Posts Tagged ‘identity theft’

Multi-Factor Authentication Foils Cyber-thugs

We sometimes get complaints from members who are frustrated with the set-up and maintenance of security for their online account access.  Here are some reasons not to loathe the security questions, site keys and other safety measures in place online:

Six federal regulators governing the financial sector have combined forces to strengthen the online security of your accounts.  Together, they make up the Federal Financial Institutions Examination Council (FFIEC).  The guidelines they set forth are designed to help financial institutions like PFCU make sure the individual attempting to access your accounts electronically is actually you. 

The First Line of Defense

If you aren’t used to strong online security, it can feel a bit like jumping through a series of virtual hoops.  Keep in mind, the “hoops” are meant to be easy for you to navigate, but difficult, if not impossible, for anyone who may have tried to steal your identity to breach.  

First, there is the authentication process.  One or more of the following are used to authenticate you:

            -Something you have (ATM/Debit Card)

            -Something you know (Password, PIN, or Personal Identification Number, site key)

            -Something you are (biometric device, etc.)

The more factors are included, the stronger the defense of your accounts.  That is why PFCU combines several factors to protect you.  We include a site key, for example, which is an image specific to you accompanied by a phrase you create, which let’s you know you are at our site.  If you log in and don’t see your site key, escape right away, try to enter through our website and, if you still don’t see it, contact us promptly. 

Layers

To maximize security, the “hoops” are utilized at different points in the transaction process so that someone who may be able to overcome one obstacle may be tripped up by another.  For example, after completing one transaction, it may be necessary to re-enter a PIN or answer a security question before the next transaction.  The layers of security can help us identify suspicious activity.  They can also limit exposure to losses should someone gain unauthorized access to one transaction.  Setting up the answers to security questions and selecting a site key might seem cumbersome, but the process is much easier than filing police reports and dispute forms. 

  Read the rest of this entry »

Data Breaches: The More You Know, The Safer You’ll Be

Phishing Prevention

Educate Yourself to Prevent Phishing

On April 4, 2011 online marketer Epsilon, a unit of Alliance Data Systems Corp., announced that it had experienced a data breach affecting approximately 2% of its 2,500 clients worldwide.  It is the largest data breach ever known to occur, affecting tens of millions of customers of companies from Disney, Target and Verizon to Chase and Citibank.  The information compromised consisted of the names and e-mail addresses of customers.  No account numbers were known to be involved. 

PFCU is not a customer of Epsilon, so our database and e-mail communications were not affected by the breach.

You may occasionally receive e-mails claiming to be from a store or financial institution you do not do business with asking you to verify information as though you are a customer.  The senders are “phishing”, or randomly targeting as many people as possible to find someone who actually has an account there and might fall for their scheme to gain sensitive information.  With the Epsilon breach, malicious hackers can use the names and e-mail addresses they’ve stolen to engage in a very specific type of phishing called “spear-phishing”.  By knowing the places people shop or have accounts, they can send targeted e-mails to actual customers that appear to be legitimate communication from the companies. They can thus attempt to trick people into giving them their account numbers or other important pieces of information.  This improves the effectiveness of the attempt.

Many of the companies involved have already communicated with their customers, advising them of how they intend to deal with the breach.  Companies will not send you e-mails asking you to verify personal information.  To be safe, always contact a company at the website or phone number you have on file for them.  Do not use links in an e-mail to direct you to any site which requires passwords or the inputting of personal data.  

PFCU has always taken a proactive approach in protecting the personal information of our members.  We have stringent firewalls, which we constantly monitor.  We recently unveiled our new Online Banking and Bill Pay with enhanced security features.  We asked members to select a site key, which is a custom picture that is visible when they log in to our website.  It is accompanied by a site phrase created by our member, which further personalizes the site.  Members who do not see these features when logging in should assume they are not accessing our actual site and contact us right away.  Members also had to select and answer several security questions.  While these steps can seem like an inconvenience while one is setting them up, the inconvenience of dealing with a compromised account is far worse.  Safety first, as the saying goes. 

Some of our members might remember the Heartland security breach in 2009, which affected our debit cards.  PFCU took an aggressive approach to protecting our members, closing and reissuing hundreds of cards, even though there had not yet been any fraudulent activity.  Many other financial institutions adopted a wait-and-see approach, which may have been more convenient for them, but may also have resulted in extra headaches for some of their customers when their accounts were raided.  PFCU takes your security seriously and will always take a cautious approach to protecting your money. 

Your money is safe at PFCU.