Account Security

PROTECT YOUR ACCOUNT

The upward trend of customers using online channels for banking and financial services has expanded the opportunities for criminals and cyber-crime!

Due to many credit unions and banks having more sophisticated IT security systems, criminals are turning away from tightly secured bank computers and are instead looking toward the potentially weaker computer systems of credit union clients. More and more attacks are also being committed against small and medium-sized businesses. Some of the most common approaches for criminals to compromise end-user data are to take advantage of users visiting unsecured networks or compromised websites, not having up-to-date virus protection and security patches, or opening attachments with embedded malware or Trojan software.

Superior Credit Union has the expectation that each customer will take any and all reasonable precautions to reduce the likelihood of computer-related fraud. There is not one best approach for online security, but we would like to offer several recommendations:

 

ONLINE SECURITY

Anti-Virus Software. Be sure to install anti-virus, anti-spyware, malware, and adware detection software from a reputable vendor on to your computer and keep it up to date. You may need to have a professional scan and repair your computer for viruses, malware, and Trojans if your computer has been infected.

Computer Updates. Make sure the computer you are using has the most current updates and patches released by Microsoft, Java, and Adobe. Most of the updates are security patches for browsers such as Internet Explorer, Mozilla Firefox, and other software that could potentially expose the computer to hacking.

Secure Site. Make sure your banking site (URL) starts with https:// and not http://. The “s” indicates a secure transaction using a different method of communication than standard Internet traffic. A security icon that looks like a closed padlock or key appears when the site is authenticated.

Do Not Use Links. Never use a link to reach a financial institution’s website. Type in your bank’s website address into the Internet browser’s address bar every time.

Public Computer. Never access your financial institution’s website from a public computer at a hotel, library, airport, or public wireless access point.

Website Familiarity. Know what your financial institution’s website looks like and which questions are asked to verify your identity. Some attacks, known as man-in-the-middle attacks, will change the login page. A user can sometimes spot these attacks by noticing slight modifications to the bank’s standard page, such as extra security questions, poor grammar, misspellings, a fuzzy or older bank logo, or a change to the location of each feature. A typical malware behavior will also ask a user to enter their user ID, password, and security information three or four times and will then post a message that the site is down for maintenance or servicing. Online Banking sites will not be down for maintenance during normal business hours. If the site is down for any reason, you will see that message in advance and the log in screen will not be accessible.

Suspicious E-Mails. Be extremely suspicious of e-mails purporting to be from your financial institution, a government agency, or any suspicious e-mails from unknown sources. Financial institutions should never contact you via e-mail to request you to verify information. If you believe the contact may be legitimate, do NOT use the link provided in the e-mail; instead, type the website address of your financial institution into your Internet browser’s address bar or contact your financial institution at a phone number you know is valid.

Online Purchase Transactions. Avoid using debit cards for online transactions, as this provides direct access to your bank account. If you use a credit card to shop online, use only one credit card with a low credit limit. Monitor the activity on the card as often as possible.

Log Off Properly. Properly log out of all financial institution websites before closing the browser window.

Shut Off Computer. Always lock or shut off your computer when you leave it unattended. Set your computer to automatically lock after a set period of inactivity (i.e. 15 minutes).

Passwords. Use strong passwords (at least 10 characters combining uppercase and lowercase letters, numbers, and symbols) and change them frequently. Do not allow your computer to save your login names or passwords and keep them confidential. Do not use your login or password for your financial institution on any other website or software. Superior Credit Union will never request login user names, passwords, or answers to security questions from our clients on an unsolicited basis under any circumstances.

Use a Different Computer. Do not use the same computer for financial transactions that children or non-savvy Internet users utilize for regular Internet access.

Posting Personal Information. Do not post your personal information on the Internet. Your high school, maiden name, date of birth, first car, first school, youngest sibling’s name, mother’s full name, father’s full name, etc. are the answers to many security questions on financial websites. When you post this information, you are making it easier for criminals to gain access to your financial information. In addition, never send confidential information, such as your account number, Social Security number, etc., in an Internet e-mail or over an unsecure website.

Alerts. Check with your financial institution about enabling “Alerts” and other security measures that may be available. Superior Credit Union does have Online Banking alerts for such areas as minimum balance, maximum balance, transfers, deposits completed, checks completed, and CD maturity.

Report Suspicious Activity. Regularly log in to your online accounts and check your bank and credit card statements to ensure transactions are legitimate. Immediately report any suspicious activity on your
account(s). There is a limited recovery window and a rapid response may prevent additional losses.

