Safety & Security

EFCU's Commitment to Security

We are committed to taking reasonable steps to protect the security of our member's financial information in all areas of our operations. Therefore, when providing access to your financial information over the Internet, we practice the following security measures:
  1. The Credit Union maintains a firewall system that protects our Web server from unauthorized access.
  2. We use EV-SSL (Extended Validation Secure Socket Layer) technology to encrypt all traffic (including account numbers, PINs, and financial data) that is sent between your computer and our Home Branch system. A new encryption key is generated every time you log in to Home Branch. Please note that the information is not encrypted once it resides within your computer.
  3. We require a valid account number and PIN to access your account. After three bad attempts, the account is locked for your protection.
  4. A session-only cookie is transmitted to your computer when you successfully log in to Home Branch. The cookie contains a number that is unique to every session and every member. While you are logged in, it is used to verify your access to information. When you either logout, close your browser, or allow the inactivity timer (see below) to expire, this session-only cookie values becomes invalid. EFCU recommends that you log out of Home Branch and/or close your browser every time you are finished accessing your financial information through Home Branch. We do not recommend leaving your computer unattended and allowing the inactivity timer to expire. In order to access Home Branch you will need to enable session-only cookie support for
  5. An inactivity timer automatically breaks your connection to Home Branch after several minutes of inactivity. This prevents you from accidentally leaving active connections to Home Branch after you have completed your transactions.
  6. The Credit Union uses a Multi-Factor Authentication system to further verify your identity when you access your account information online. Members are prompted to select and answer three secret questions to establish their identity. The questions will appear when there is a challenge situation, for example; you sign on to Home Branch from an unfamiliar location.
Information submitted to EFCU via email is not encrypted and may not be secure. To send us a secure message, click here.

This statement updates and replaces any other notices about our Internet security.


Take the extra step in ensuring your personal information remains secure. The following security tips provide information on steps you can take to keep your finances and your identity safe.
Please note: These security tips have been compiled from various public and private resources. We have tried to highlight the best tips from various organizations; however we encourage you to continue to educate yourself about online security.

The online world can be a confusing and even intimidating place, with new threats emerging on a regular basis. How can you keep yourself safe and still enjoy the benefits that the Internet brings? Armed with just a little knowledge, you can easily and effectively improve the security of your computer and your personal information.


Consider these suggestions whenever accessing your sensitive data online:
  • Bluetooth: Consider disabling Bluetooth connectivity on your device unless you find it necessary.
  • GPS: Consider disabling Global Positioning System (GPS) and other location services unless you need them.
  • Avoid logging in from public computers and over open Wi-Fi connections.
  • Check your last login date every time you log into Home Branch.


Socially engineered schemes rely on methods that financial institutions would never employ, to avoid fraud:
  • Never give out personal or financial information in response to an unsolicited phone call, fax, e-mail or text.
  • Contact the financial institution to confirm the legitimacy of any e-mail that asks for the submission of personal or account information.
  • Check credit card and account statements regularly for unauthorized transactions, even small ones.
  • Make sure websites are safe when submitting financial information online. Check for padlocks or key icons at the bottoms of Internet browsers. Most secure Web addresses also use "https" as opposed to "http."
  • Report suspicious activity to the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
  • Contact your financial institution immediately if a phishy link may have been clicked or a suspicious communication responded to.
Report an Internet crime - FBI Internet Crime Complaint Center


Use anti-virus software, and keep it updated.
Getting infected with a computer virus or Trojan can be frustrating. These programs are known to destroy your computer, slow its performance, and barrage you with annoying pop-up ads. However, the types of viruses and Trojans that infect computers today are more malicious. They are designed to steal your credit card information and passwords, take over your email and use it for spamming, or even record what you type on your computer. Also, many of the new viruses and Trojans aim to be transparent so most people don't even know they have been infected.

Using anti-virus software and keeping it up-to-date is the best protection against these threats. Nowadays, most anti-virus software products will automatically update themselves as new threats are uncovered so you don't have to do a thing. Many Internet service providers now even offer these products free to their customers.


Use a personal firewall, and keep it updated.
Hackers constantly create new ways to penetrate your computer. Installing a personal firewall is essential to safeguard your computer and valuable personal information. A firewall is a secure barrier that sits between your computer and the Internet that prevents hackers from accessing your information.

A firewall needs to be installed properly or it will not effectively protect you from online threats. In addition, like anti-virus software, your firewall should be kept up-to-date. This is easy to do with software that automatically updates the latest versions onto your computer.


Create strong passwords and change them regularly.
Do you think your password is impossible to guess? The reality is that many people use simple passwords that are easy to remember but make it easy for hackers to gain access to your financial and personal accounts. Making your password more complex will keep you safer online (though much more can still be done).

