Safety & Security
EFCU's Commitment to Security
- The Credit Union maintains a firewall system that protects our Web server from unauthorized access.
- We use EV-SSL (Extended Validation Secure Socket Layer) technology to encrypt all traffic (including account numbers, PINs, and financial data) that is sent between your computer and our Home Branch system. A new encryption key is generated every time you log in to Home Branch. Please note that the information is not encrypted once it resides within your computer.
- We require a valid account number and PIN to access your account. After three bad attempts, the account is locked for your protection.
- A session-only cookie is transmitted to your computer when you successfully log in to Home Branch. The cookie contains a number that is unique to every session and every member. While you are logged in, it is used to verify your access to information. When you either logout, close your browser, or allow the inactivity timer (see below) to expire, this session-only cookie values becomes invalid. EFCU recommends that you log out of Home Branch and/or close your browser every time you are finished accessing your financial information through Home Branch. We do not recommend leaving your computer unattended and allowing the inactivity timer to expire. In order to access Home Branch you will need to enable session-only cookie support for eglinfcu.org.
- An inactivity timer automatically breaks your connection to Home Branch after several minutes of inactivity. This prevents you from accidentally leaving active connections to Home Branch after you have completed your transactions.
- The Credit Union uses a Multi-Factor Authentication system to further verify your identity when you access your account information online. Members are prompted to select and answer three secret questions to establish their identity. The questions will appear when there is a challenge situation, for example; you sign on to Home Branch from an unfamiliar location.
This statement updates and replaces any other notices about our Internet security.
LEARN MORE ABOUT HOW YOU CAN IMPROVE YOUR SECURITY
- Bluetooth: Consider disabling Bluetooth connectivity on your device unless you find it necessary.
- GPS: Consider disabling Global Positioning System (GPS) and other location services unless you need them.
- Avoid logging in from public computers and over open Wi-Fi connections.
- Check your last login date every time you log into Home Branch.
SAFETY TIPS FOR MEMBERS
- Never give out personal or financial information in response to an unsolicited phone call, fax, e-mail or text.
- Contact the financial institution to confirm the legitimacy of any e-mail that asks for the submission of personal or account information.
- Check credit card and account statements regularly for unauthorized transactions, even small ones.
- Make sure websites are safe when submitting financial information online. Check for padlocks or key icons at the bottoms of Internet browsers. Most secure Web addresses also use "https" as opposed to "http."
- Report suspicious activity to the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
- Contact your financial institution immediately if a phishy link may have been clicked or a suspicious communication responded to.
Getting infected with a computer virus or Trojan can be frustrating. These programs are known to destroy your computer, slow its performance, and barrage you with annoying pop-up ads. However, the types of viruses and Trojans that infect computers today are more malicious. They are designed to steal your credit card information and passwords, take over your email and use it for spamming, or even record what you type on your computer. Also, many of the new viruses and Trojans aim to be transparent so most people don't even know they have been infected.
Using anti-virus software and keeping it up-to-date is the best protection against these threats. Nowadays, most anti-virus software products will automatically update themselves as new threats are uncovered so you don't have to do a thing. Many Internet service providers now even offer these products free to their customers.
Hackers constantly create new ways to penetrate your computer. Installing a personal firewall is essential to safeguard your computer and valuable personal information. A firewall is a secure barrier that sits between your computer and the Internet that prevents hackers from accessing your information.
A firewall needs to be installed properly or it will not effectively protect you from online threats. In addition, like anti-virus software, your firewall should be kept up-to-date. This is easy to do with software that automatically updates the latest versions onto your computer.
Do you think your password is impossible to guess? The reality is that many people use simple passwords that are easy to remember but make it easy for hackers to gain access to your financial and personal accounts. Making your password more complex will keep you safer online (though much more can still be done).
You should also have more than one password that you use. Just as you wouldn't use the same key for your house, your car, your mailbox and your office, you shouldn't use the same password for all of your online accounts. This exposes you to more risk and increases the likelihood of having your information stolen.
More simple tips to keep your password protection strong:
- Use passwords that have at least eight characters.
- Use a combination of letters, numbers and symbols. This will create a much stronger password. For example, Tim_Chic@go171 is a better alternative than TIMCHICAGO. However, it is important to create a password that you can still remember without having to write it down.
- Another clever trick you can use to create a strong, yet still memorable password is to think of a phrase or a poem and convert the first letters of each word in the phrase into your password. For example, "How much wood could a woodchuck chuck" would become HmWc@wC.
- Using common data such as your name, family member's names, hometown, your birth date or any word that can be found in the dictionary make your password less secure (hackers often have programs that will try every word in the dictionary in order to crack your password).
- Using the same ID/password combination for several different accounts means that if one of your combinations is stolen, all of your accounts are at risk. For instance, if someone steals your password for your online photo site, they will be then able to access your online accounts. Try to use different combinations for your various online accounts.
- You should also change your passwords frequently (at least every 90 days) and make sure you never share them with anyone.
- "Logout" of online sites when you are finished conducting your business. Don't just close the browser or "X" out of the page.
Online criminals will attempt to acquire your personal information by luring you to a website that looks legitimate, but is actually a fake site. If you receive any emails from an unfamiliar source, or any suspicious pop-ups, do not click on the links or open the attachment.
New online attacks are so advanced that they are capable of redirecting you to a fake website, even if you didn't click on anything. If a web page asks for you to provide sensitive information that it has never asked you to provide before, do not type anything and close the page immediately. Financial institutions and online service providers do not ask you to enter information such as your credit card number, Social Security number, or PIN number on the login page or any subsequent pages.
