Security

Recent Fraud Events

5/19/14: Phone Scam

NEFCU is aware of a phone scam that began on May 18 and appears to be ongoing. Members are called at random and told that their card has been suspended or deactivated, and asked for personal information to “reinstate” their card. NEFCU is not mentioned by name in the scam. If you have received a call and given out information in response to this scam, please call NEFCU immediately. As always, we advise you not to divulge any information in response to an unsolicited request. If unsure, hang up and call NEFCU directly or call the number printed on the back of your card.


 

Protecting Your Accounts

What You Can Do

  • Ask us to scan your driver's license or photo ID the next time you visit a NEFCU branch. This way we'll know if anyone tries to impersonate you.
  • Ask us to put a password on your accounts.
  • Passwords you use to access your online financial accounts should never be reused on other online accounts. Make your NEFCU login one-of-a-kind! That way, if a security breach happens somewhere else, your most important accounts won't be affected.
  • Use NEFCUOnline and Account Alerts, and receive an emailed alert if your balance drops below a certain amount. This can help you monitor unauthorized withdrawals.
  • When you visit a teller, present your membership card or jot down your member number and pass that to the teller, instead of speaking it aloud.
  • Shred sensitive papers. Drop them in a SecurShred bin at any branch.
  • Attend a seminar to learn more about identity theft, the new techniques thieves are using, and how you can recover if you become a victim.
  • Use BillPay so some payments can be made electronically, avoiding the risk of a check sent in the mail.
  • Check NEFCU newsletters and nefcu.com for updates on security topics - stay informed!

What NEFCU Is Doing

In the Branch or On the Phone

  • We know our members. Scanned IDs are one tool that help us protect you against impersonation. We also keep your signature on file.
  • We use alternative identification methods when we need to verify your identity. We won't ask you for your Social Security number, date of birth or mother's maiden name. Instead, we'll ask you a series of other carefully-constructed questions and the answers to which only you should know.
  • Through the NEFCU newsletter we warn members not to give their personal information or credit card numbers over the phone to telemarketers.
  • Our teller and ATM receipts are printed with truncated card numbers, so your account information is protected from dumpster divers. You also have the option of asking the teller to suppress the printing of your available balance.


Bringing Resources to You

  • We hold seminars to educate members about identity theft, new techniques thieves use, and how you can recover if necessary.
  • We provide SecurShred paper shredding bins free of charge. You can drop sensitive paperwork in a bin at any branch at any time and we'll make sure it is properly destroyed.
  • We encourage you to use Account Alerts, so you can receive an immediate emailed alert if your balance drops below a certain amount.
  • We encourage you to use BillPay as a way of keeping account numbers from falling into the wrong hands.
  • We provide up-to-date information about how you can protect yourself from identity theft on our website, nefcu.com.


Behind the Scenes

  • We continually check Visa and Debit cards for unusual activity.
  • We will call you if we detect any unusual activity on your NEFCU card.
  • We follow up-to-date industry standards for password protection.


If you think you have become a victim of identity theft, or if you have any questions, come into any branch or call TeleBranch at 802-879-8790 or 800-400-8790.

You can also contact the fraud departments of one of the three major credit bureaus and request that a fraud alert be placed on the credit file. These alerts will be on your file for 90 days. Any creditor pulling your report will be advised to contact you prior to extending credit, as you have reported an increased risk of identity theft.

TransUnion
Experian
Equifax

Fraud Prevention

Recent Fraud Events
 
5/19/14: Phone Scam

NEFCU is aware of a phone scam that began on May 18 and appears to be ongoing. Members are called at random and told that their card has been suspended or deactivated, and asked for personal information to “reinstate” their card. NEFCU is not mentioned by name in the scam. If you have received a call and given out information in response to this scam, please call NEFCU immediately. As always, we advise you not to divulge any information in response to an unsolicited request. If unsure, hang up and call NEFCU directly or call the number printed on the back of your card.


