Archive for the ‘Safety and Security’ Category

Multi-Factor Authentication Foils Cyber-thugs

We sometimes get complaints from members who are frustrated with the set-up and maintenance of security for their online account access.  Here are some reasons not to loathe the security questions, site keys and other safety measures in place online:

Six federal regulators governing the financial sector have combined forces to strengthen the online security of your accounts.  Together, they make up the Federal Financial Institutions Examination Council (FFIEC).  The guidelines they set forth are designed to help financial institutions like PFCU make sure the individual attempting to access your accounts electronically is actually you. 

The First Line of Defense

If you aren’t used to strong online security, it can feel a bit like jumping through a series of virtual hoops.  Keep in mind, the “hoops” are meant to be easy for you to navigate, but difficult, if not impossible, for anyone who may have tried to steal your identity to breach.  

First, there is the authentication process.  One or more of the following are used to authenticate you:

            -Something you have (ATM/Debit Card)

            -Something you know (Password, PIN, or Personal Identification Number, site key)

            -Something you are (biometric device, etc.)

The more factors are included, the stronger the defense of your accounts.  That is why PFCU combines several factors to protect you.  We include a site key, for example, which is an image specific to you accompanied by a phrase you create, which let’s you know you are at our site.  If you log in and don’t see your site key, escape right away, try to enter through our website and, if you still don’t see it, contact us promptly. 

Layers

To maximize security, the “hoops” are utilized at different points in the transaction process so that someone who may be able to overcome one obstacle may be tripped up by another.  For example, after completing one transaction, it may be necessary to re-enter a PIN or answer a security question before the next transaction.  The layers of security can help us identify suspicious activity.  They can also limit exposure to losses should someone gain unauthorized access to one transaction.  Setting up the answers to security questions and selecting a site key might seem cumbersome, but the process is much easier than filing police reports and dispute forms. 

  Read the rest of this entry »

Don’t Get Tricked into Making Expensive Phone Calls

An old scam to trick people into making costly long distance phone calls has resurfaced and can cost you time and even money.  Typically, a message is left in your voice mail system for you to call someone regarding an urgent matter, such as information about a family member or, perhaps, a contest you’ve “won”.  The number ends up routing you to a foreign country where you are then charged huge amounts of money for every minute you stay on the line. 

“809,” “284,” “876,” are a few of the area codes you need to look out for.  If you receive a message from an unfamiliar area code, do not automatically call back.  Look up the area code and verify that it is in the US.  An easy way is to go to areacode.org

You can also ask your phone company to block foreign calls if you aren’t in the habit of making them. 

You can read more on the Federal Communications Commission website.

The Safety and Security tab of our website also has some great information about scams of all kinds to avoid, and there are other fraud prevention articles here at PFCUandyou.com.

Enjoy using your phone and/or mobile phone for communication with known friends and family, but exercise caution when using it for other purposes.

Protecting Your Group or Organization Accounts

Every day there are thousands of organizations across the country putting enormous time and effort into fundraising. From bake sales to candy bars, from cookies to popcorn, people are always coming up with creative ways to raise money for a good cause. Now, imagine that an unscrupulous leader in the organization who steals hard-earned money raised by the group destroys all of that effort. It has happened to church groups, schools, scouting organizations and sporting clubs. A few clear, simple rules can keep it from happening to your group.

One of the reasons we all participate in such organizations is that we want to have fun and build community. There is a general feeling of good will generated and it’s easy to let our guard down. Unfortunately, many otherwise honest people may succumb to temptation if they fall on hard times. One way to look at it is for all members of the group to be mindful not to put one another in a position where they could become suspect if money went missing. Care of the organization’s funds should be a constant collaborative effort.

• Elect trustworthy individuals as officers, but don’t put anyone in a situation where they are easily tempted to defraud the group
• Keep a system of checks and balances that the group agrees upon
• No one should be offended if anyone in the group wants to look at bank statements, ledgers or other records-books should be open at all times
• Frequent, transparent reporting should be made to the group and verified independently by different group members
• We encourage groups to sign up for online banking and e-Statements so that different members can easily go online any time to review accounts
• Rotating officers frequently can prevent any one individual from getting too comfortable
• When large sums of money are brought in, the group should determine specific actions for use of the funds and initiate procedures for follow-up
• Officers should take care to avoid even the appearance of impropriety
• Use mobile apps like our new Sprig Mobile Banking as a way of quickly checking account activity

Young or old, the members of an organization work hard to raise money for specific purposes. Use the administration of those funds as a way to teach kids about cooperation, money and planning and keep the experience pleasant for everyone. In conjunction with our Free Girl Scout Troop Accounts, for example, PFCU offers extensive financial literacy training with the help of children’s author Sam Renick. After he and his Sammy Rabbit character delight and educate the kids, their parents often tell us they learned a lot, too! Don’t let money ruin friendships, familial relationships and the integrity of your group or organization. Encourage one another to be vigilant in a collaborative way and applaud each other for being cautious.

Ramnit: A Cyber Worm that Can Really Ruin Your Day

Staying ahead of malicious computer programmers is a challenge and requires an ever more complicated combination of precautions to ensure that your financial data is not getting into the wrong hands.

