Credit Union of Atlanta's Commitment to Security
Each year more and more Americans have their identity stolen. The staff and management of Credit Union of Atlanta (CUA) want to give you the information you need to help protect yourself against identity theft.
CUA cannot guarantee that your ID will never be stolen, but we will NEVER request personal information by email or text messaging, including account numbers, passwords, personal identification information or any other confidential member information.
Fraudulent emails, which request personal or confidential information, may be designed to appear as though they are originated from CUA. If this information is requested in an email, even if it appears to be from CUA, please do not respond or go to any links listed on the email.
CUA will never contact you and ask for your debit/credit card number or your full SSN. If we need to contact you, it will always be done in a manner that protects your personal, confidential information and we will clearly identify ourselves. We will not ask you for information we already have.
CUA works with local regulatory and law enforcement departments to be certain any type of illegal activity is stopped as soon as possible. We have multi-layer security to protect your confidential information and will continue to be vigilant in protecting it.
If you suspect identity theft or have any questions regarding this notice, or to report any suspicious emails or websites, please contact us at (404) 658-6465.
Online Banking Security
CUA is committed to protecting your personal information. Our Online Banking service uses several different methods to protect your information. All information within our Online Banking uses the Secure Socket Layer (SSL) protocol for transferring data. SSL is a crypto system that creates a secure environment for the information being transferred between your browser and Crane. All information transferred through Online Banking has a 128-bit encryption which is the highest level of encryption. In addition to the security features put in place by CUA here are some tips on keeping your information secure.
- Never give out any personal information including user names, passwords, Social Security number, or date of birth
- When possible, create difficult passwords which include letters, numbers, and symbols
- Don't use personal information for your user names or passwords such as birth dates or Social Security number
- Avoid using public computers to access your Online Banking
- Don't give any of your personal information to any website that does not use encryption or other secure methods to protect it
Mobile Banking Security
Tips for safe and secure Mobile Banking:
- Research any application (app) before downloading it. You should download signed applications only from trusted sources. Just because the name of an app resembles the name of the Credit Union, don't assume it is the official CUA app. It could be a fraudulent app designed to trick users into believing the service is legitimate. The only place to download the CUA mobile banking app is from our Home Banking site, once you've logged into the service. Be aware that fraudsters will continue to create fraudulent applications.
- For mobile devices using the Android operating system, do not enable Android's "install from unknown sources." If you have any doubts about any websites or mobile banking applications, contact CUA immediately.
- Adopt safe practices as you would using your personal computer, including not opening attachments or clicking on links contained in emails received from unfamiliar sources.
- CUA will never ask for your password under any circumstances. Do not give your password to others under any circumstances (including mobile phone support operators or mobile phone sales representatives, etc.). Fraudsters will try to obtain mobile banking passwords by e-mail, letter, phone calls, asking for your mobile banking account number, username, password, and other important information. If you have any doubts, please contact CUA.
- Do not respond to text messages requesting personal information, such as Social Security numbers, credit/debit/ATM card numbers, and account numbers.
- Please use strong passwords that are not easily identified. Passwords should be composed of numbers, letters (upper case and lower case) and special characters.
- It is good practice to change your mobile banking password regularly.
- Never store usernames and passwords on the device.
- Do not lend others your phone with the mobile banking function opened as this will prevent infringement and deter others from spying on your personal information.
- Be careful about where and how you conduct transactions. Do not use your device in an unsecured Wi-Fi network or in a public place, such as in a coffee shop, because fraud artists might be able to access the information transmitted or viewed. Also, do not send account numbers or other sensitive information through regular e-mails or text messages because those are not necessarily secure.
- Password protect and lock your mobile device when it is not in use. Keep your mobile device in a safe location.
- Frequently delete text messages from your financial institution on your mobile device, especially if they contain sensitive information.
- If you change your mobile number, immediately contact CUA to change the details of your mobile banking profile. Notify the credit union and your carrier immediately if your device is lost or stolen. Check with your wireless provider in advance to find out about features that enable you to remotely erase content or turn off access to your device or account if lost or stolen.
- Do not modify (jailbreak) your mobile phone. It will make your mobile phone susceptible to an infection from a virus, Trojan, or malware, or it may disable important security features.
- When possible, install mobile security software on your mobile phone, similar to anti-virus software you have on your laptop or desktop computers.
- Be alert to changes in your mobile phone performance. If you download any new applications and your mobile phone starts performing differently (for example, responding slowly to commands or draining its battery faster), that could be a sign that malicious code is present on your mobile phone.
- Monitor your financial records and accounts on a regular basis. Use the electronic account alerts to send to your email or mobile device on account activity. Regularly review your statements with online banking. This will enable you to spot any suspicious activity.
- A benefit to using mobile banking is that it can actually help deter some fraud because it gives a member an easy way to check their accounts on a regular basis and notify CUA quickly if they see suspicious activity.