You should also have more than one password that you use. Just as you wouldn't use the same key for your house, your car, your mailbox and your office, you shouldn't use the same password for all of your online accounts. This exposes you to more risk and increases the likelihood of having your information stolen.

More simple tips to keep your password protection strong:
  • Use passwords that have at least eight characters.
  • Use a combination of letters, numbers and symbols. This will create a much stronger password. For example, [email protected] is a better alternative than TIMCHICAGO. However, it is important to create a password that you can still remember without having to write it down.
  • Another clever trick you can use to create a strong, yet still memorable password is to think of a phrase or a poem and convert the first letters of each word in the phrase into your password. For example, "How much wood could a woodchuck chuck" would become [email protected]
  • Using common data such as your name, family member's names, hometown, your birth date or any word that can be found in the dictionary make your password less secure (hackers often have programs that will try every word in the dictionary in order to crack your password).
  • Using the same ID/password combination for several different accounts means that if one of your combinations is stolen, all of your accounts are at risk. For instance, if someone steals your password for your online photo site, they will be then able to access your online accounts. Try to use different combinations for your various online accounts.
  • You should also change your passwords frequently (at least every 90 days) and make sure you never share them with anyone.
  • "Logout" of online sites when you are finished conducting your business. Don't just close the browser or "X" out of the page.


Be aware of deceptive emails, pop-ups, and other online scams.
Online criminals will attempt to acquire your personal information by luring you to a website that looks legitimate, but is actually a fake site. If you receive any emails from an unfamiliar source, or any suspicious pop-ups, do not click on the links or open the attachment.

New online attacks are so advanced that they are capable of redirecting you to a fake website, even if you didn't click on anything. If a web page asks for you to provide sensitive information that it has never asked you to provide before, do not type anything and close the page immediately. Financial institutions and online service providers do not ask you to enter information such as your credit card number, Social Security number, or PIN number on the login page or any subsequent pages.

Fraud is always on the move.
As consumers become more educated about fraud and identity theft, online criminals are moving to other places to launch their scams. Phone scams are gaining popularity again. There are two common types of phone scams. The first type of scam involves an email detailing a problem with your account and requests you to call a specific phone number to provide more details. The second type of scam involves a phone call from an automated call center asking you for sensitive information. You should never provide personal information to an unsolicited caller.

Mobile phones are another new target. For example, one scam involves sending a text message to your mobile phone claiming to be your financial institution or a credit card processor. If you receive such a text message and are unsure if it is a legitimate communication, call your financial institution's customer service center to verify that the message is genuine.

Combating Phishing: A Proactive Approach
To better inform yourself about how cyber-criminals attempt to steal your private information, we recommend reading DocuSign's article about phishing scams, Combating Phishing: A Proactive Approach


Check the security lock.
Sometimes, just the presence of a security lock alone is not proof enough that a website is genuine. If in doubt, you can verify a website is genuine by double clicking on the lock to display the website's security certificate, and then check if the name on the certificate and the website that appears in the address bar match. If they do not match, then the website might be phony.


Guard your privacy and limit the amount of personal information you share online.
The growth of social networking sites has made it easier for online criminals to obtain information on you. This is a way for them to gather information to answer the challenge questions most online service providers require in order to enable access to your account or retrieve and change your password. Limit the amount of personal information you publicly share online.


Check your online statements frequently.
Despite adopting all the appropriate security measures, online users still manage to fall victim to scams and have their identity stolen. In order to help ensure that you and your information stay safe, check your online account statements frequently. If you have fallen victim to online fraud, the sooner you know about it, the sooner you can act to block your accounts, and take corrective action. If you detect suspicious activity in your account, you should immediately contact your account provider for help.

To protect your account, we monitor your ATM and debit card transactions for potentially fraudulent activity which may include a sudden change in locale (such as when a U.S. issued card is used unexpectedly overseas), a sudden string of costly purchases, or any pattern associated with new fraud trends around the world.
If we suspect fraudulent ATM or debit card use, we will call you to validate the legitimacy of your transactions. Your participation in responding to our call is critical to prevent potential risk and avoid restrictions we may place on the use of your card.
  • Our automated call will ask you to verify recent transaction activity on your card.
  • You'll be able to respond via your touchtone keypad.
  • You'll also be provided with a toll-free number to call should you have additional questions.
So that we may notify you as quickly as possible, it is important that EFCU has your cell phone number and accurate email address. Call 850.862.0111 x1402 or update your Contact Information electronically inside of Home Branch.

