Security

Safeguard your Personal Information
You are the single best source of protection against unauthorized use of your personal information. Remember, when logging in to uOnline, Unitus will never ask for your card number, card PIN, card expiration date and card security code. Here are some simple ways to safeguard your personal information:

General Safeguards

• Keep personal or account information in a safe place.
• Provide information only to trusted sources and never to individuals where you did not initiate the contact, or have confirmed the business or person’s identity.
• Reduce the amount of mail sent to you that could be stolen from your mailbox or trash. Choose electronic statement options (Unitus offers this service through uOnline banking or by contacting a member service representative).
• Opt-out of pre-approved credit offers by calling (888) 567-8688.
• Frequently monitor your account statements and history online for unauthorized transactions.
• Check your credit report for discrepancies on a regular basis. You can obtain a free credit report annually by visiting AnnualCreditReport.com.

Home Computer Safeguards

• Install anti-virus and anti-spyware on your home computer. There are many products available that will help prevent criminals from accessing your computer and stealing your personal information.
• Add a firewall to your computer system to prevent unauthorized users from gaining access to your system.
• Install all software fixes (sometimes called “service packs”) that are made available for your computer programs as soon as possible if the fix addresses a security weakness.
• Use a current web browser. Updated versions of web browsers are being deployed with your security in mind.
• Activate a pop-up blocking tool. Pop-ups are advertisements that “pop-up” in a separate browser window. If you open some of these “pop-ups”, you may be downloading “spyware” or “adware”.

Mobile Device Security

Today, many consumers own mobile devices and use them every day for calling and texting as well as shopping, online banking, accessing social media sites and browsing the internet. Some of these activities may put your device at risk. The following steps will help keep your device secure:

• Keep mobile device software up to date. This will ensure that your mobile device has the latest security protection.
• Create a password for your device. Create a strong password that is different from other passwords you may have for other sites, such as email, online banking, etc.  Some devices provide the option to set up biometric access using your thumbprint in addition to a password.
• When considering whether to download an app, make sure it’s from a reputable source such as the App Store for Apple devices or Google Play for Android devices.
• Treat email and social media requests from strangers suspiciously. Social media sites are a favorite target for cyber thieves.
• Be a safe shopper. Always look for “https” in the url when browsing or shopping online. This indicates an added level of security and should always appear before you provide any personal information.
• Be cautious about opening text messages if you’re uncertain of the source. The message may contain malicious software that could compromise your device. When in doubt, delete the text.

Credit and Debit Card Safeguards

• Sign your cards immediately. Sign the signature panel on your credit and debit cards as soon as you receive them.
• Personal Identification Number (“PIN.”) Never carry or store your PIN and card together. If you can memorize your PIN, shred any documents containing the PIN.
• Verify your card. Be sure your card is returned following each purchase and verify that it is indeed your card.
• Wait for your card receipt. Never leave your credit card receipts at the checkout counter. Always take your charge slips with you, and tear up any carbons.
• Save your receipts. Check receipts against your online account statements or history. Report unauthorized transactions to your financial institution immediately. Once you have compared receipts to account statements, shred or destroy the receipts as soon as feasible.
• Check your statements and watch your charges. Sign in to Online Banking and view your e-statements to verify that they properly reflect the amount(s) you have authorized. Also, watch for multiple charges.
• Keep your statements private. Always keep your statements in a safe place.
• Shred printed statements as soon as you’ve verified the information.
• Keep your card out of sight. Never leave your purse or wallet unattended and always keep your cards out of plain sight.
• Never lend your card. Your credit card is your responsibility, so don’t give your card to others. Also, periodically check to make sure you have all your cards.
• Keep a list of all your card account numbers, as well as telephone numbers to call if your cards are ever lost or stolen. Make sure they’re in a separate, secure place.
• Be cautious when giving out your card number over the phone. Never provide account information to anyone who called you.

Automated Teller Machine (“ATM”) Safety Guidelines

• Use ATMs with surveillance cameras. Unitus Community Credit Union ATMs are monitored by surveillance cameras.
• Be aware of strangers. If there are individuals in the area that make you uncomfortable, leave and use another ATM.
• Put away your card and cash. After completing your transaction, secure your card and cash immediately, before exiting the ATM area. Count your cash later, in the safety of your locked car or home.
• Treat your ATM card like cash. Always protect your card by keeping it in a safe place. If your card is lost or stolen, contact us immediately.
• Protect your privacy. Shield the ATM keypad with your hand or body while entering your PIN. Do not leave your transaction record at the ATM. Keep your transaction record in a safe place, so you can compare it to your statements later.
• Be cautious at drive-up ATMs. If you use a drive-up ATM, be sure your passenger windows are rolled up and your doors are locked.
• Be careful at night. Be aware of your surroundings, especially after dark. If you must use an ATM at night, consider taking a trusted person with you.
• Stay alert. If you notice anything suspicious or unsafe, such as non-working lights around the ATM, consider using another ATM or return when the situation is safe.
• Report suspicious behavior. Report all crimes immediately to law enforcement officials.
• Request emergency assistance and security. If you need emergency assistance, call 911 from the nearest telephone.