If at any time you do notice suspicious activity on your accounts, please notify a CUA representative immediately at (404) 658-6465.
What is Identity Theft?
Identity theft involves the unlawful acquisition and use of someone's identifying information, such as:
- Date of Birth
- Social Security Number
- Mother's Maiden Name
- Driver's License
- Credit Union, Bank or Credit Card Account Number
Thieves then use the information to repeatedly commit fraud in an attempt to duplicate your identity which may include opening new accounts, purchasing automobiles, applying for loans, credit cards, and social security benefits, renting apartments and establishing services with utility and telephone companies. It can have a negative effect on your credit and create a serious financial hassle for you.
How do I protect myself?
- Report lost or stolen checks or credit cards immediately
- Never give out any personal information including birthdate, Social Security number or passwords
- Shred all documents containing personal information: bank statements, unused checks, deposit slips, credit card statements, pay stubs, medical billings, and invoices
- Don't give any of your personal information to any websites that do not use encryption or other secure methods to protect it
For more information about identity theft and other tips on how to protect yourself and your information please visit the following websites:
Credit Reporting Agencies
PO Box 105069
Atlanta, GA 30349-5069
To order a report: 800-685-1111
To report fraud: 800-525-6285
PO Box 2002
Allen, TX 75013-0949
To order a report: 888-397-3742
To report fraud: 888-397-3742
PO Box 1000
Chester, PA 19022
To order a report: 800-916-8800
To report fraud: 800-680-7289
Links to other websites found here are provided to assist in locating information. CUA does not provide, and is not responsible for, the product, service, or overall website content available at a third party site. CUA neither endorses the information, content, presentation, or accuracy, nor makes any warranty, express or implied, regarding any external site. CUA's privacy policies do not apply to linked websites. You should consult the privacy disclosures on any linked site for further information.
Debit Card Protection
Debit card usage has increased dramatically in recent years and fraudulent use of debit cards has also increased.
We at CUA have some suggestions for you for the care and usage of debit cards.
- NEVER give your debit card information when requested by phone, email, or texting. The staff at CUA nor any other financial institution we know of will ever request information from you in this manner. Please contact us if you receive any such request.
- It is a good idea to pay by credit card if your card leaves your sight. An example might be when a waiter takes your card from your table in a restaurant or when ordering online. Debit cards are easier to process illegally vs credit cards.
Regulation E: Electronic Fund Transfers
This law is designed to protect consumers making electronic fund transfers. The term "electronic fund transfer" (EFT) generally refers to a transaction initiated through an electronic terminal, telephone, computer, or magnetic tape that instructs a financial institution either to credit or debit a consumer's asset account.
The Electronic Fund Transfer Act (also known as Regulation E) was issued by the Board of Governors of the Federal Reserve System and adopted in 1978 as an add-on to the Consumer Credit Protection Act. The law and regulation establish the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer services and of financial institutions that offer these services.
Important Information for Business/Commercial Members
Business/Commercial members are not covered by Regulation E. As a result, it is critical that Business/Commercial members implement sound security practices within their places of business as outlined in the program to reduce the risk of fraud and unauthorized transactions from occurring.
Corporate Account Takeover is a form of identity theft in which criminals steal your valid online banking credentials. The attacks are usually stealthy and quiet. Malware introduced onto your systems may go undetected for weeks or months. Account-draining transfers using stolen credentials may happen at any time and may go unnoticed depending on the frequency of your account monitoring efforts.
The good news is, if you follow sound business practices, you can protect your company:
Use layered system security measures: Create layers of firewalls, anti-malware software and encryption. One layer of security might not be enough. Install robust anti-malware programs on every workstation and laptop. Keep the programs updated.
Manage the security of online banking with a single, dedicated computer used exclusively for online banking and cash management. This computer should not be connected to your business network, should not retrieve any e-mail messages, and should not be used for any online purpose except banking.
Educate your employees about Cybercrimes. Make sure your employees understand that just one infected computer can lead to an account takeover. Make them very conscious of the risk, and teach them to ask the question "Does this e-mail or phone call make sense?" before they open attachments or provide information.
Block access to unnecessary or high-risk websites. Prevent access to any website that features adult entertainment, online gaming, social networking and personal e-mail. Such sites could inject malware into your network.
Establish separate user accounts for every employee accessing financial information, and limit administrative rights. Many malware programs require administrative rights to the workstation and network in order to steal credentials. If your user permissions for online banking include administrative rights, don't use those credentials for day-to-day processing.
Use approval tools in cash management to create dual control on payments. Requiring two people to issue a payment — one to set up the transaction and a second to approve the transaction — doubles the chances of stopping a criminal from draining your account.
Review or reconcile accounts online daily. The sooner you find suspicious transactions, the sooner the theft can be investigated.
Unsolicited Client Contact
CUA will never contact its clients on an unsolicited basis to request their security login credentials such as the combination of the client's username and password. If you receive a request of this type, do not respond to it. Please call us immediately at 404-658-6465 to report any activity of this nature.
