Secure login technology designed to protect your accounts
and identity from any computer. It is mandatory for all eBranch users
to sign up for the service. Email will be mandatory as well because it
is the most secure and automatic form of communication if there is suspicious
activity on your account.
With ELS, you will:
- Set up a "Challenge Question and Answer" for online confirmation
use.
- Register for the Enhanced Login Security feature while in eBranch.
- Enroll all computers that you regularly use to access eBranch and
your accounts.
Therefore, Enhanced Login Security means
that along with your ID number and password, the system must either 1)
recognize your computer or 2) you must answer your challenge question
in order to have access.
About Enhanced Login Security:
- Protects against online fraud by demanding more user authentication
than just a username and password.
- Places a cryptographically secure piece of data which happens to
be stored in a cookie. The cookie-based credential is a unique identifier
of the end user. It is encrypted, and no externally identifiable end
user information is stored in it.
- Prevents unauthorized access using stolen credentials on a non-enrolled
computer
- Users can authenticate temporarily on a computer they do not wish
to enroll (such as public computers, friend or family computer)--using
the Challenge Question
- Users can un-enroll PC’s they no longer wish to use for online
banking activities (without unenrolling from ELS)
Things to Note:
- If you have your password reset, you will also be unenrolled in ESL.
This does mean you will have to sign up again for ESL the next time
you log in to eBranch, and re-enroll your computers. This is part of
the security feature - so it may seem inconvenient, but the system only
works because all information much match. Each step only takes a moment.
- When you enroll a computer (which is done through eBranch in Users
Options), the cookie is probably tied to the specific browser you are
in at that time. If you tend to use different browsers on the same computer,
you may need to set it up to "share" the cookie, or enroll
while in each browser.
- At this time, this is a cookie that may be deleted in a general "cookie
clean up".
- The Forgotten Password feature will be renamed "Challenge Question"
to accomodate both programs.
EFCU has signed on for Digital Insight’s Online Fraud
Shutdown Service - an anti-phishing and anti-email fraud service. This
service rapidly shuts down fraudulent phishing sites identified by EFCU
and blocks access to phishing sites prior to shutdown. This service will
also identify how many members, if any, may have been compromised on the
spoofed website and will extract any user information in order to suspend
accounts/passwords and notify those end users.
Internet Browser Security:
It is important to keep your browser updated to the most current version
and download security patches as they are released. This will ensure the
highest level of security for your computer.
Anti-Virus Software:
It is also important to keep the anti-virus software on any computer you
use to access Internet Banking up to date with the current version for
the same reason.
Tips for Passwords:
Never have a computer remember your password for a secure site such as
Internet Banking. Avoid using passwords that are relevant to your personal
situation or are common words; no phone numbers, special dates or addresses.
In the course of a busy day, you may write a check at the grocery store,
charge tickets to a ball game, rent a car, mail your tax returns, call
home on your cell phone, order new checks or apply for a credit card.
Chances are you don't give these everyday transactions a second thought.
But someone else may.
The 1990's spawned a new variety of crooks called identity thieves. Their
stock-in-trade is your everyday transaction. Each transaction requires
you to share personal information: your bank and credit card account numbers;
your income; your Social Security number (SSN); or your name, address
and phone numbers. An identity thief co-opts some piece of your personal
information and appropriates it without your knowledge to commit fraud
or theft. An all-too-common example is when an identity thief uses your
personal information to open a credit card account in your name. To learn
more about Identify Theft, click on the image above, or go to www.consumer.gov/idtheft.
Some simple and important safety
practices to safe guard against ID theft:
- Never give out confidential information (like your
Date of Birth or Social Security Number) over the phone to someone that
calls you--even if it’s a service or company that appears to have
some of your information--if they say they need more confidential information
for a request, it is probably something you should be putting in writing
or in a form and signing--so don't do it over the phone!
- Look at your statements to monitor activity --many
times that is when ID theft is spotted. We recommend you do it for all
accounts that you have. If you can look at statements online, do it
often. You can view your EFCU Visa statement online 24/7 from our home
page at www.energyfcu.org. Click
on the EFCU Visa Account Access to register your card online and begin
viewing your card activity.
