electronically on your computer for the same reason.

Your shared secrets should never be revealed in response to unsolicited e-mails. Criminals attempt to obtain individual’s personal identifying information and use that information illegally such as to open and/or use credit cards, obtain phone or utility accounts, obtain loans, work, open bank accounts and/or pass fraudulent checks using a technique called ("phishing"). Criminals may also attempt to obtain that information over the phone posing as a survey taker, telemarketer or other unsolicited caller ("pretexting").

Common Shared Secrets
To minimize the potential compromise of your shared secrets, you should avoid commonly used secrets such as names (yours, your spouse's name, your children's, parents), common terms that appear in the dictionary (brute force attacks to crack passwords often use dictionaries in an attempt to randomly match the password), exclusively numbers (numbers range from 0 to 9 for each character where letters range from a to z creating 26 potential variations or 52 if case sensitive). The best passwords are a combination of both letters and numbers where the letters do not spell words that could be found in a dictionary and the password is of sufficient length, 6 characters or preferably more, to make brute force attacks harder.

We suggest you do not use shared secrets across multiple domains (e.g. websites). If you use the same logon and password while shopping or surfing online as you use for your bank, if one of the online merchant sites is compromised, your user ID and password could then be used to access your bank information. Not all website apply the same level of security to their database. The use of a single logon ID and password across multiple sites is only as secure at the least secure site.

What Do I Do If My Shared Secrets are Compromised?
Immediately change your shared secrets with all sites on which you have used the same shared secrets. Follow the instructions What Should I Do if I Become a Victim of Identity Theft?

Identity Theft

What is Identity Theft?
Identity theft is when someone takes and uses your personal information (such as your name, social security or credit card number) without your permission to commit fraud or other crimes. These criminals take the identities of others to open new credit cards; obtain phone or utility accounts, loans, or employment; open bank accounts; and/or pass fraudulent checks. According to the FBI, identity theft is the fastest growing crime in America.

How Does Identity Theft Occur?
Criminals gain access to personal information in many ways, but the most common method is to take it from the victim themselves - you. They steal mail (such as account statements, new checks and offers of credit) left in a mailbox, discarded in the trash or stored in an easy to get to location in your home or office. They take credit card and personal identification from your purse or wallet. Without knowing it, you may give the information directly to the criminal when you enter data at an unsecured or unknown website, or in response to a fraudulent request for account information through an unverified e-mail ("phishing"). Imposters also ask for information from you in unsolicited phone calls, tricking you into thinking it is someone you know, such as your bank ("pretexting").

What Happens to the Victim?
Identity thieves can damage the credit reputations and lives of victims. Studies have shown that victims spend an average of $808 and 205 hours resolving the identity theft. Time and money is spent clearing credit reports, reporting the theft to lenders and merchants, and filing complaints with law enforcement and governmental agencies. One of the menacing problems of identity theft is that it can happen more than once. Once the initial incident is resolved, the thief may begin using the victim’s identity again after waiting 6 months to a year and the cycle begins all over again.

How Can I Prevent Becoming a Victim?
Identity theft requires someone to gain access to your personal information. You can take steps to decrease the risk of someone stealing your information.

  • Destroy papers you throw out. Shred or completely destroy any documents that contain personal information before discarding them in the trash. This includes information about you, your family, your home, or your accounts such as credit card solicitations, pre-approved credit offers, convenience checks contained in your statements, bills, cancelled checks, loan offerings, ATM or credit card receipts, insurance or tax information. Just as important are receipts from ATM’s or self-service devices such as gasoline pumps. Don’t just leave them behind or throw them in the trash. Criminals only need a few pieces of information about you to get credit in your name and access your existing accounts.
  • Be careful who you give your information to over the telephone. Do not give out personal information such as your social security number, credit card or bank account numbers, or loan numbers over the phone to anyone who has called you without first confirming who you are speaking to, why they need the information and that they are who they claim to be.
  • Guard your PINs. Never give out your Personal Identification Number (PIN). Memorize your PINs and never write them on your cards or carry them in your wallet.
  • Report lost or stolen credit cards, checks or identification immediately.
  • Store your personal information securely. Keep it where it is not easily available in the event of a burglary or other unauthorized access.
  • Be cautious online. Make sure it is safe when you are asked to provide information at websites or with online merchants you do not have an existing relationship with. Always confirm that you are in a secure session before entering personal information online (see How Do I Know if Security is Operating?).
  • Check your credit reports. Review your credit report regularly to identify any inquiries or accounts that you are not aware of and did not apply for.
  • Protect your mailbox. If your residential mailbox is not secure, don’t put outgoing mail in the box and promptly pick up incoming mail or obtain a secure postal mailbox.
  • Safeguard your checks. Never print your personal information such as a Social Security Number or driver’s license number on your checks.