Common Fraud Techniques
These are examples of common fraud schemes (not necessarily experienced by NEFCU members).
 
Advance Fee Scam
Many scams involve fees or other payments sent in advance. Here are some common scenarios:

  • Online sale asking you (the seller) to immediately refund purchase price "over payments" (which in fact are counterfeit payments, usually money orders).
  • Inheritance from a supposed long-lost relative.
  • Communication claiming you won the lottery in a foreign country.
  • Employment scams offering work permits for highly-paid jobs abroad.
  • Correspondence claiming that an authority figure (often in an African nation) needs help transferring large sums to U.S. accounts. If you agree to help, you are promised a percentage of the funds.
  • Mystery shopper offer asking you to use funds to purchase a money gram sent to a specified person.

Communication About Fraud on Your Account
You get an email, phone call or text message informing you that fraud has been detected on your account. This communication may even appear to come from your own financial institution. You are asked to provide information, usually a credit card number or log in credentials, to resolve the supposed fraud or to prevent the account from being closed.

Impersonation of Family or Friend
Generally done by phone, the fraudster takes advantage of your desire to be helpful.  In a common version, you receive a call telling you that your grandchild needs money, sometimes with further explanation that they have been in an accident or arrested.  The fraudster asks you to wire or send money through Western Union, further advising "Don't tell Mom and Dad", so the grandchild won't get in trouble.

Online Sales Pitches for Security Products
You are presented with online offers for protective software (that will supposedly reduce your risk of online fraud).  The fraud may involve illegitimately capturing credit card information, or installing malicious software such as a keystroke logging program.

Phony Virus Warning or "Scareware"
You see a pop-up message on your computer that tells you your computer has a virus. The message may look similar to legitimate anti-virus software messages. In some case, the fraudster is trying to sell you bogus security software that does little or nothing. In other cases, this fraud may involve illegitimately capturing credit card information, or installing malicious software such as a keystroke logging program.  If you click to accept a download, you have likely allowed the installation of malicious software and and given control of your computer to the fraudster.

Purchase Confirmation

You receive an email or phone call whose purpose is supposedly to confirm your recent online purchase of a cell phone, laptop, TV or other product that you did not buy. The communication instructs you to make a contact if you did not make that purchase. From there your credit card information is requested.

Re-shipper or "Mule" Scam
You come across or receive a business proposition or job offer (usually proposing a work-at-home arrangement), where you are asked to be a re-shipper of goods or money orders.  You are asked to cash a check (which is fraudulent) or front the money to obtain merchandise, and then to ship it elsewhere.  The shipping address may even be a second unwitting victim, who re-ships again (inadvertently committing a crime).

Web Browser Infection (also known as “Man-in-the-Browser” Attack or Banking Trojan)
Your web browser may be compromised by a malicious software program (malware.)  When an infected web browser views financial web sites, the malware activates and can perform a number of fraudulent activities such as collecting private information, modifying transactions, and even reconfiguring the way web pages are displayed so that what you see is not what the web site sent.  Common names for various types of man-in-the-browser malware include Zeus, URLzone, and SilentBanker.


Words of Advice
If something sounds too good to be true, it probably is!
Follow these common-sense guidelines:

  • Do not send money to someone you don't know or for something that is supposedly free.
  • Do not respond to an e-mail that asks you to share personal information.
  • Call the known number of a business when responding to instructions to make a call  (not a number given to you by a caller, or in an email).
  • When in doubt about an email, do not click any links.
  • Do not accept checks or money orders from people you do not know.

Resources
Protecting Your Accounts -  What you can do, what NEFCU is doing
Identity Theft Resources   
Consumer Protection
Snopes.com -  This site helps to distinguish between truth and urban legend!

Online Secuity

NEFCUOnline Security

  • Can any other member see my account information?

