Click here to learn more about the impact of this breach on Unitus members and what you can do to better protect yourself.
Unitus Community Credit Union adheres to a strict information security policy designed to protect the security and confidentiality of your financial and personal information. The Board of Directors has established policies that provide explicit direction for securing your information and the assets of the organization. The Board has also issued a “Standards of Business Conduct” policy requiring a high level of integrity, honesty, and fairness by its employees, third-party vendors, and other persons and entities associated with Credit Union operations.
The security of your personal information is of the utmost importance to the Credit Union. We have state-of-the-art systems to secure our computer servers and networks, and several additional layers of security to ensure your personal and account information remains safe and secure. Listed below you’ll find information about some of the measures we have in place. Of course, there are details that we can’t provide in order to maintain the integrity of our security systems.
- Firewalls protect our network from outside intrusion by state-of-the-art redundant and load-balanced firewalls preventing non-authorized access to our internal systems.
- Secure transmissions ensure that information remains confidential. Encryption technology protects data in the following ways:
- Authentication ensures that you are communicating with us and prevents a computer from impersonating Unitus.
- Confidentiality is maintained by using encryption to scramble your data so it cannot be read by an unauthorized party.
- Data Integrity verifies that the information you send to us is not altered during the transmission.
- Computer anti-virus protection detects and prevents viruses from entering our network systems.
- Advances in security technology are constantly evaluated to ensure that we provide the right protection for you.
Protecting Your Child’s Privacy
The online financial services offered through Unitus Community Credit Union’s website are not designed for or directed toward children under the age of 13. We do not knowingly solicit or collect data from children, and we do not knowingly market to children online without express parental consent or notification. If we receive online information from any child we will only use the information to respond directly to a child’s request. We recognize that protecting children’s identities and online privacy is important and that responsibility rests with us and with parents. If you believe your child has provided personally identifiable information to us, please contact us so we can allow you the opportunity to review and delete such information.
Safeguard your Personal Information
You are the single best source of protection against unauthorized use of your personal information. Remember, when logging in to uOnline, Unitus will never ask for your card number, card PIN, card expiration date and card security code. Here are some simple ways to safeguard your personal information:
- Keep personal or account information in a safe place.
- Provide information only to trusted sources and never to individuals where you did not initiate the contact, or have confirmed the business or person’s identity.
- Reduce the amount of mail sent to you that could be stolen from your mailbox or trash. Choose electronic statement options (Unitus offers this service through uOnline banking or by contacting a member service representative).
- Opt-out of pre-approved credit offers by calling (888) 567-8688.
- Frequently monitor your account statements and history online for unauthorized transactions.
- Check your credit report for discrepancies on a regular basis. You can obtain a free credit report annually by visiting AnnualCreditReport.com.
- We are suggesting that our members review their Unitus passwords to assure they are strong and are different from passwords used on other sites.
- It is a good idea to change passwords on a regular basis. This may also be applied to any email accounts or other online accounts you have from other 3rd party service providers/companies. It’s suggested to check the 3rd party site’s security recommendations when setting up/changing your password.
- A helpful rule of thumb to use in creating strong passwords is to have at least 8 characters and use all 4 character groups: lower case letters, upper case letters, numbers and special characters.
Home Computer Safeguards
- Install anti-virus and anti-spyware on your home computer. There are many products available that will help prevent criminals from accessing your computer and stealing your personal information.
- Add a firewall to your computer system to prevent unauthorized users from gaining access to your system.
- Install all software fixes (sometimes called “service packs”) that are made available for your computer programs as soon as possible if the fix addresses a security weakness.
- Use a current web browser. Updated versions of web browsers are being deployed with your security in mind.
- Activate a pop-up blocking tool. Pop-ups are advertisements that “pop-up” in a separate browser window. If you open some of these “pop-ups”, you may be downloading “spyware” or “adware”.
Mobile Device Security
Today, many consumers own mobile devices and use them every day for calling and texting as well as shopping, online banking, accessing social media sites and browsing the internet. Some of these activities may put your device at risk. The following steps will help keep your device secure:
- Keep mobile device software up to date. This will ensure that your mobile device has the latest security protection.
- Create a password for your device. Create a strong password that is different from other passwords you may have for other sites, such as email, online banking, etc. Some devices provide the option to set up biometric access using your thumbprint in addition to a password.