In the meantime, please be diligent in monitoring transaction activity on your account and contact us immediately if you identify any fraudulent transactions. Here are some additional tips on protecting yourself from debit card fraud:
  • Be Proactive with Alerts: In Home Branch under 'eServices', you have a choice of 29 alerts to help monitor your account activity.
  • Unless absolutely required for a legitimate business purpose, avoid giving out your:
    • Address and ZIP code
    • Phone number
    • Date of birth
    • Social Security number
    • Card or account number
    • Card expiration date
    Your PIN is private; never give it out.
  • In stores and at ATMs, always cover your card and PIN, and watch for:
    • Cell phone cameras, mirrors, or other tools used to view cards and PINs
    • People watching your transactions
    • Cashiers taking your card out of sight; take it to the register yourself
    • Any unusual activity at ATMs; if you feel uncomfortable, go to another ATM
  • Online, you should never respond to unsolicited emails that:
    • Ask you to verify your card PIN or account number; such emails are not sent by legitimate businesses
    • Link to websites; such sites can look legitimate but may collect data or put spyware on your computer

Is the mobile app secure?
The mobile app uses SSL encryption to communicate securely throughout the entire process of accessing your accounts.

How long does each login session last?
Each login session lasts 20 minutes from the beginning of the session. The timer is not reset with activity.

How can I further protect my account information?
Protect your account information by taking additional steps: - Use the screen locking feature of your mobile device. - Never save your account number on your mobile device. - Always use the Logout feature of the mobile app. - Request a Home Branch password change if your device is lost or stolen. - Read "Make Your Smartphone Safe" on this page to learn more about securing your mobile device.

As technology evolves, so unfortunately do the ways that criminals can illegally access your personal information. Smartphones give us a lot of freedom and make our lives more efficient, but they also present their own set of challenges when it comes to data security. However, there is no reason why you can't make yourself more secure with a few key habits.

Hold on to it!
When you are in a public area, don't set your phone down or leave it exposed in an open bag. It only takes a second for a thief to walk off with your little lockbox of personal information. If a stranger asks to borrow your cell phone, offer to help them find a public phone they can use instead.

Lock it up
Whether it's with a password or a thumbprint, using a unique entry requirement will make it difficult or impossible for anyone else to enter your phone's data. It might be an inconvenience now, but if you lose your phone or have it stolen, you'll be glad to know the person who has your phone doesn't also have free reign over your sensitive data. Make your password tough to guess for even someone who knows you well.

Slow down a bit
When you're pinballing around between apps, the internet, your text messages and any number of other items, there's a tendency to click without a lot of thought. But like with your other computers, it's important to be very careful about the links you click on. If you don't recognize the sender of a link in a text message or email, or even if you aren't 100% sure about the origin of a link, you're better off leaving it alone.

Use extra security
While you're loading up on games, tools and other cool apps, be sure to also get yourself some security software designed for smart phones. On top of that, check regularly for updates that will keep you ahead of the criminals trying to pry into your phone. Remember though that you should always check to make sure anything you download to your phone is from a trusted source and has been reviewed for problems by other users.

Be network careful
If you're tech savvy, you may know that you can potentially save money by using a public wi-fi network when it's available instead of your phone's data service. However, it's best to avoid using these networks when you plan to access sensitive information of any kind.

Mind what's in your phone
With smartphones likely becoming more and more inextricably intertwined into your life, it may seem like it makes sense to keep your account numbers, passwords and other hard-to-remember information in a notepad document on your phone for easy access. But you should consider this only as safe as having the same information on a piece of paper loose in your pocket; it could very easily end up somewhere you don't want it to be.

Clean it up before you turn it in
When you trade in an old phone, use a "wipe" app and reset your device to the factory default settings to avoid sending a treasure chest of your data out into the world. Also check to see what kind of precautions phone recyclers use to prevent stolen information.

In case it is stolen
You may at some point find your phone gone despite all your best efforts to keep it in your possession. But it doesn't have to stay missing. If you download a "Find My Phone" app ahead of time, you can use this handy tool to figure out where your phone has found its way to. In a similar vein, an erase app installed before your phone absconds can remotely wipe the data from your phone before it falls into the wrong hands. No matter what precautionary measures you have taken, though, you need to contact your wireless provider immediately if you lose your phone.

Information security for your smartphone isn't that different from keeping your other repositories of data safe. By taking a few basic steps now, you can save yourself some major problems later on.

EFCU has partnered with Digital Defense Inc. to provide you Training, Education, and Awareness Module™ (TEAM) that is relevant and easy-to-understand. Using a web browser you can access the security training anytime and anywhere. Click any of the buttons listed below to learn more.

Links to other sites are provided as a convenience to our visitors. The Credit Union is not responsible for the availability, content, or privacy practices of any linked site.