In a recent article, we warned you about “spiders” on the worldwide web.  Another particularly dangerous threat is known as a “worm”.  A worm is able to spread to other computers without being transmitted through e-mails or malicious websites.  One such worm is the “Ramnit” which has surfaced in Europe but is quickly spreading throughout the world.  The Ramnit takes advantage of the viral aspect of sites like Facebook.  Programmers realize that many people use the same password for social networking sites that they use for their bank accounts.  This makes it very easy for a worm to capture data and provide access to the funds of unsuspecting victims.  In addition, it sends messages to a user’s friends disguised as an article or other link and then prompts them to click.  As many as a million people a day click on erroneous links that then infect their computers, and the results can be a real headache.  If it seems unlikely that a friend would send you particular message, they probably didn’t.  Beware. 

Pasadena Federal Credit Union constantly monitors fraud alerts and works with online services that invest millions of dollars annually in security.  Our web hosting company has received numerous awards for their attention to security and we regularly review their efforts. 

Unfortunately, even a well-constructed password by itself is not very effective these days in protecting accounts.  Our new Online Banking and Bill Pay upgrade includes some new multi-factor authentication steps.

            -A site phrase selected by the user

            -A site key, which is a picture unique to each individual that helps verify they are on the actual site they intend to log into and not an imposter site

            -Security Questions

Never use the same password for multiple accounts and do not use a password a stranger could guess, such as your birthdate, social security number, address, nickname or other information.   These can open the door to identity theft.  Keep a log of hints that would help you recall a password but which would be meaningless to anyone else.   

When answering security questions that are things others might easily discover about you, such as names of relatives, your favorite color, etc. consider purposefully choosing an alternative answer (one that you will remember).  For example, if your niece is named Susie but she has blond hair, you might consider saying her name is “Blondie”.  Remember that someone who gains access to your social network also gains access to a potentially rich mine of information about you.  They can often determine things such as the names of family members, so those answers may not be the best ones to protect you. 

We have a very helpful demo on our website that walks members through some the exciting and helpful changes effective on our Per$onal Branch Online Banking and Bill Pay beginning February 9, 2012.  Watch it to familiarize yourself with these changes.

Danger: Spiders! Keeping Kids Safe on the Worldwide Web

 

Your kids won't see who is preying on them, so vigilance is imperative

Singer/Songwriter Melissa Manchester has a famous song titled A Mother and Father’s Prayer in which she sings

Would you please take them under wing

Watch over them especially

Keeping them safe from everything

This is a mother’s prayer

 

The world can seem overwhelming for a parent trying to protect their child.  However, being proactive can bring back a feeling of empowerment.  One danger parents may not always consider is the potential harm lurking on the internet.  It is real and has the potential to devastate lives..

A spider weaves elaborate webs to capture unsuspecting creatures so that they can consume them.  While the worldwide web has transformed our lives and placed enormous amounts of information at our fingertips, the comparison of the perilous aspects of its accessibility to a spider’s web is important.  With the freedom of expression and information comes the risk of harm to adults through online fraud scams discussed elsewhere here and to children through online predators.

How can we instill in our kids a confidence and faith in humanity while still protecting them from harm, and even from themselves?  The worldwide aspect of the web means that no single government is able to restrict what people in other countries can post.  Consequently, those who wish to prey upon innocent victims are able to maneuver with alarming ease and can do a lot of damage.  Here are some general rules families should abide by:

  • Think twice before giving kids, even teens,  personal computers with web access in their bedrooms.  They should only be allowed to go online when adults are present and in a shared space such as the living room.  It should be clear that at any time the child’s internet use could be monitored.  Tracking software and parental controls are available.
  • Kids should not be given internet access on cell phones.  Many parents now choose to give their kids mobile phones for emergency and ease of communication between parent and child, but they should not have unfettered access to the internet.
  • Parents should have frequent, ongoing dialogue about the internet with their kids.  The positive attributes of the web should be balanced with detailed explanations of how predators can operate.  Just as kids are taught not to talk to strangers who approach them in public or take candy from them, they should not talk to strangers online.

           

PFCU CFO Robert Norris says he explained to his son that allowing him unmonitored access to the internet would be like placing a stack of adult magazines in his bedroom and asking him not to look at them, and then shutting the door.  “It isn’t fair to him”, he reasoned.

One huge culprit is file-sharing.  In this, the spider is actually spawning many other spiders and they create more webs at an alarming rate, but they all come back to your computer, bringing more hazards!  People love the concept of being able to connect to computers owned by individuals all over the world and quickly gaining access to music, software, images or documents in which they share an interest with others.  Part of the problem lies in the way file-sharing works.  In many cases, you are literally handing control of your computer over to someone else and allowing them to get into all your files, as well as loading anything they want onto your computer.  They can easily upload something illegal onto your database, whether it’s unlawfully acquired intellectual property or even illegal pornographic material.  Once this material is on your computer, it can quickly be shared with others who are connected to the file-sharing network.  This now makes you a distributor of the shared material in the eyes of the law.  One can see how this can quickly become a recipe for disaster. The best way to steer clear of this kind of trouble is to avoid file-sharing sites altogether. 

An article on Kidshealth.org sites the example of a child searching for ‘Lego” and making a typographical error that the search engine auto-corrects to the word ‘legs’.  Now the child may be hit with a barrage of inappropriate images. 

Parental control settings can be a valuable tool but do not rely on them alone. 

Stay involved in your child’s online experience.   The internet can be a wonderful place if approached correctly.  Stay informed and keep your kids informed so that they make the right choices.

Rest assured that PFCU is doing all we can to keep our members safe online. Check out the Kid’s Privacy Policy on our website.  The safety and well-being of our kids is all of our responsibility.

Lyrics from A Mother’s and Father’s Prayer by Melissa Manchester and Karen Taylor-Good

© Copyright 2004 Song Guru Music/Bug/Windswept Music  Used by permission