Reporting Fraud

Reporting Fraud or Suspicious Activity
The sooner you detect fraud, the lower the financial impact. If you think you’ve been a victim of fraud or your identity has been stolen, take the following steps:

• For lost or stolen Unitus credit or debit cards, immediately call 503.423.8315 or 1.800.422.3132 and choose option # 2.
• If you suspect other fraud with your Unitus accounts or relationship, call 503.227.5571 or 1.800.452.0900.
• If you are a victim of identity theft, contact the fraud department of any one of the three credit-reporting agencies to place an alert on your credit file. The alert requires creditors to take additional steps that protect you against identify theft.

Fraud Schemes

Check Cashing Scam

Beware of strangers who ask you to help cash checks or perform transactions on their behalf. These checks are often counterfeit. If you are approached by a stranger who asks you to cash a check or perform any other financial transaction, immediately leave the area and report the incident to the police and to Unitus.

These scammers target individuals in parking lots or near the branches where the scam takes place. They claim that they’re desperate (e.g. stranded, starving) and provide reasons why they can’t use their own financial institution. Sometimes, the scammers will even offer a portion of the proceeds from the deposit as an incentive. They may be persistent and intimidating.

Common results of complying with these scammers are overdrafts and returned check fees, along with loss of the money given to the scammers. If you see suspicious activity of any kind, please contact law enforcement and report it to Unitus staff.

Skimming
Skimming is the theft of credit, debit, and ATM card (“plastic card”) information. Plastic cards can be skimmed in a variety of ways, such as:

• At an ATM, using a false or another electronic device attached to the terminal to capture information when the card is swiped and the PIN is entered.
• At a merchant location, often when the card is out of sight, hand-held skimming devices are used to capture the information on the card.
• From stored data, including electronic data capture terminals, personal computers and mainframes. Criminals hack into these systems to retrieve and copy valid account data.

A skimmer can hold data from hundreds of different plastic cards. The data can be downloaded into a computer and emailed anywhere in the world. The final step is to create a counterfeit plastic card using the data from the skimmer.

Counterfeit plastic card scams are widespread in Europe, Asia, Latin America and the United States.

Phishing
You may receive an email that appears to come from Unitus or another trusted source. The email may instruct you to click on a link or go to a website and provide personal information. Some of these emails may even threaten to suspend your account if you don’t provide the information. This type of email is called “phishing” or “spoofing” and is one of the most common types of online fraud. If a victim inadvertently enters their information, the fraudster will use the information to create a fraudulent account, a plastic card, or sell the information on the black market.

Remember that Unitus will never ask for personal information, account information or your PIN (Personal Identification Number) in an email message. If you receive a phishing email from what appears to be Unitus, please report it to our fraud department and delete the email from your mailbox. Do not reply to or click on the link it provides.

To learn more about phishing, visit www.antiphishing.org.

Vishing (Voice phishing)
Vishing is yet another attempt to fraudulently obtain account information. A member may receive an email warning them that their account has been compromised. Instead of asking you to click on a fraudulent website, the message urges the member to call a telephone number to verify account details.

When the number is called, an automated voice message says, “Welcome to account verification. Please enter your 16-digit account number”. The goal is to get the victim to enter their credit card number and other personal information. In these reported scams, no mention of the Credit Union is made.

SMiShing
SMiShing is like phishing, except instead of using Internet e-mails to entice members to give out personal account information the thieves use cell phone text messages.

The text message looks like official correspondence from the recipient’s credit union or bank that directs that person to a website that is similar or identical to the credit union or bank website. The website message asks the member to provide account numbers and Personal Identification Numbers. In some cases, crimeware has been downloaded to the mobile device or cell phone allowing the smisher to obtain sensitive information stored on the device.

If you have a mobile device and store sensitive information on it, consider adding password protection as a security measure.

Credit Card Scam
The majority of identity fraud crimes are self-detected. By following these simple steps, you can better protect your card from unauthorized use. Be your own fraud monitor just by paying close attention to your statement, particularly online. According to a recent report by the Better Business Bureau, accessing accounts online provides earlier identity theft detection compared to monitoring monthly paper statements and bills. If you notice a suspicious transaction, promptly contact Unitus Community Credit Union to report it. And, remember to never give information, including the CVV # (3 digit number on the back of your card), to someone on the telephone if you did not initiate the call.

ID Theft and Account Hijacking
Identity theft occurs when someone uses your name, social security number, date of birth or other identifying information without authority and with the intent to commit fraud.

Red flags
You should be suspicious if you discover any of the following:

• You find new accounts on your credit report that are not yours.
• You do not receive an expected bill or statement by mail.
• You find unexpected charges on your account or charges from unrecognized vendors.
• Checks posting to your account that are significantly out of numeric order.
• You receive credit cards that you did not apply for.
• You are denied credit or are offered less than favorable credit terms for no reason.
• You receive calls from creditors or debt collectors regarding purchases or services that you did not authorize.

The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) gives you special rights when you are, or believe that you are, a victim of identity theft.

• You have the right to ask that nationwide consumer reporting agencies place “fraud alerts” on your file to let potential creditors and others know that you may be a victim of identity theft.
• You have the right to free copies of the information in your file.
• You have the right to obtain documents relating to fraudulent transactions made or accounts opened using your personal information.
• You have the right to obtain information about the debt that you believe was incurred in your name by an identity thief.
• If you believe information in your file results from identity theft, you have the right to request a consumer-reporting agency block that from your file.
• You may also prevent businesses from reporting information about you to consumer reporting agencies if you believe the information is a result of identity theft.

To learn more about identity theft, detection, and your rights, visit http://www.ftc.gov/idtheft.