Online Home Banking Security
With Home Banking our members can:
- View current balances, deposits or withdrawals, cleared checks and account history. (checking)
- View image of written checks.
- Sort historical data by amount, check number, or type of transaction.
- Set up transfers.
- Transfer funds from one MSFCU account to another, including repeating transfers.
- Make loan payments using checking or savings account.
- Download data into MS Money, Quicken, or a text file.
- View and print E-Statements.
- Set up text or email alerts for balances, check clearing, transaction or loan payment.
- Make payments from checking account to 3rd parties using Bill Pay.
- Send Secure Messages.
- Deposit checks using Remote Deposit Capture and MSFCU mobile banking software.
- Send Text to Request Balance.
Home Banking Security
Home banking uses two factor authentication to log in.
- SSL (secure sockets layer) with 128 bit encryption which ensures that your connection and information safe.
- Secure Web servers are protected by firewalls, authenticated with third-party digital certificates, and covered by the latest security precautions.
- Encrypted passwords are invisible to everyone except the member.
Members can be locked out of the system when they have attempted too many unsuccessful logins or when their password expires.
Regulation E: Electronic Fund Transfers
Regulation E is a consumer protection law designed to protect consumer accounts established primarily for personal, family or household purposes making electronic fund transfers. Excluded from coverage are non-consumer accounts, such as Trust, Corporations, Partnership, etc. The term “electronic fund transfer” (EFT) generally refers to a transaction initiated through an electronic terminal, telephone, computer, or magnetic tape that instructs, or authorizes a financial institution either to credit or debit a consumer’s asset account. An example of EFT offered within Home Banking is Electronic Bill pay.
Regulation E gives consumers a way to notify their financial institution that an EFT has been made on their account without their permission. If you believe an unauthorized EFT has been made on your account, contact us immediately at (601) 351-9200 or toll free 1-800-643-1567.
Consumer Safe Computing Tips:
- Install virus protection and malware protection and make sure that the software is updated and running scans.
- Purchase a malware program that blocks known blacklisted websites and can detect ransomware.
- Ensure that Windows updates are turned on and that they are updating your Windows workstation.
- Ensure wireless encryption is done on your wireless router and that the default password has been changed
- Protect your information by making sure your workstation is logged off.
- Protect password information and do not share it with anyone.
- Change passwords often using a strong password, Upper and lower case, special characters and numbers, make your password a minimum of 8 characters. Use a different password for every online account that you have. Purchase a password vault to generate and protect passwords.
- Use caution when using the internet. If you are doing transaction based processes, ensure that you are using a secure site (https://).
- Ensure that a firewall is in place.
- Back up your data.
Non-Consumer Members are not protected by Regulation E.
A non-consumer member using online banking and/or bill pay is not protected under Regulation E. Because the member is not protected by Regulation E, precautions should be made by the member to evaluate and review the controls in place to ensure that they are compliant with the risk level that the member is willing to accept. The member should also perform a risk assessment and evaluate the controls they have in place periodically. The risk assessment should be used to determine the risk level associated with any internet activities the non-consumer member performs and any controls in place to mitigate these risks.
- Use firewalls with built in anti-virus/malware software, Internet Content filtering and email security. The firewall will blacklist high risk websites and offers content control, scans for viruses, blocked known spam email, etc.
- Put a VPN in place. Install viable anti-virus/malware programs on every workstation and laptop. Ensure that updates are done daily. Install Windows updates and keep them current.
- Encrypt hard drives.
- Educate your employees about Cyber Security. Provide training/educational videos about Fraud/Malware/phishing, etc.
- Maintain structured levels of security within your accounting software.
- Monitor accounts online daily.
- Perform regular backups
Notify us at once if you believe your password has been lost or stolen, or an unauthorized person has obtained access to your accounts without your permission. Telephoning is the best way of keeping your possible losses down. Telephone number: 601-351-9200 or Toll free: 1-800-643-1567.
If you believe someone has used your password or accessed your accounts through home banking without your authorization, please contact us immediately by calling 601-351-9200 or toll free: 1-800-643-1567.
MSFCU Security Commitment to our Members
Mississippi Federal Credit Union will never contact you, via text, telephone or email asking for personal information such as account number, credit card number or PIN, passwords or other confidential information.
Fraudulent emails which request personal information may be made to look like they came from Mississippi Federal Credit Union, never click any links within the email.
MSFCU will never ask for your full Social Security Number or for your debit or credit card number. We may ask you to verify the last 4 of your Social Security number, or to verify your telephone number and email addresses. We will not ask you to provide information that we already have.
MSFCU will never ask for your Home Banking credentials.
Contacting MSFCU By Email:
To send a secure message, log into home banking and click on the Communications tab, then Create New Message. (www.msfcu.us).
You may use the email address posted on our website firstname.lastname@example.org for general questions, but never include your account number or other personal information in the email.
When we send out information related to e-statements or other information to our home banking members, the ‘from’ email address will be email@example.com. If you use this email address, please do not include your account number or any other personal information.
Preventing Fraud or Identity Theft
- Never reply to emails asking for personal information, banking accounts or credit card information including a debit or credit card PIN.
- Never send confidential information using email as email is not secure.
- Never use email to send confidential information to MSFCU. To send a secure message, log into home banking and click on the Communications tab, then Create New Message. (www.msfcu.us).
- Never click on a link in an email from someone you do not know. Best practice is to delete the email before opening. (Phishing)
- Do not open attachments from an unexpected email.
- Change passwords regularly using strong passwords, 8 characters or more, upper and lower case characters, special characters and numbers. The longer and more complex the password, the less likely it can be guessed. Consider using phrases as passwords. Additionally, use two factor authentication when offered.
