Member Security Center

• What should I do if I think my identity has been stolen?
  
• Review My Credit Report
• Experian Credit Freeze
• TransUnion Credit Freeze
• Equifax Credit Freeze

What is Skimming?

A method used by criminals to capture debit or credit card data from the magnetic stripe on the back of an ATM card. However, in order to commit fraud the card data and PIN information are both needed.

What is PIN Capturing?

A method used by criminals to obtain your credit or debit card’s PIN information. Methods include social engineering (human interaction) techniques, strategically placed cameras, and/or false keypads to capture PIN information. Many skimming attacks use a combination of technical and social engineering techniques such as the ‘good Samaritan’ or ‘friendly and helpful’ passerby who may offer to enter your PIN for you. NEVER give your PIN to anyone!

Remember the following to keep yourself safe when using any ATM, Kiosk or automatic payment system:

• Cover Up! Shield your PIN entry on the ATM or Kiosk keypad with your spare hand when entering information. By protecting your PIN, criminals won’t have access to your account if your card information is compromised.
• Stand close to the ATM and use your body as a shield as extra security to protect your card and PIN.
• Do not accept assistance and guidance or allow just anyone to interfere with your transaction – fraudsters sometimes pose as credit union or bank officials and offer assistance or interfere with your transaction.
• Report any unusual appearance or any difficulty using an ATM or Kiosk immediately.
• If you suspect that a skimming device is attached to an ATM or Kiosk, DO NOT attempt to remove it or tamper with it in any way. The criminals who engage in this type of fraudulent activity are known to become violent as they are typically not far away from the scene observing.
• Be vigilant in reviewing your account transactions frequently for irregularities or unidentifiable charges or transactions.
• Sign up for eAlerts so you know right away if there’s fraudulent activity on your accounts.
• Only insert your card when the ATM prompts you to do so – fraudsters may jam ATMs to create confusion with customers.
• Don’t allow anyone to call you back to the ATM or KIOSK after transacting, requesting you to insert your card again – fraudsters use this technique to confuse customers who’ve already finalized their transactions and are busy walking away.
• Be observant of your surroundings when transacting at the ATM. Leave the ATM immediately if you feel unsafe or when suspicious people are loitering in the area.
• Use ATMs you are familiar with and avoid using ATMs in secluded areas or late at night. Choose ATMs in high traffic areas that are well lit.
• Never force your card into an ATM slot.
• If your card is trapped or captured by an ATM, do not leave the ATM. Call the debit card lost & stolen number immediately to cancel the card before leaving the ATM.
• Do not accept an offer to use someone else’s phone when phoning your bank to cancel your card.

Phishing is the practice of luring unsuspecting internet users to a fake website by using an authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack.

Please note that there are two easy and clear identifiers that guarantee you have reached AmeriCU Credit Union’s Online Banking Login Page. The website in your address bar should be https://www.americu.org/or https://www.myamericu.org/legacyob/signon/. Also, when visiting a secure site, you’ll see a picture of a lock visible in the address bar or in the lower right hand corner of the screen. Both of these must be visible in your browser to ensure your safety when logging into Online Banking.

If you double-click on the pad lock image, you can view our Verisign Certificate details. These details verify AmeriCU’s website and ensure that you have reached the authentic login page. If the certificate is not issued by Verisign and is not for the website https://www.myamericu.org, then the site is not valid. Please be sure to check the spelling.

A variant on phishing is “vishing”, which uses telephone systems to obtain information from unwary consumers. The term vishing is a combination of voice and phishing. Vishing is the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephone systems to gain access to private personal and financial information from the public for the purpose of financial reward.

Consumers are becoming more aware that any email they receive containing a link or other contact information could be malicious in nature. So, criminals are using methods victims are more familiar with, like calling a number. Vishing exploits the public’s trust in telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for Caller ID “spoofing” and thus provides anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software to create phony automated customer call center service lines.

An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a fraudulent call center established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).

Vishing is very hard for authorities to monitor or trace. To protect yourself, we advise that you be highly suspicious of messages (telephone, email, or otherwise) directing you to call and provide personal, confidential, and/or account related information. Rather than provide any information, you should contact your financial institution or credit card company directly to verify the validity of the message (i.e. do not use contact information provided in the suspicious message).

Similar to vishing, fraudsters may send fraudulent text messages on mobile phones advising you of issues with your account in order to gain access to private personal and financial information.

Elder financial abuse is a serious problem that often goes undetected. This type of abuse involves the illegal or improper use of an elderly adult’s funds, property, or resources by someone else. Family members, friends, trusted individuals, scams, or predatory products and services may all participate in elder abuse. New York State has created resources where you can learn more about elder financial abuse, how to spot it, and how to report it. View New York State resources.

Concerned that someone you know may be a victim of elder financial abuse? The US Justice Department has a tool on their website to help you identify this abuse. View elder abuse roadmap.

If you suspect Elder Financial Abuse, please report this abuse to your local Department of Social Services. Please visit the New York State Office of Financial Services website to find contact information for your local Department of Social Services.

Equifax, a major credit reporting agency, recently announced a cybersecurity breach potentially impacting approximately 143 million U.S. consumers. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. Please be assured that AmeriCU’s systems were NOT compromised. We have the highest level of security possible and take every precaution to safeguard and protect your accounts and personal information.

Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for one year of complimentary credit file monitoring and identity theft protection. The website also provides additional information on steps consumers can take to protect their personal information. In addition to the website, Equifax sent direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. You may also contact Equifax directly at 866.447.7559 with any questions.

Please note: AmeriCU will NEVER contact you by phone or email and ask you to verify your account details such as debit or credit card numbers, social security number, and/or passwords. If you receive such an email/text message/phone call, please contact us immediately and DO NOT provide any information to the sender.

Could AmeriCU have prevented this incident?

AmeriCU has no control over how other companies store your information. Every company has an obligation to make every attempt to protect sensitive consumer information by ensuring their systems are secure. At this time, we recommend that all members monitor their account activity frequently for suspicious transactions. If you have not done so already, please take advantage of our Online & Mobile Banking services which will allow you to check your account activity frequently and set up eAlerts and Fraud Alerts to receive text and/or email notification of activity on your account(s). If you notice any suspicious transactions or have any questions, please contact AmeriCU immediately at
800.388.2000.

How do I protect my credit reports?

If you’re concerned about someone gaining access to your credit report without your permission, you may consider placing a fraud alert or credit freeze on your report(s).  Even with a fraud alert or freeze, you should still actively monitor your accounts for fraudulent transactions.

Credit Report Fraud Alerts

When you have a fraud alert on your report, businesses must first verify your identity before issuing credit. The initial alerts last for 90 days and can be renewed. To place a fraud alert on your report, contact one of the nationwide credit reporting companies (the company you contact must share the alert information with the other companies) and ask for the company to put a fraud alert on your credit file. This service is free to consumers.

• Transunion: 800.680.7289
• Experian: 888.397.3742
• Equifax: 800.525.6285

For more information, visit the Federal Trade Commission’s consumer information on Fraud Alerts.

Credit Freeze

A credit freeze restricts access to your credit report, making it more difficult for identity thieves to open new accounts in your name. A credit freeze does not prevent you from getting your free annual credit report, keep you from opening a new account, applying for a job, renting an apartment, or buying insurance. But if you’re doing any of these, you’ll need to lift the freeze temporarily, either for a specific time or for a specific party, say, a potential landlord or employer. The cost and lead times to lift a freeze vary, so it’s best to check with the credit reporting company in advance. A freeze also does not prevent a thief from making charges to your existing accounts. You still need to monitor all bank, credit card and insurance statements for fraudulent transactions.

To place a freeze on your credit report(s) contact each of the nationwide credit reporting companies (Equifax — 800.349.9960; Experian —
888.397.3742; TransUnion — 800.352.9699; Innovis —888.909.8872 ). You’ll need to supply your name, address, date of birth, Social Security number and other personal information. Fees vary based on where you live, but commonly range from $5 to $10.

After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

To lift a freeze on your credit report(s)

In a few states, credit freezes expire after seven years. In the vast majority of states, a freeze remains in place until you ask the credit reporting company to temporarily lift it or remove it altogether. A credit reporting company must lift a freeze no later than three business days after getting your request. The cost to lift a freeze varies by state.

If you opt for a temporary lift because you are applying for credit or a job, and you can find out which credit reporting company the business will contact for your file, you can save some money by lifting the freeze only at that particular company.

The New York State Department of Financial Services has many resources available for consumer protection available on its website.

AmeriCU is Federally Insured by the National Credit Union Association. In 1970, Congress created the NCUA to insure deposits at federally insured credit unions, protect credit union members, and charter and regulate federal credit unions.

Backed by the full faith and credit of the United States, the NCUA Share Insurance Fund provides up to $250,000 of federal share insurance to AmeriCU account holders (and millions of other credit unions nationwide).

The NCUA also provides resources for consumers, information about the agency, and regulatory resources on its website. Learn more about NCUA’s information for consumers.

The Consumer Federal Protection Bureau was created to provide a single point of accountability for enforcing federal consumer financial laws and protecting consumers in the financial marketplace. They work to protect consumers from unfair, deceptive, or abusive practices and take action against companies that break the law. The CFPB website is an excellent resource for consumers.

The Federal Trade Commission (FTC) has a great webpage dedicated to the education of consumers on many different Imposter Scams. These scams are sometimes hard to detect as they prey on someone’s natural tendency to trust and in many cases, create a sense of urgency. The main categories of these scams are online dating, family emergency, government agency (IRS and Social Security Administration are typical) and caregiver. Although these seem drastically different, they have one common goal; to steal money from victims. For more information visit https://www.consumer.ftc.gov/features/feature-0037-imposter-scams

Since email has become a preferred method of communication for many members, we have partnered with Zix Corporation, the leader in email encryption services, to better protect your sensitive information in our email communication. This encryption service enables AmeriCU to take extra precautions to protect your personal information, such as social security number, driver’s license, credit card and account numbers, from fraud.

AmeriCU now encrypts emails using ZixCorp Secure Email Encryption Services. You are able to easily access these messages without downloading additional software.

To learn more about how to send and receive secure emails with AmeriCU, please review our Secure Email User Guide. If you have any questions, please visit your local Financial Center or call our Member Service Center at 800.388.2000. Find your financial center.