Security & Fraud Education.  Sign up for Superior Credit Union’s Fraud Prevention eAlerts.  Once you are enrolled in Superior Credit Union’s eStatements service, signing up for eAlerts is an easy way to receive information about ways you can protect yourself from fraud.

 

 

 

MOBILE SECURITY

Best Security Practices for Mobile Banking Use

Important: If you have not signed up for Scu@Home Online Banking, you must do that from a PC before you can access Mobile Banking.

Phone Security:

  • You should lock your mobile phone with a password so that it is not easily accessed.
  • Do not leave your mobile phone unattended where others can use it.
  • Do not save your Scu@Home Username, Password or account information on your phone.
  • If you should lose your mobile phone, contact your cell carrier immediately and have your phone disabled. Also, login to Scu@Homeusing a PC and change your password.
  • Superior Credit Union will never send an email or text message requesting your Username or Password. If you get such a request, be sure to check your mobile phone for malware or other viruses.
  • If you purchased a used or refurbished mobile phone, check it for pre-loaded malware or viruses that can be used to steal your data.
  • Confirm that your Bluetooth technology is set to a high security mode so that you must approve any connections or downloads before they are made.
  • Always disable your phone’s Bluetooth function when it is not in use.
  • Make sure you are using a secure internet browser and connection while connected to Mobile Banking.
  • Regularly run anti-virus and anti-spyware programs on your smartphone, just as you would on your PC.

Access Security:

  • Do not share your Scu@Home Username and Password. If you allow others to use your Username and Password, you are responsible for any transactions that occur.
  • If you click the option to “Remember this phone”, this could disable the one-time pass code (via voice call, text, or email) at login but this action also reduces the level of access security. We do not recommend clicking this option.
  • If you have clicked “Remember this phone” and would like to reverse this option, click on the “Remove extra security from this phone” link on the Accounts tab. This will remove the security cookie and cause you to get a one-time passcode by voice call, text, or email each time you log into your account (which enhances your account security).  We recommend that you click this option.
  • You may be required to get a one-time pass code via voice call, text, or email each time at login if you clear cookies or remove the battery from your phone. 
  • Close out of Mobile Banking when you are finished with your session. For added security, Mobile Banking will automatically log you out after 5 minutes.

Security & Fraud Education:

  • Sign up for Superior Credit Union’s Fraud Prevention eAlerts. Once you are enrolled in Superior Credit Union’s eStatements service, signing up for eAlerts is an easy way to receive information about ways you can protect yourself from fraud.

 
Best Practices for Mobile Devices

Mobile devices have the potential to store large amounts of private user information as well as sensitive data, including personal account information, website login IDs and passwords, email, and location information. Consequently, mobile device malware is on the rise.

The Federal Communications Commission (FCC) recommended the following steps to reduce your exposure to mobile threats:

  1. Set PINs and Passwords—The first line of defense is setting a password or PIN to access your device, then configure it to lock after being idle for two minutes or less. Also, devices that support SIM cards should use the SIM password capability.
  2. Do Not Modify Built-In Security Features—Jailbreaking, rooting or tampering with your device’s factory settings increases the risk of compromise.
  3. Back up and Secure Data—Frequently back up your device’s stored data to enable its recovery if your device were lost, stolen or erased.
  4. Only Install Apps from Trusted Sources—Research apps prior to installing them to ensure they are legitimate. You can do this by checking reviews and the app store, and comparing the app developer’s official website to confirm they are consistent.
  5. Understand App Permissions Before Accepting—Think twice before granting an app access to data or functions on your device. Also, always check the privacy settings for each app prior to installation.
  6. Install Security Apps that Enable Remote Location and Wiping—Most devices, either as an app or system function, have the ability to remotely locate and erase all settings and data. The “Find My iPhone” app for iOS and “Locate My Droid” app for
  7. Install System Updates when Released—Doing so when prompted will reduce the risk of exposure to known malware and cyber threats.
  8. Beware of Open Wi-Fi Networks—Data transmitted on unencrypted Wi-Fi networks can be viewed by anyone connected to the same network. If you are not asked to enter a key when attempting to connect to the network, it is not secure, so use your company’s VPN or such apps as HotSpot Shield (available for both iOS and Android).
  9. Wipe Data Prior to Donating, Selling or Recycling Old Devices—In order to keep sensitive information private, data should be completely erased, and the device reset to its initial factory settings, prior to disposal.
  10. Report Stolen Devices—The major wireless service providers established a stolen phone database, in coordination with the FCC. You should report your phone as stolen to your local law enforcement and inform your wireless provider. This will prevent your stolen phone from being activated on any wireless network.

Following these best practices can reduce your exposure to mobile threats and will protect private and sensitive data.