- Do not use the same password for all websites that you frequent. Never share your password information with anyone.
- Assign a password or a pin to your smartphone. Do not install software from the internet on your phone.
- Be wary of promotional scams on websites, especially social media.
- Be very caution when using a debit or credit card on-line. Protect your information by using a vendor such as Paypal, Google Wallet, Amazon Payments or Apple Pay.
- Never provide personal banking information to anyone offering to do Remote Deposit Capture for you.
- Protect your credit card number and PIN when using them in public locations (such as a grocery store) or at an ATM to prevent‘shoulder surfing’.
- When on the Internet, provide personal information only to secure websites (https) or look for a ‘Lock’ in the web address section. Do not use the ‘Remember Password’ feature of a web browser. Always clear history and cookies within a web browser no matter what device or computer being used.
- Update anti-virus software and Windows security patches on your home computer system regularly. Install an anti-virus software on your smart phone (iphone or Android).
- Check your monthly statements to verify all transactions and notify your credit union immediately of any additional transactions that do not belong to you. Do this for both your checking account as well as credit card account.
- Monitor your credit report
- Never carry all of your personal information, bank account numbers, check books, credit card pins, social security card or passwords in your wallet or purse. Memorize passwords and pins. Store your social security card at home in a safe place.
- Report lost or stolen checks or debit/credit cards immediately to your Credit Union:
MSFCU Telephone Number: 601-351-9200
Report Lost/Stolen Credit Card: 1-800-299-9842
Report Lost/Stolen Debit Card: 1-800-528-2273
- Never give out confidential information over the telephone. Example: Someone calls you and tells you that they are with the IRS, they tell you your taxes are delinquent and that you must pay now. Hang up the phone immediately, the IRS will never call you, especially for personal information or to demand payment over the phone. (Vishing)
- Delete text messages directing you to a URL link or a telephone number. (Smishing)
- Shred any junk mail with personal information. Purchase a shredder to shred all expired or unused credit cards or personal information. Protect your mailbox from theft.
Phishing is when Internet fraudsters impersonate a business to trick you into giving them your personal information, such as usernames, passwords and credit card details. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
For example, a fraudulent e-mail may state that NCUA will add money to the member’s account for taking part in a survey. The link embedded in the message directs members to a counterfeit version of NCUA’s website with an illicit survey that solicits credit card account numbers and confidential personal information. MSFCU will never ask credit union members or the general public for personal account or personally identifiable information as part of a survey.
- Don’t select links in e-mails that ask for personal information.
- Never open unexpected attachments.
- Delete suspicious messages, even if you know the source.
Phishing via SMS, or SMishing, uses cell phone text messages or SMS (Short Message Service) to trick you into providing personal and financial information. Smishers may use URLs or an automated voice response system to try and collect your information.
Tip: In some instances, criminals have used malicious software in their text messages solicitations. To prevent further security issues, completely remove unsolicited text messages from your phone. This may take two steps: deleting the text and then completely removing it from your device.
Phishing by voice, or vishing, exploits a general trust in landline telephone services. The victim is often unaware that voice over Internet Protocol (VoIP) allows for caller ID spoofing, thus providing anonymity for the criminal caller. Rather than providing any information to the caller, the consumer should verify the call by contacting the financial institution or credit card company directly, being sure to use the institution’s accurate contact information (i.e., do not use contact information the caller provides).
The practice of spying while someone is using an ATM, POS, etc. to obtain personal access information.
How Thieves Get Your Information:
Identity theft affects people of all ages, races and nationalities. Anyone can be a victim. Thieves use many tactics to get your information. Some of the most common are:
- Stealing wallets that contain personal identification information and credit cards.
- Stealing credit union statements from the mail.
- Diverting mail from its intended recipients by submitting a change of address form.
- Rummaging through trash for personal data.
- Stealing personal identification information from workplace records.
- Intercepting or otherwise obtaining information transmitted electronically.
If your wallet, Social Security number, or other personal information is lost or stolen, there are steps you can take to help protect yourself from identity theft.
An electronic method of capturing a victim’s personal information used by identity thieves. The skimmer is a small device that scans a credit card and stores the information contained in the magnetic strip. Skimmers have a small cameras attached which takes a picture of your pin. (See video)
What Do Thieves Do With Your Information?
Once identity thieves have your personal information, they can drain your bank account, run up charges on your credit cards, open new utility accounts, or get medical treatment on your health insurance. An identity thief can file a tax refund in your name and get your refund. In some extreme cases, a thief might even give your name to the police during an arrest.
Clues That Someone Has Stolen Your Information:
- You see withdrawals from your bank account that you can’t explain.
- You don’t get your bills or other mail.
- Merchants refuse your checks.
- Debt collectors call you about debts that aren’t yours.
- You find unfamiliar accounts or charges on your credit report.
- Medical providers bill you for services you didn’t use.
- Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
- A health plan won’t cover you because your medical records show a condition you don’t have.
- The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
- You get notice that your information was compromised by a data breach at a company where you do business or have an account.
Click link https://www.identitytheft.gov/Steps to find out what to do right away:
Credit Bureau website and telephone numbers:
- If identity theft occurs, call and report it to all credit bureaus. Ask to put an initial fraud alert on your credit report. The alert will stay active for 90 days and makes it difficult for additional accounts to be opened in your name. You might discuss the option of a credit bureau freeze. As a matter of practice, review your credit report for accuracy.
We Become Identity Obese When We Over-Share Information
Deter. Detect. Defend. Avoid ID Theft
NCUA Consumer Report: Frauds, Scams and Cyberthreats – Part I
NCUA Consumer Report: Frauds, Scams and Cyberthreats – Part II
NCUA Consumer Protection Update: Scams Targeting Seniors