Customer Awareness Information for Internet Banking Members

Recently, the United Sates has seen significant changes in the threat against Internet Banking members. Fraudsters have continued to develop and deploy more sophisticated, effective, and malicious methods to compromise authentication mechanisms and gain unauthorized access to members’ online accounts. Rapidly growing organized criminal groups have become more specialized in financial fraud and have been successful in compromising an increasing array of controls. Various complicated types of attack tools have been developed and automated into downloadable kits. Fraudsters are responsible for losses of hundreds of millions of dollars resulting from online account takeovers and unauthorized funds transfers. While the credit union has implemented the most measured set of controls to help mitigate attacks on your accounts, the credit union is providing the below security awareness information for your use and action to help protect your online account and transaction information.

Below are the protections and liabilities for consumer transactions using the credit union’s internet banking program:

To access our internet banking service, you must use the ID with a password. It is your responsibility to safeguard the ID and password. Anyone to whom you give your internet banking ID and password will have full access to your accounts even if you attempt to limit that person’s authority.

You, or someone you have authorized by giving them your internet banking ID and password (even if that person exceeds your authority), can instruct us to perform the following transactions:

·         Make transfers between your qualifying account to the extent authorized;

·         Obtain information that we make available about your qualifying accounts;

·         Obtain other services or perform other transactions that we authorize.

You must have enough money or credit in any account from which you instruct us to make a payment or transfer. You also agree to the Terms and Conditions of your deposit account, that you received when you opened your deposit account.

Should you have any internet banking problems, concerns, or if something does not look right, call the credit union at (909) 986-4552 or (626) 968-9329.


Unauthorized Transactions

Your internet banking deposits, payments, and transfers will be indicated on your account statements. Please notify the credit union promptly if you change your address, email address, or if you believe there are any errors or unauthorized transactions on any statement, or statement information.

Unauthorized transactions or loss or theft of your internet banking ID and/or password:

If you believe your internet banking ID and/or password have been lost or stolen or that someone has used them without your authorization, call us immediately at (909) 986-4552 or (626) 968-9329 during normal business hours. After hours you may email us at chaffeymail@chaffey.com, or write us at Chaffey Federal Credit Union, P.O. Box 700, Upland, CA 91785. Immediately contacting us by phone is the best way of reducing your possible losses, since not all email may arrive at its’ their destination. If you choose to email us, we will send an email back to you as confirmation that we did receive your email. Because email is not secure, do not include any of your account or social security numbers with your email. Your name, address, and a brief message as to what the problem might be is all we will need. If you have given someone your internet banking ID and password or other means of access and want to terminate that person’s authority, you must change your internet banking ID and password or take additional steps to prevent further access by such person.

You may terminate your internet banking agreement at any time upon giving the credit union written notice of the termination. If you terminate, you authorize the credit union to continue making transfers you have previously authorized until we have had a reasonable opportunity to act upon your termination notice. Once we have acted upon your termination notice, we will make no further transfers or payments from your account. If we terminate your use of your internet banking account, we reserve the right to make no further transfers or payments from your account including any transactions you have previously authorized.

You are responsible for all transfers you authorize using the internet banking services under this agreement. If you permit other persons to use your password, you are responsible for any transactions they authorize or conduct on any of your accounts. However, tell us at once if you believe anyone has used your password and accessed your accounts without your authority. Telephoning is the best way of keeping your possible losses to a minimum.

Please refer to the EFT Disclosure under the section of “My Liability for Unauthorized Transactions and Advisability of Prompt Reporting” for information about limitations in reporting timeframes and possible losses.


Tips to Reduce the Risk in Internet Banking

·         Block cookies on your Web Browser – When you surf, hundreds of data points are being collected by the sites you visit. This data gets mashed together to form an integral part of your “digital profile,” which is then sold without your consent to companies around the world. By blocking cookies, you will prevent some of the data collection about you. Yes, you will have to enter passwords more often, but it is a smarter way to surf.

·         Do not put your full birth date on your social-networking profiles – Identity thieves use birth dates as cornerstones of their craft. If you want your friends to know your birthday, try just the month and day, and leave off the year.

·         Do not download Facebook apps from outside the United States – Apps on social networks can access huge amounts of personal information. Some unscrupulous or careless entities collect lots of data and then lose, abuse, or sell them. If the app maker is in the United States, it is probably safer, and at least you have recourse if something should ever go wrong.

·         Use multiple usernames and passwords – Keep your usernames and passwords for social networks, online banking, email, and online shopping all separate. Having distinct passwords is not enough nowadays – if you have the same username across different websites, your entire romantic, personal, professional, and ecommerce life can be mapped and recreated with some simple algorithms. It has happened before. It is important to utilize passwords which are "strong" in nature. Strong passwords are at least seven (7) to ten (10) characters in length, alphanumeric, case sensitive, AND require the use of at least one special character (e.g., !@#$%&).

·         Use of Security Software – It is important to install, utilize, and maintain antivirus, anti-spyware, and anti-malware programs on your home computer. Antivirus software is important because it specializes in the quarantining and removal of viruses. A virus is malicious code that has the ability to duplicate and they send copies of itself to other computers. Why are viruses bad? They can delete or alter files, send themselves to recipents on your contact list, freeze your computer and more. As you use the Web, you can encounter software - often invisible to you - that can cause problems with your computer. Examples of such problems can include the following: 1) Changing your Web search results to advertisements instead of your search results; 2) Slower system speed from your computer; 3) Interference with other software. This can result from malicious software (also known as malware) that is installed on your computer without your knowledge. Malware can include advertising software (adware) that displays ad banners on screens, and spying software (spyware) that gathers information about your Internet activity. Adware and spyware are annoying, both in the problems they can cause and in the steps you must take to manage the problem. Here is what you can do: 1) Install and regularly use ad- and spyware blocking software. You can often find such software free of charge on the manufacturers' Web sites, as well as reliable software distribution sites. You can also check with software retailers. 2) Update the software regularly.

·         Use of Public Access PCs –Without your laptop but need to access your account? The credit union recommends you do not utilize a public access PC to access your Home Banking account. These computers are usually riddled with viruses, spyware, and other tools that can capture any information you input into the computer. This includes your username and password. One of the most common tools are called Keyloggers. These are programs that keep track of every keystroke that is made on that computer. Once the data is collected, the program can either store the information or transmit it to another computer on the internet. When this happens, someone else now is going to have full access to your money because the information is captured before it can be encrypted by our security controls. Please help prevent someone else gaining access to your money by not utilizing public access PCs.


Business Internet Banking Members

If you are a credit union business internet banking member, we suggest you periodically evaluate the possible risks to your account. Some key areas to check are:

·         Who has access to the internet banking credentials?

·         Is the internet banking credentials secured after normal business hours?

·         How often is the internet banking password changed?

·         Is the antivirus and antimalware software on the PC utilized for internet banking up-to-date?

·         Is the firewall active on the PC utilized for internet banking?