- When considering whether to download an app, make sure it’s from a reputable source such as the App Store for Apple devices or Google Play for Android devices.
- Treat email and social media requests from strangers suspiciously. Social media sites are a favorite target for cyber thieves.
- Be a safe shopper. Always look for “https” in the url when browsing or shopping online. This indicates an added level of security and should always appear before you provide any personal information.
- Be cautious about opening text messages if you’re uncertain of the source. The message may contain malicious software that could compromise your device. When in doubt, delete the text.
Credit and Debit Card Safeguards
- Sign up for Unitus Fraud Text Alerts. Log in to uOnline, click Services and set up uTexts, or stop into any branch and we’ll set it up for you!
- Sign your cards immediately. Sign the signature panel on your credit and debit cards as soon as you receive them.
- Personal Identification Number (“PIN.”) Never carry or store your PIN and card together. If you can memorize your PIN, shred any documents containing the PIN.
- Verify your card. Be sure your card is returned following each purchase and verify that it is indeed your card.
- Wait for your card receipt. Never leave your credit card receipts at the checkout counter. Always take your charge slips with you, and tear up any carbons.
- Save your receipts. Check receipts against your online account statements or history. Report unauthorized transactions to your financial institution immediately. Once you have compared receipts to account statements, shred or destroy the receipts as soon as feasible.
- Check your statements and watch your charges. Sign in to Online Banking and view your e-statements to verify that they properly reflect the amount(s) you have authorized. Also, watch for multiple charges.
- Keep your statements private. Always keep your statements in a safe place.
- Shred printed statements as soon as you’ve verified the information.
- Keep your card out of sight. Never leave your purse or wallet unattended and always keep your cards out of plain sight.
- Never lend your card. Your credit card is your responsibility, so don’t give your card to others. Also, periodically check to make sure you have all your cards.
- Keep a list of all your card account numbers, as well as telephone numbers to call if your cards are ever lost or stolen. Make sure they’re in a separate, secure place.
- Be cautious when giving out your card number over the phone. Never provide account information to anyone who called you.
Automated Teller Machine (“ATM”) Safety Guidelines
- Use ATMs with surveillance cameras. Unitus Community Credit Union ATMs are monitored by surveillance cameras.
- Be aware of strangers. If there are individuals in the area that make you uncomfortable, leave and use another ATM.
- Put away your card and cash. After completing your transaction, secure your card and cash immediately, before exiting the ATM area. Count your cash later, in the safety of your locked car or home.
- Treat your ATM card like cash. Always protect your card by keeping it in a safe place. If your card is lost or stolen, contact us immediately.
- Protect your privacy. Shield the ATM keypad with your hand or body while entering your PIN. Do not leave your transaction record at the ATM. Keep your transaction record in a safe place, so you can compare it to your statements later.
- Be cautious at drive-up ATMs. If you use a drive-up ATM, be sure your passenger windows are rolled up and your doors are locked.
- Be careful at night. Be aware of your surroundings, especially after dark. If you must use an ATM at night, consider taking a trusted person with you.
- Stay alert. If you notice anything suspicious or unsafe, such as non-working lights around the ATM, consider using another ATM or return when the situation is safe.
- Report suspicious behavior. Report all crimes immediately to law enforcement officials.
- Request emergency assistance and security. If you need emergency assistance, call 911 from the nearest telephone.
Reporting Fraud or Suspicious Activity
The sooner you detect fraud, the lower the financial impact. If you think you’ve been a victim of fraud or your identity has been stolen, take the following steps:
- For lost or stolen Unitus credit or debit cards, immediately call 503.423.8315 or 1.800.422.3132 and choose option # 2.
- If you suspect other fraud with your Unitus accounts or relationship, call 503.227.5571 or 1.800.452.0900.
- If you are a victim of identity theft, contact the fraud department of any one of the three credit-reporting agencies to place an alert on your credit file. The alert requires creditors to take additional steps that protect you against identify theft.
Check Cashing Scam
Beware of strangers who ask you to help cash checks or perform transactions on their behalf. These checks are often counterfeit. If you are approached by a stranger who asks you to cash a check or perform any other financial transaction, immediately leave the area and report the incident to the police and to Unitus.
These scammers target individuals in parking lots or near the branches where the scam takes place. They claim that they’re desperate (e.g. stranded, starving) and provide reasons why they can’t use their own financial institution. Sometimes, the scammers will even offer a portion of the proceeds from the deposit as an incentive. They may be persistent and intimidating.