What Should I Do if I Become a Victim of Identity Theft?
Contact the three major credit bureaus

Equifax
P.O. Box 105069
Atlanta, GA 30348
1-800-525-6285
www.equifax.com

Experian
P.O. Box 2002
Allen, TX 75013
1-888-397-3742
www.experian.com

TransUnion
P.O. Box 1000
Chester, PA 19022
1-800-680-7289
www.transunion.com

Ask them to send you a copy of your credit report and instruct them to place a fraud alert on your record. Once you receive the report, review it carefully. Contact any creditors listed that you did not apply for credit with and inform them that you have been a victim of identity theft. Instruct them to close the account, send you copies of the application and any transactions, and to promptly clear your credit record.

  • Contact your local police or sheriff’s department and file an identity theft complaint.
  • File a complaint with the Federal Trade Commission at www.consumer.gov/idtheft or via their hotline at 1-877-IDTHEFT (438-4338).

Identity Theft Resources

Federal Trade Commission (FTC) 1-877-438-4338

Social Security Administration Fraud Hotline 1-800-269-0271

Department of Justice

US Postal Inspection Service 1-800-372-8347

Privacy Rights Clearinghouse 1-619-298-3396

Identity Theft Resource Center 1-858-693-7935

Identity Theft Statistics

Identity Theft Laws (by state)

What is Balboa Insurance Group Doing to Assist in the Battle Against Identity Theft?
Protecting the confidentiality and security of our customers’ personal information is a priority for the Balboa Insurance Group family of companies. You can find more information in our Privacy and Security Policy. We understand the implications identity theft can have and take very specific steps to reduce the chance that identity thieves can damage the credit reputations of our customers. As a result, Balboa has put multiple safety measures in place to combat identity theft.

Training
Balboa trains key employees in customer identification and authentication. Our training is designed to reduce the chance of an account or loan being opened in your name without your permission. We regularly update training to educate our employees on changing trends in identity theft.

Fraud Hotline
For many years, Balboa Insurance Group -- through it's parent company, Countrywide -- has maintained a Fraud Hotline for consumers, employees and the public to report crimes, including identity theft. Fraud Hotline staff work with departments across the Balboa Insurance Group family of companies to block credit reporting based on claims of identity theft, conduct investigations including reviews of the account or loan documentation, and, if identity theft is confirmed, notify the credit bureaus and correct credit reporting history on affected Countrywide relationships. The Fraud Hotline serves as a single point of contact for consumers to report identity theft complaints to Balboa. You can reach the Fraud Hotline by any method described under the Reporting Identity Theft on a Countrywide Relationship section below.

Education
Consumer awareness is a critical component in reducing the incidence of identity theft. Balboa provides consumer education and training on identity theft through featured articles in our quarterly newsletters, statement messaging and our websites.

Industry Associations
Balboa works in concert with industry groups in developing legislation, policies and practices to fight identity theft and other crimes in the businesses we operate in. Balboa also works with these industry groups in the establishment and adherence to security and customer authentication programs to ensure that we remain an industry leader in protecting your identity and assets held with us.

Law Enforcement
Balboa coordinates with local, state and federal law enforcement when identity theft cases arise.

Reporting Identity Theft
If you think your identity has been stolen, please contact us immediately. The Identity Theft Complaint form that you can access by clicking below should be completed and then faxed or mailed back to us at the address shown. To access the Complaint form, you will need Adobe Acrobat Reader installed on your computer.

 
e-mail   fraud_hotline@countrywide.com
 
phone   1-877-CUFRAUD (283-7283)
 
fax   1-805-306-7158
 
mail   Fraud Investigation
30930 Russell Ranch Road, WLRR-469
Westlake Village, CA 91362
  

ID Theft Complaint 		Requires
Adobe Acrobat Reader

Click to downloaded free
Due to the insecure nature of e-mail, the ID Theft Complaint should be faxed or mailed to Countrywide as shown to the left.

About the Balboa Insurance Group Web Site
Though we have provided specifics of the many steps we take to help restrict access to your personal information, internet communication is not a secure medium.  We do not assume responsibility for any harm, loss, or damage you may experience or incur by the sending of personal or confidential information by or to Balboa Insurance Group.

For copies of the Privacy Notices provided to Balboa customers, please select the “Privacy Notices” section of this area of the web site and the appropriate sub group of notices, depending on the character of the relationship and the location where the insurance policy is (or may be) issued.

Last updated: April, 2008. 
Home | Company | Products | Claims | Media | Careers | Contact Us | Site Map
©2008 Balboa Insurance Group, Inc.  · Legal Disclaimers · Copyright Notice · Privacy & Security Policy
LastApprovedFileVersion : 36 LastApprovedBy : MGARIT LastApprovedDate : 04/01/2008 04:58 PM FileCreatedBy : MGARIT FileCreatedDate : 05/02/2006 02:35 PM