- Request regular copies of your credit report to monitor
activity and to review any accounts you may want to close. Any credit
cards that are listed--even if you don't know where the card is and
haven't used it in years--could be a potential opening for ID theft.
You can find out more information about Credit Reports on our website
at Credit Reports.
Credit Card Phone Scam - October 2007
There is a credit card scam that has been running where the goal of the
scammer is the 3-digit PIN number on the back of your card. DO NOT give
out this sort of information to someone who calls YOU. Be alert to this
scam, as the callers will provide YOU with some correct information, except
the one piece they want—which is the 3 digit number on the back
of your card.
The callers will identify themselves as being from your credit card company
- they are not. The scam typically works like this:
the person calling says, "This is (name), and I'm calling from the
Security and Fraud Department at VISA. My Badge number is 12460. Your
card has been flagged for an unusual purchase pattern, and I'm calling
to verify. This would be on your VISA card which was issued by (name of
bank). Did you purchase an Anti-Telemarketing Device for $497.99 from
a Marketing company based in Arizona?"
When you say "No", the caller continues.
"Then we will be issuing a credit to your account. This is a company
we have been watching and the charges range from $297 to $497, just under
the $500 purchase pattern that flags most cards. Before your next statement,
the credit will be sent to (gives you your address), is that correct?"
You say "yes".
The caller continues - "I will be starting a fraud investigation.
If you have any questions, you should call the toll-free number listed
on the back of your card and ask for Security. You will need to refer
to this Control Number." The caller then gives you a 6 digit number.
Here is how the scam works. The caller says, "I need to verify you
are in possession of your card". He'll ask you to "turn your
card over and look for these numbers". There are 7 numbers; the first
4 are part of your card number, the next 3 are the security numbers that
verify you are the owner of the card. These are the numbers you sometimes
use to make Internet purchases to prove you have the card. The caller
will ask you to read the 3 numbers to him. After you tell the caller the
3 numbers, he'll say, "That is correct, I just needed to verify that
the card has not been lost or stolen, and that you still have your card.
Do you have any other questions?" After you say "No", the
caller thanks you and states, "Don't hesitate to call back if you
do," and hangs up.
You actually say very little, and they never ask for or tell you the
Card number. Within minutes of the call - a charge has been made to your
card.
REMEMBER--VISA or EFCU will NEVER ask for secure information from the
card because they already have that information. Never give our secure
information to anyone who calls you. Call the 800 number on the back of
your card if you suspect you may be a victim of fraud.
Jury Duty Scam – A Lesson in Identity Theft July 2007
Consumers are advised to be on alert for a new identity theft exploit
known as the “Jury Duty Scam.” In this scam, the fraudster
telephones their victim posing as a local court official who claims the
victim has failed to report for jury duty, and as a result, a warrant
has been issued for their arrest. The victim will rightly claim they never
received any jury duty notifications. To “clear things up,”
the fraudster then asks for confidential information (i.e., social security
number, birth date) for “verification” purposes or payment
information (i.e. credit card number, bank account details) for alleged
fines.
This is a scam! Consumers are urged not to give any personal information
over the phone! These fraudsters are attempting to commit identity theft
by appealing to the victim’s sense of social conscience and fear
of prosecution.
Fraudsters are very skilled in devising creative ways to gain the trust
of their victims. One of the most common tactics fraudsters use to commit
identity theft is called “phishing,” and is the use of social
engineering or manipulation techniques to trick victims into divulging
sensitive information. While phishing usually refers to e-mail scams,
similar fraud schemes can take place over the telephone – this is
referred to as “vishing” or voice-phishing.
Although not a new concept, this scam is a classic example of a vishing
scheme with a new twist, exploiting civic-minded individuals. For more
information, please view this Visa U.S.A.
Inc. Data Security Brief. (Information from Visa U.S.A. Inc. Data
Security Brief, 7/24/07)
Federally Insured
by NCUA |
|
|