Common results of complying with these scammers are overdrafts and returned check fees, along with loss of the money given to the scammers. If you see suspicious activity of any kind, please contact law enforcement and report it to Unitus staff.
Skimming is the theft of credit, debit, and ATM card (“plastic card”) information. Plastic cards can be skimmed in a variety of ways, such as:
- At an ATM, using a false or another electronic device attached to the terminal to capture information when the card is swiped and the PIN is entered.
- At a merchant location, often when the card is out of sight, hand-held skimming devices are used to capture the information on the card.
- From stored data, including electronic data capture terminals, personal computers and mainframes. Criminals hack into these systems to retrieve and copy valid account data.
A skimmer can hold data from hundreds of different plastic cards. The data can be downloaded into a computer and emailed anywhere in the world. The final step is to create a counterfeit plastic card using the data from the skimmer.
Counterfeit plastic card scams are widespread in Europe, Asia, Latin America and the United States.
You may receive an email that appears to come from Unitus or another trusted source. The email may instruct you to click on a link or go to a website and provide personal information. Some of these emails may even threaten to suspend your account if you don’t provide the information. This type of email is called “phishing” or “spoofing” and is one of the most common types of online fraud. If a victim inadvertently enters their information, the fraudster will use the information to create a fraudulent account, a plastic card, or sell the information on the black market.
Remember that Unitus will never ask for personal information, account information or your PIN (Personal Identification Number) in an email message. If you receive a phishing email from what appears to be Unitus, please report it to our fraud department and delete the email from your mailbox. Do not reply to or click on the link it provides.
To learn more about phishing, visit www.antiphishing.org.
Vishing (Voice phishing)
Vishing is yet another attempt to fraudulently obtain account information. A member may receive an email warning them that their account has been compromised. Instead of asking you to click on a fraudulent website, the message urges the member to call a telephone number to verify account details.
When the number is called, an automated voice message says, “Welcome to account verification. Please enter your 16-digit account number”. The goal is to get the victim to enter their credit card number and other personal information. In these reported scams, no mention of the Credit Union is made.
SMiShing is like phishing, except instead of using Internet e-mails to entice members to give out personal account information the thieves use cell phone text messages.
The text message looks like official correspondence from the recipient’s credit union or bank that directs that person to a website that is similar or identical to the credit union or bank website. The website message asks the member to provide account numbers and Personal Identification Numbers. In some cases, crimeware has been downloaded to the mobile device or cell phone allowing the smisher to obtain sensitive information stored on the device.
If you have a mobile device and store sensitive information on it, consider adding password protection as a security measure.
Credit Card Scam
The majority of identity fraud crimes are self-detected. By following these simple steps, you can better protect your card from unauthorized use. Be your own fraud monitor just by paying close attention to your statement, particularly online. According to a recent report by the Better Business Bureau, accessing accounts online provides earlier identity theft detection compared to monitoring monthly paper statements and bills. If you notice a suspicious transaction, promptly contact Unitus Community Credit Union to report it. And, remember to never give information, including the CVV # (3 digit number on the back of your card), to someone on the telephone if you did not initiate the call.
ID Theft and Account Hijacking
Identity theft occurs when someone uses your name, social security number, date of birth or other identifying information without authority and with the intent to commit fraud.
You should be suspicious if you discover any of the following:
- You find new accounts on your credit report that are not yours.
- You do not receive an expected bill or statement by mail.
- You find unexpected charges on your account or charges from unrecognized vendors.
- Checks posting to your account that are significantly out of numeric order.
- You receive credit cards that you did not apply for.
- You are denied credit or are offered less than favorable credit terms for no reason.
- You receive calls from creditors or debt collectors regarding purchases or services that you did not authorize.
The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) gives you special rights when you are, or believe that you are, a victim of identity theft.
- You have the right to ask that nationwide consumer reporting agencies place “fraud alerts” on your file to let potential creditors and others know that you may be a victim of identity theft.
- You have the right to free copies of the information in your file.
- You have the right to obtain documents relating to fraudulent transactions made or accounts opened using your personal information.
- You have the right to obtain information about the debt that you believe was incurred in your name by an identity thief.
- If you believe information in your file results from identity theft, you have the right to request a consumer-reporting agency block that from your file.
- You may also prevent businesses from reporting information about you to consumer reporting agencies if you believe the information is a result of identity theft.