    No, your information is kept strictly confidential. NEFCUOnline requires a combination of the correct username and corresponding password to access any confidential information at NEFCU. Plus, login is only allowed from the device(s) that you have designated to have access to your account. Unless you share your login information with others and give them physical access to your devices or you opt to grant access to another user through the Shared Access (entitlements) feature, no one but you will be able to access your account information through NEFCUOnline or over the Internet.

  • Can I securely grant access to my account to another user?

    Yes, you can use Shared Access (entitlements) to grant account access to designated individuals. As the account holder, you determine which accounts your subuser(s) should see and you choose whether you want them to have “View Only” access or whether you want them to perform certain types of transactions such as internal transfers and bill payments. If you opt to grant access to BillPay, you must set a per transaction limit. Any transactions submitted by a subuser that exceed this limit will require your approval before they process.

    To get started, click on “Additional Services” and select “Share Access with Others” from the dropdown menu. This link will take you to the page where you can add subusers, manage their permissions, or revoke access at any time. If you have any pending transaction to approve, they will also be displayed at the top of this page.

  • Is it safe to access my accounts? Are my accounts secure?
    NEFCU has taken many steps to ensure the security of NEFCUOnline. We provide system and transaction security through strong authentication, encryption and digital certification software. Access to your account via NEFCUOnline is only allowed through the devices you have designated to have access to your account. You will be required to use your username and a valid password to access the system. For your protection, NEFCU recommends that you memorize your password and do not write it down (just like an ATM PIN). You should never give your password to anyone or let anyone see you enter your password when you are logging in to NEFCUOnline. In addition, you should change your password periodically and do not use easily identified passwords such as birth dates, years, etc. To better protect you, you will have only a limited number of tries to input the password correctly. If you accidentally become locked out of NEFCUOnline, you will need to call TeleBranch at 800-400-8790 or stop in to one of our branches for assistance.
  • Where is my data stored? Who has access to my data?

    Transaction data that appears in NEFCUOnline is refreshed each time NEFCUOnline is loaded. Consequently, there is no account data storage outside NEFCU with NEFCUOnline. 

    Turbo Tax and FinanceWorks data is stored within Intuit systems. Intuit systems are secured with encryption, perimeter and internal firewalls, screening and filtering routers, intrusion detection, strict authentication, virus protection, and application security. Intuit network architecture is structured so servers that store member information are not directly connected to the Internet.

    Additionally, Intuit employs policies and procedures to ensure the highest level of security throughout their organization including physical controls such as retina eye scan authentication for access to their data centers, administrative controls such as clear personnel policies and background checks, and a team of security specialists who provide 24/7 support. In addition, Ernst & Young performs an SSAE 16 Audit (the latest AICPA standard) of Intuit's service controls, and measures their effectiveness. This assessment includes physical facilities as well as Internet operations.

    As always, some Credit Union employees have access to member financial data by virtue of their role at the Credit Union. However, that access is governed by internal policies and by several layers of security safeguards. In addition, NEFCU security is examined annually by external auditors and by the National Credit Union Administration (NCUA).

Identity Theft Resources

Learn how to safeguard your personal and financial records from fraud and identity theft with Identity Theft Coach.

Each year, millions of Americans discover that someone has fraudulently assumed their identity. A criminal using a stolen social security number or other personal information can quickly run up thousands of dollars in purchases before a victim becomes aware that their identity has been stolen.

Identity theft has become the fastest-growing crime in America, a crime which usually leaves victims with the responsibility of cleaning up a web of phony purchases, bogus accounts and damaged credit ratings.

Protective Tips When Identity Theft Risk is Elevated

To Help Protect Minors

If you are concerned about potential identity theft for your child or children under 18 years of age, you can use this form to send a letter to the three primary credit bureaus. (You will need to input your information three times, since the form creates letters to all three bureaus.)

Letter to Credit Bureaus for Minor Children

If you think you are a victim, stop into any branch or call us at 802-879-8795 or 800-400-8790.