DFAS Home

Defense Finance
and Accounting Service

Providing payment services of the U.S. Department of Defense

1-888-332-7411

MyPay

Protecting your online myPay experience

The Defense Finance and Accounting Service uses state-of-the art technology to help protect your personal information and data on myPay.   But while the system is built to deter cyber criminals, most thieves focus on the part we cannot control: You, your computer and your online skills.

You can learn how protect yourself online at websites such as the Federal Trade Commission and the FBI.

Here are some quick reminders to help you  keep your time on myPay secure:
  1. DO NOT USE A PUBLIC COMPUTER OR KIOSK SYSTEM TO ACCESS myPay.  Using a public system places you at greater risk for compromise of your myPay account. Even connecting via a public wifi network exposes your information to possible theft.
  2. You're the key to protecting yourself onlineInstall operating system and application software updates (such as your browser and browser plug-ins) regularly. Many of these updates are issued to fix identified security problems.  Please visit the vendors’ websites for more information.
  3. Install, use and keep antivirus software and personal firewalls (including antivirus definitions) up-to-date. Malware comes in all shapes and sizes (email, downloads, etc.).
  4. Do not store user IDs and passwords on your computer or smartphone. If someone gains access to your device, the accounts will likely be compromised. And if you write them down, make sure to keep them locked away.
  5. After accessing your myPay account, close all of your Internet browser windows. Sometimes the browser will store session information in memory that other websites may be able to access.  Also purge cookies before and after use at a kiosk or public system.
  6. Be very careful when installing software, browser plug-ins or extensions that give others access to your computer. Remote service software or peer-to-peer software used for file sharing can create unintended openings into your computer that outsiders can exploit.
  7. Do not email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal and financial information through a website, look for indicators that the site is secure such as an image of a lock or lock icon on the browser’s status bar or a web site address that begins “https:” ( the “s” stands for “secure”).
  8. DFAS does not send email messages asking customers to update or validate information. We do send email messages that provide important information about your pay account, but we NEVER ask for customers to send passwords, login names, Social Security numbers or other personal information through email.  We recommend you to never click on links sent in an email.   Always type in the URL for myPay manually (https://mypay.dfas.mil/) or use a trusted search engine to search for the myPay website and use the most trusted result.
Financial institutions will always be a target for Internet scams, or should we say their customers will.  Here are two of the most commonly used attacks to obtain financial/personal data.  Knowing the signs can keep your identity a lot safer.

• Phishing:  The use of emails that appear to originate from a trusted source to trick a user into taking action like clicking a malicious link or opening a infected attachment.  These criminals will attempt to lure you to disclose account numbers, login information, passwords, etc.

• Keylogging:  Malware that tracks (or logs) the keys you type on a keyboard without you knowing that your actions are being monitored.  This information is sent to the criminals’ computers (again without your knowledge). The malware program is often delivered by email or when you visit a link embedded in an email that appears to be a reputable website.

You trust DFAS to ensure myPay protects your information. Make sure your actions online don’t give the criminals the tools to get around that security. Understanding the threat and knowing what to do about it is the best defense you can have. Updated Nov. 26, 2012