DFAS Warns Against 3rd Party App

October 14, 2013 | Kate Horrell

The Department of Defense is again reminding military servicemembers and their families not to utilize any third-party applications to access Defense Finance and Accounting Service (DFAS) MyPay or Thrift Savings Plan (TSP) account services from mobile devices.

MyPay

MyPay, DFAS’s online portal to financial functions, does not have an official mobile application.  Customers who wish to access MyPay from a mobile device should use the https://mypay.dfas.mil/ web address.  The site will recognize that it is being accessed via a mobile app and will render the mobile version of the website, making it possible to easily utilize MyPay functions.  No special app is necessary.  Specifically, the MyPay DFAS LES app is an application developed and run by an outside organization.  Use of this app can compromise information, lead to loss of personal account information and result in the theft of funds.  All these things would be bad!

Thrift Savings Plan

From TSP.gov’s website:

Warning: Third-Party Mobile Applications — (March 12, 2013) There are a number of mobile applications that reference the Thrift Savings Plan and may prompt you for your TSP account credentials. These applications are NOT sponsored by the TSP. The TSP cannot endorse any information or advice provided by third-party applications. More important, providing your TSP account credentials to third-party applications may jeopardize the security of your account.

For more information on keeping your account safe, see the Security Center on the TSP website or contact the ThriftLine at 1-TSP-YOU-FRST (1-877-968-3778)

What Can You Do?

Obviously, none of us are trying to leak our account access details or compromise the integrity of our money.  It can be hard when there are legitimate looking applications that aren’t safe.  The Department of the Army Computer Crime Investigation Unit recommends the following guidelines for safe mobile app usage:

  • Before downloading, installing or using an app, take a moment to review the “About the Developer” section. This will help you get an idea about other apps that a specific developer has previously published. If available, visit the developer’s website and assess its content for things like history and professional appearance.
  • Apps that purport to allow access to military or government sites should only be installed if they are official apps sponsored by the military or other government agency.
  • Peruse the user ratings and reviews to try to get a sense from previous customers as to the truth of the application’s claim. Arguably, no app is completely perfect from the perspective of all users, but complaints about security concerns should quickly stand out from other relatively harmless issues.

Be safe out there on the web!