CUA will only contact its members regarding online banking activity on an unsolicited basis for the following reasons:
- Suspected fraudulent activity on your account;
- Inactive/dormant account;
- To notify you of a change or disruption in service; or
- To confirm changes submitted to your online banking profile.
If you receive an unsolicited contact from a CUA staff member for any reason not cited above, your identity will be confirmed through a series of security questions and you will always have the option of hanging up and calling CUA to confirm that validity of our request. Remember, CUA will NEVER ask for your login security credentials.
Securing Your Business
Is your company keeping information secure?
Are you taking steps to protect sensitive information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:
- Take stock — Know the nature and scope of the sensitive information contained in your files and on your computers.
- Scale down — Keep only what you need for your business.
- Lock it — Protect the information in your care and that you keep.
- Pitch it — Properly dispose of what you no longer need.
- Plan ahead — Create a plan to respond to security incidents.
The following information is provided by the Federal Trade Commission, Bureau of Consumer Protection:
Know the nature and scope of the sensitive information contained in your files and on your computers.
- Take inventory of all file storage and electronic equipment. Where does your company store sensitive data?
- Talk with your employees and outside service providers to determine who sends sensitive information to your business, and how it is sent.
- Consider all of the methods with which you collect sensitive information from customers, and what kind of information you collect.
- Review where you keep the information you collect, and who has access to it.
Keep only what you need for your business.
- Use Social Security numbers only for required and lawful purposes. Don't use Social Security numbers as employee identifiers or customer locators.
- Keep customer credit card information only if you have a business need for it.
- Review the forms you use to gather data — ex: credit applications and fill-in-the-blank web screens for potential customers — and revise them to eliminate requests for information you don't need.
- Change the default settings on your software that reads customers' credit cards. Don't keep information you don't need.
- Truncate the account information on any electronically printed credit and debit card receipts that you give your customers. You may include no more than the last five digits of the card number, and you must delete the card's expiration date.
- Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.
Protect the information in your care and that you keep.
- Put documents and other materials containing sensitive information in a locked room or file cabinet.
- Remind employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
- Implement appropriate access controls for your building.
- Encrypt sensitive information if you must send it over public networks.
- Regularly run up-to-date anti-virus and anti-spyware programs on individual computers.
- Require employees to use strong passwords.
- Caution employees against transmitting personal information via e-mail.
- Create security policies for laptops used both within your office, and while traveling.
- Use a firewall to protect your computers and your network.
- Set "access controls" to allow only trusted employees with a legitimate business need to access the network.
- Monitor incoming Internet traffic for signs of security breaches.
- Check references and do background checks before hiring employees who will have access to sensitive data.
- Create procedures to ensure workers who leave your organization no longer have access to sensitive information.
- Educate employees about how to avoid Phishing and phone pretexting scams.
Properly dispose of what you no longer need.
- Create and implement information disposal practices.
- Dispose of paper records by shredding, burning, or pulverizing them.
- Defeat "dumpster divers" by encouraging your staff to separate the information that is safe to trash from sensitive data that needs to be discarded with care.
- Make shredders available throughout the workplace, including next to the photocopier.
- Use a "wipe" utility program when disposing of old computers and portable storage devices.
- Give business travelers and employees who work from home a list of procedures for disposing of sensitive documents, old computers, and portable devices.
Create a plan for responding to security incidents.
- Create a plan to respond to security incidents, and designate a response team led by a senior staff person(s).
- Draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others — a lost laptop or a hack attack, to name just two — are unfortunate, but foreseeable.
- Investigate security incidents immediately.
- Create a list of who to notify — inside or outside your organization - in the event of a security breach.
- Immediately disconnect a compromised computer from the Internet.
Online Banking Business/Commercial members are strongly encouraged to perform an annual Self-Assessment focusing on their online banking practices and network security. A Self-Assessment will evaluate whether the client has implemented sound business practices to address the five key principles outlined in the "Securing Your Business" section.
You are protected in a variety of ways when you use Online Banking; however, it is important to contact CUA in the event that your company's online access has been compromised. Also, report any unauthorized or unexpected transactions immediately.
Your account is protected against fraudulent transactions in a number of ways, so monitor your account balances and transactions frequently. If you want to report suspicious activity in your account(s), or if you have questions about the security of your account(s), you can call us at (404) 658-6465.
The following links are provided solely as a convenience to our Business/Commercial Online Banking clients. CUA neither endorses nor guarantees in any way the organizations, services, or advice associated with these links. CUA is not responsible for the accuracy of the content found on these sites.
Identity Theft, Privacy, and Security Publications for Businesses
Learn how to avoid Internet fraud, secure your computer, and protect your personal information: www.onguardonline.gov.
National Institute of Standards and Technology (NIST)
Computer Security Resource Center: www.nist.gov
SANS (SysAdmin, Audit, Network, Security) Institute's Twenty Most Critical Internet Security Controls