Closely monitor your accounts for unauthorized transactions
Always use the log out button to end a browser session
Be wary of email as well as their attachments and links
Always contact us at the number on your account statement
Be cautious of clicking on pop-up windows
Be sure that your computer has the latest security updates available
Monitor your account activity by setting up alerts
Optional Visa Purchase Alerts- Anytime a qualified Visa transaction takes place that meets our defined parameters, you will receive an alert in seconds via e-mail and or text message. You can set alerts for amount thresholds, online orders, international transactions and more here: Visa Purchase Alerts.
Pass It On is the Federal Trade Commission's consumer education campaign designed to encourage older adults to talk to their friends, neighbors, and relatives about scams. Chances are good that someone you know has been scammed. They may not talk about it, but the statistics do. The truth is that sharing what you know can help protect someone who you know from a scam. The FTC has several articles that you can use to start a conversation. Click on the link below and pass on some information that could help someone you know.
I’ve been hearing about the Equifax breach in the news. What happened?
Equifax, one of the three major credit bureaus, experienced a massive data breach. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.
Was my information stolen?
If you have a credit report, there’s a good chance it was. Go to a special website set up by Equifax to find out: https://www.equifaxsecurity2017.com/ . Scroll to the bottom of the page and click on “Potential Impact,” enter some personal information and the site will tell you if you’ve been affected. Be sure you’re on a secure network (not public wi-fi) when you submit sensitive data over the internet.
How can I protect myself?
• Enroll in Equifax's services. Equifax is offering one year of free credit monitoring and other services, whether or not your information was exposed. You can sign up at https://www.equifaxsecurity2017.com/ .
• Monitor your credit reports. In addition, you can order a free copy of your credit report from all three of the credit reporting agencies at annualcreditreport.com. You are entitled to one free report from each of the credit bureaus once per year.
• Monitor your bank accounts. We also encourage you to monitor your financial accounts regularly for fraudulent transactions. Use online and mobile banking to keep a close eye on your accounts.
• Watch out for scams related to the breach. Do not trust e-mails that appear to come from Equifax regarding the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.
Should I place a credit freeze on my files?
Before deciding to place a credit freeze on your accounts, consider your personal situation. If you might be applying for credit soon or think you might need quick credit in an emergency, it might be better to simply place a fraud alert on your files with the three major credit bureaus. A fraud alert puts a red flag on your credit report which requires businesses to take additional steps, such as contacting you by phone before opening a new account.
How do I contact the three major credit bureaus to place a freeze on my files?
In response to media reports concerning cyberattacks leveraging Automated Teller Machines (ATMs), Financial Services Information Sharing and Analysis Center (FS-ISAC), American Bankers Association (ABA), Credit Union National Association (CUNA) and Independent Community Bankers of America (ICBA) developed this paper to explain how cybercriminals conduct attacks and actions financial institutions may take to protect consumers.
Attacks Against ATMs
Cybercriminals target ATMs through both physical and computer-based means to steal funds for a cybercrime gang or a nation-state. These attacks often occur around holidays in an attempt to circumvent or delay detection. This may involve the creation of fraudulent payment cards at one or more financial institutions.
Four Types of ATM Attacks
Skimming attacks – Skimmers are devices that may sit on top of the ATM PIN pad and/or card slot or they may be inserted deeply into the card slot. Sometimes, criminals use a camera to capture a consumer’s PIN as it is entered. Usually, the information captured from the skimmer and camera is used to create cloned cards.
Shimming attacks – These are similar to skimming attacks, except that criminals use special mechanisms inserted deeply within the ATM to capture the chip information on newer chip-enabled cards. Again, this information is used to create cloned cards.
Cash-out schemes – Criminals use ATMs either locally or globally to drain funds from multiple accounts held at one financial institution. These attacks use legitimate card numbers that were stolen in another campaign and involves the manipulation of the account balances and withdrawal limits to perform the theft. This attack is also referred to as an “unlimited operation”.
Jackpotting attacks – Like it sounds, in this attack criminals use physical and/or logical methods to force one ATM to dispense all the cash, just like a slot machine.
Common Misunderstandings About ATM Attacks
In many cases, the news media assumes that attacks against ATMs, no matter the type, result in the loss of funds to customers. However, most ATM attacks do not result in the loss of funds to customers as a result of consumer protection laws and business practices. The primary target of cash-out schemes and jackpotting, for example, is the financial institution, not consumers’ accounts. That said, if criminals have used legitimate payment card information (e.g., numbers, PINs), then the financial institution will replace the funds and may reissue cards for its customers. This is protection for both the institution and the consumers whose accounts were affected.
How Institutions Protect Their Consumers’ Accounts
Financial institutions around the globe are experienced at information security and leveraging industry best practices. Your financial institutions’ customer protections likely include the following:
Encryption of confidential information;
Restrictions on who can access systems where confidential information is stored;
Requirements for more than one person to approve high-risk procedures;
Systems that will detect and prevent network intrusions;
Settings and rules to prevent the loss of sensitive data;
Anti-virus and anti-malware applications to prevent malicious files from infecting the systems;
Programs that will prevent unauthorized applications or files from running on workstations;
Monitoring for anomalous behavior or activities on networks and ATM systems;
A regular cycle to manage patching or updating systems;
Alerts that will notify institution staff if of abnormal activity, such as an ATM being disarmed or disabled; and
Implementation of chip and PIN procedures for debit cards.
It is part of an institution’s cybersecurity program to keep the specific protections and programs they use confidential. However, FS-ISAC works with a large number of financial institutions domestically and around the world, helping them determine the best security practices to put in place and connecting them with their peers for further recommendations and insights.
Steps Consumers Can Take
Customers are not responsible for unauthorized charges; however, there are steps consumers can take to help protect their accounts. Protect your debit and/or credit cards at all times; don’t share cards or PINs with others.
When using ATMs, be aware of your surroundings. Before using the ATM, look closely at the card slot and PIN pad for any abnormalities and glance up and around to see if you notice any cameras. If anything looks strange or unusual, do not use the ATM.
If you notice odd or peculiar behavior by others at an ATM (inserting a cable or using multiple cards to withdraw funds at one time), contact local law enforcement and the institution; do not use that ATM.
Be aware that institutions usually won’t contact you via text message or email about your debit or credit card, unless you have previously agreed to this method of communication; if you receive a suspicious text or email message claiming to come from your financial institution, contact your institution to check the legitimacy using the number on the back of the card.
Be aware that phone calls you receive may not actually be from your bank or credit union. You should not provide the full card number, PIN or CVV code over the phone. When in doubt, call the number on the back of your card to verify contact.
Be on guard against phishing attacks and do not open attachments or click links in emails you were not expecting.
Use two-factor authentication and other security features offered by your financial institution to protect your accounts.
Sign up for text or email alerts from your financial institution for certain types of transactions, such as online purchases or transactions of more than $500.
Notify your FI as soon as possible if you suspect that your card PIN or electronic banking credentials have been compromised.
Review account statements for any transactions you do not recognize; promptly notify your FI if you notice any unauthorized account activity. A small transaction (e.g. $0,01 or other small amounts) may be indicative of a criminal “checking” the card information to see if it is legitimate. A larger fraudulent charge typically follows.
Article Provided By: Financial Services | Information Sharing and Analysis Center