As consumers become more educated about fraud and identity theft, online criminals are moving to other places to launch their scams. Phone scams are gaining popularity again. There are two common types of phone scams. The first type of scam involves an email detailing a problem with your account and requests you to call a specific phone number to provide more details. The second type of scam involves a phone call from an automated call center asking you for sensitive information. You should never provide personal information to an unsolicited caller.
Mobile phones are another new target. For example, one scam involves sending a text message to your mobile phone claiming to be your financial institution or a credit card processor. If you receive such a text message and are unsure if it is a legitimate communication, call your financial institution's customer service center to verify that the message is genuine.
To better inform yourself about how cyber-criminals attempt to steal your private information, we recommend reading DocuSign's article about phishing scams, Combating Phishing: A Proactive Approach
Sometimes, just the presence of a security lock alone is not proof enough that a website is genuine. If in doubt, you can verify a website is genuine by double clicking on the lock to display the website's security certificate, and then check if the name on the certificate and the website that appears in the address bar match. If they do not match, then the website might be phony.
GUARD YOUR PRIVACY
The growth of social networking sites has made it easier for online criminals to obtain information on you. This is a way for them to gather information to answer the challenge questions most online service providers require in order to enable access to your account or retrieve and change your password. Limit the amount of personal information you publicly share online.
REVIEW YOUR STATEMENTS
Despite adopting all the appropriate security measures, online users still manage to fall victim to scams and have their identity stolen. In order to help ensure that you and your information stay safe, check your online account statements frequently. If you have fallen victim to online fraud, the sooner you know about it, the sooner you can act to block your accounts, and take corrective action. If you detect suspicious activity in your account, you should immediately contact your account provider for help.
If we suspect fraudulent ATM or debit card use, we will call you to validate the legitimacy of your transactions. Your participation in responding to our call is critical to prevent potential risk and avoid restrictions we may place on the use of your card.
- Our automated call will ask you to verify recent transaction activity on your card.
- You'll be able to respond via your touchtone keypad.
- You'll also be provided with a toll-free number to call should you have additional questions.
In the meantime, please be diligent in monitoring transaction activity on your account and contact us immediately if you identify any fraudulent transactions. Here are some additional tips on protecting yourself from debit card fraud:
- Be Proactive with Alerts: In Home Branch under 'eServices', you have a choice of 29 alerts to help monitor your account activity.
- Unless absolutely required for a legitimate business purpose, avoid giving out your:
- Address and ZIP code
- Phone number
- Date of birth
- Social Security number
- Card or account number
- Card expiration date
- In stores and at ATMs, always cover your card and PIN, and watch for:
- Cell phone cameras, mirrors, or other tools used to view cards and PINs
- People watching your transactions
- Cashiers taking your card out of sight; take it to the register yourself
- Any unusual activity at ATMs; if you feel uncomfortable, go to another ATM
- Online, you should never respond to unsolicited emails that:
- Ask you to verify your card PIN or account number; such emails are not sent by legitimate businesses
- Link to websites; such sites can look legitimate but may collect data or put spyware on your computer
The mobile app uses SSL encryption to communicate securely throughout the entire process of accessing your accounts.
How long does each login session last?
Each login session lasts 20 minutes from the beginning of the session. The timer is not reset with activity.
How can I further protect my account information?
Protect your account information by taking additional steps: - Use the screen locking feature of your mobile device. - Never save your account number on your mobile device. - Always use the Logout feature of the mobile app. - Request a Home Branch password change if your device is lost or stolen. - Read "Make Your Smartphone Safe" on this page to learn more about securing your mobile device.
When you are in a public area, don't set your phone down or leave it exposed in an open bag. It only takes a second for a thief to walk off with your little lockbox of personal information. If a stranger asks to borrow your cell phone, offer to help them find a public phone they can use instead.
Lock it up
Whether it's with a password or a thumbprint, using a unique entry requirement will make it difficult or impossible for anyone else to enter your phone's data. It might be an inconvenience now, but if you lose your phone or have it stolen, you'll be glad to know the person who has your phone doesn't also have free reign over your sensitive data. Make your password tough to guess for even someone who knows you well.
Slow down a bit
When you're pinballing around between apps, the internet, your text messages and any number of other items, there's a tendency to click without a lot of thought. But like with your other computers, it's important to be very careful about the links you click on. If you don't recognize the sender of a link in a text message or email, or even if you aren't 100% sure about the origin of a link, you're better off leaving it alone.
Use extra security
While you're loading up on games, tools and other cool apps, be sure to also get yourself some security software designed for smart phones. On top of that, check regularly for updates that will keep you ahead of the criminals trying to pry into your phone. Remember though that you should always check to make sure anything you download to your phone is from a trusted source and has been reviewed for problems by other users.
If you're tech savvy, you may know that you can potentially save money by using a public wi-fi network when it's available instead of your phone's data service. However, it's best to avoid using these networks when you plan to access sensitive information of any kind.
Mind what's in your phone
With smartphones likely becoming more and more inextricably intertwined into your life, it may seem like it makes sense to keep your account numbers, passwords and other hard-to-remember information in a notepad document on your phone for easy access. But you should consider this only as safe as having the same information on a piece of paper loose in your pocket; it could very easily end up somewhere you don't want it to be.
Clean it up before you turn it in
When you trade in an old phone, use a "wipe" app and reset your device to the factory default settings to avoid sending a treasure chest of your data out into the world. Also check to see what kind of precautions phone recyclers use to prevent stolen information.
In case it is stolen
You may at some point find your phone gone despite all your best efforts to keep it in your possession. But it doesn't have to stay missing. If you download a "Find My Phone" app ahead of time, you can use this handy tool to figure out where your phone has found its way to. In a similar vein, an erase app installed before your phone absconds can remotely wipe the data from your phone before it falls into the wrong hands. No matter what precautionary measures you have taken, though, you need to contact your wireless provider immediately if you lose your phone.