Customer Protection Guarantee

Keeping your retirement account information safe and secure is a high priority, which is why we’re continually improving our security and guaranteeing your protection if you take certain actions to help improve the security of your account.

Our guarantee is simple: If you help improve the security of your account, we’ll reimburse your employer-sponsored retirement account1 if there’s unauthorized activity.

Take these 3 steps to qualify for the guarantee2 and improve the security of your account:  

  1. Activate two-factor authentication at using your mobile phone or email.
  2. Provide your mobile phone number as the default for transaction requests (e.g., loans, withdrawals or distributions). 
  3. Keep contact information up-to-date, especially your mobile number and email address. Log in to your account at least quarterly and ensure your contact information is accurate. 

Here are 3 ways to contact Principal if you find out about an identity theft situation or receive a text notification from Principal about a request that you did not submit. Please contact us within 48 hours of receiving any suspicious text notifications from Principal.

  1. Call during normal business hours at
    800-547-7754 (Monday-Friday, 7 a.m.–9 p.m. CT)
  2. Call anytime using the Ethics / Fraud Hotline at
    866-858-4433 (available 24/7)
  3. Submit the Unethical/Fraudulent Activity Reporting Form (available 24/7)

If we find suspicious activity, we’ll work with you to review what happened. We’ll ask for your help, which could include working with a professional security company to review your PC or other device, filing a police report and/or signing an affidavit.  We’ll use the facts of the case to determine if unauthorized activity has occurred.  We will then evaluate to determine if the guarantee applies based on the circumstances.

Here are tips to help you keep your personal data secure:

  • Stay informed and read all correspondence from all your financial service providers (e.g. text, message center, email, or mail) within 48 hours of the information being received. And let your provider know if you see anything out of the ordinary.
  • Read these tips for stronger passwords.
  • Protect login credentials — don’t share them with anyone and don’t use the same credentials on other websites.  You should also consider updating your passwords based on certain life events (e.g., divorce). 
  • Use virus protection on devices. Read these tips for more information.
  • Let all your financial service providers know as soon as you find out about an identity theft situation of any kind (e.g., if you get a message from your credit card company that your account might have been accessed). Let providers know within 48 hours of finding out about it. That way, they can get a quicker jump on reviewing your accounts for any potential suspicious activity. 

Here is what we are doing every day to help keep your personal information secure:

Your financial information is designed to be safe because of the technology and processes we have in place. We do things like:

  • Enhancing processes and technology we have in place to keep your financial information safe.
  • Maintaining a comprehensive, full-time security team that monitors our systems and network.
  • Strengthening process security like encrypting data, monitoring malicious activity, and controlling who has access to view and handle your data.
  • Conducting regular testing of our network and systems.
  • Investing in technology like two-factor authentication, to contact you and verify access or changes to your account when submitted by an unrecognized device.
  • Protecting and verifying your calls to our contact center through technology that scans audio features to help identify calls that may be fraudulent.


1 Employer-sponsored retirement plans are defined benefit or defined contribution (including employee stock ownership plans).

2 The guarantee is effective for unauthorized activity that occurs on or after Aug. 10, 2017, and after participants have activated two-factor authentication. Exclusions to the policy:

  • Loss due to sharing credentials with other individuals and/or not adequately securing your credentials from family members / acquaintances
  • Distributions that were transferred to outside accounts that are beneficially-owned by you
  • Distribution checks that were mailed to your address on file, but fraudulently cashed by someone else
  • Fraudulent activity. malware or breach of security by the Plan Sponsor, Advisor, or Third Party Administrator (TPA) 

As of July 21, 2017. Guarantee is subject to change.