Privacy & Security
Protecting you from fraud is our top priority! Saginaw Medical Federal Credit Union is committed to ensuring the safety and security of your information!
|Identity Theft||Online Safety||Phishing||Privacy Statement|
|Safe Mobile Banking||Security Statement||Social Engineering|
September 2016 - Fraudulent NCUA Text Messages
Consumers Should be on Alert for Fraudulent NCUA Text Messages: The National Credit Union Administration has received additional consumer calls about suspicious text messages claiming to come from the agency. The messages read: “National Credit Union Administration Alert for (recipient's phone number). Contact 844-234-5445.” Other fraudulent phone numbers to be alert for are 855-340-1398 and 844-906-0773. These texts are not communications from NCUA. The agency does not seek personal information through the internet or on the telephone.
Please contact NCUA's Consumer Assistance Center at 1-800-755-1030 between 8 a.m. and 5 p.m. Eastern if you receive one of these messages. NCUA also recommends contacting your credit union and local law enforcement as well.
You may also contact the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. NCUA operates an online Fraud Prevention Center that offers information about avoiding frauds and scams on its MyCreditUnion.gov website.
If you suspect you may have become a victim of identity theft because of this scam, you should immediately contact the three major credit bureaus and request a fraud alert be placed on your credit report: Equifax (888-766-0008), Experian (888-397-3742), and TransUnion (800-680-7289).
First Scam: You receive an official-looking email from the Social Security Administration with an invite to create an account so you can receive your benefits. You land on a webpage where the scammers hope you will fill out all your confidential information. Don't fall for it. Never click on links in any of these emails. If you want to sign up for a My Social Security Account go directly to https://ssa.gov/myaccount/
Second Scam: The "bad guys" actually create an account for someone and redirect the payments to a bank account controlled by them, not the victim. To prevent this from happening, create your own MySSA account with a strong username and password. This is similar to filing your tax return early before the bad guys file a bogus return and steal your refund.
Protect Yourself! When you create your MySSA account, go to the settings and choose the option that any changes to the checking or savings account into which your check is electronically deposited only be done physically at a Social Security branch office and not using your online account.
Our Credit Union is constantly concerned about our member’s critical information and privacy. With this in mind, we have the following security services installed on our Internet server:
- Each server is behind a Firewall. This UNIX based hardware product blocks critical ports and IP addresses on servers from external attack and access.
- Each server runs proprietary software that constantly monitors the servers for unauthorized use and attempts to "hack" into information. Administrators are contacted when forced attacks are committed, and countermeasures can be applied to stop these instances.
- All administrative activity requires user login and authentication. All administrative updates are logged into files that can be reviewed later.
- All servers come with a Global Verisign Certificate (RSA) for digitally encrypted communications between the Web server and your member. Information passed in applications cannot be decrypted by third parties attempting to "pick" information being passed across the Internet backbone.
- All servers run the latest version of Apache Web Server, considered the strongest and most secure Web server software on the market.
Regulation D is a federal regulation that places limits on the number of transfers or withdrawals members can make from their saving accounts. It affects all savings accounts including; regular savings, second savings, vacation club savings, Christmas club savings, and money plus savings. Regulation D allows for up to six (6) withdrawals, overdraft transfers, electronic funds transfers/automatic withdrawals (EFT/ACH), debit card transactions, home banking, and telephone transfers per month from each savings account.
Transactions affected by Regulation D include:
- Transfers made using PC Smart
- Transfers made using Smart Audio Response (phone)
- Overdraft transfers (made automatically to cover insufficient funds in your checking account)
- Transfers made over the phone
- Pre-authorized, automatic, scheduled or recurring transfers or withdrawals (ACH)
What transactions are not affected by Regulation D?
- Transactions made in person at the credit union
- Transactions requested by a mailed letter
- Transactions made using an ATM
- Transactions made by the member to pay a loan or visa with the credit union
- Transactions made from a SMFCU checking account
What are my options once an account has reached its Regulation D limit?
- You may complete withdrawals and transfers in person, by mail, or at an ATM.
What will happen if funds are in my savings account but I have reached my Regulation D limit?
- Debit, ACH (automatic withdrawals), and/or draft transactions may be denied.
I have authorized a merchant to automatically withdraw payments from my Savings Account; do these count against my monthly limit?
- Yes. These payments (which you might know as "ACH" or "EFT" transactions) follow Regulation D limitations. Any withdrawals attempted beyond your monthly limit will not be honored, and you will receive a notice by mail and incur a NSF charge. To avoid this situation, have automatic payments withdrawn from your checking account. Contact the merchant to arrange this change, and be aware that your request could take more than a month to go into effect. Alternatively, consider using SMFCU Bill Pay to automatically send payments to the merchant, rather than authorizing the merchant to automatically withdraw payments.
- Account information
- Social Security Number
- Mother's maiden name
- Online Banking Access Code
- Account Access Code
- ATM Card PIN
- Credit Card Number, Expiration Date or PIN
Exception: We have 24x7 monitoring systems for our credit and debit cards. You may receive a phone call from these monitoring systems to verify that you performed a transaction that they consider suspicious or unusual for you. However, when they do contact you they will never ask you for any personal identifying information.
What is Identity Theft? Identity theft occurs when someone uses your personal identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
What is Social Engineering? Instead of attacking a computer, Social Engineering is the act of interacting and manipulating people to obtain important/sensitive information or perform an act that is latently harmful. To be blunt, it is hacking a person instead of a computer. A social engineer can use the phone, the internet, or even show up in person to perform the malicious act. They can be after data such as ID number, username, password, server names, machine names, remote connection settings, schedules, credit card numbers, etc. They may also try to get someone to install some malicious software, visit an unscrupulous website, or even access unauthorized locations.
What is Phishing? The personal information is then used to access the individual’s account and can result in identity theft and financial loss.
Protect Your Personal Information
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Unique account, unique password: Separate passwords for every account helps to thwart cyber-criminals.
- Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
- Own your online presence: When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit who you share information with.
- When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cyber-criminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
- Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your laptop or cell phone.
- Protect your money: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “http://” is not secure.
Be proactive in securing the mobile device itself. Depending on what security options are available on your device, create a "strong" password (consisting of unusual combinations of upper- and lower-case letters, numbers and symbols) or PIN (with random numbers instead of, say, 1234 or the last four digits of your Social Security number) and periodically change it.
- Be careful about where and how you conduct transactions. Don't use an unsecured Wi-Fi network, such as those found at coffee shops, because fraud artists might be able to access the information you are transmitting or viewing.
- Don’t send account numbers or other sensitive information through regular e-mails or text messages because those are not necessarily secure.
- Check with your wireless provider in advance to find out about features that enable you to remotely erase content or turn off access to your device or account if you lose your phone.
- Research any application ("app") before downloading it. Just because the name of an app resembles the name of your credit union — or of another company you're familiar with — don't assume that it is the official one of that credit union or company.
The best place to download an app is from the official Web site of the credit union or company that you are doing business with or from a legitimate app store. Note that the business will often direct you to an app store.
Go to main navigation