AmeriCU Credit Union is committed in every way to ensuring the security of sensitive member information. As such, AmeriCU Credit Union utilizes multiple security technologies and methods including overlapping layers of security to protect our ATMs and BIG BLUE Kiosks.
What is Skimming?
A method used by criminals to capture debit or credit card data from the magnetic stripe on the back of an ATM card. However, in order to commit fraud the card data and PIN information are both needed.
What is PIN Capturing?
A method used by criminals to obtain your credit or debit cards PIN information. Typical methods include social engineering (human interaction) techniques, strategically placed cameras or false keypads to capture PIN information. Many skimming attacks utilize a combination of technical and ‘social engineering’ (human actors) techniques such as the often used ‘good Samaritan’ or ‘friendly and helpful’ passerby who may be able to enter your PIN for you. NEVER give your PIN to anyone!
Remember the following when using any ATM, KIOSK or automatic payment system:
- Cover Up! Shield your PIN entry on the ATM or KIOSK keypad with your spare hand when entering transaction information. By protecting your PIN, criminals do not have access to your account when card information is compromised (this method is useful when transacting at an ATM or Point of Sale).
- Stand close to the ATM and use your body as a shield as extra security to protect your Card and PIN.
- Do not accept assistance, guidance or allow anyone to interfere with your transaction – fraudsters sometimes pose as bank officials by offering assistance or interfering with your transaction.
- Report any unusual appearance or any difficulty in using an ATM or KIOSK immediately to the nearest AmeriCU financial center.
- If you suspect that a skimming device is attached to an ATM or KIOSK, DO NOT attempt to remove it or tamper with it in any way. The criminals who engage in this type of fraudulent activity are known to become violent as they are typically not far away from the scene observing.
- As always, be vigilant when using ATMs or KIOSKs but be just as vigilant in reviewing your account transactions frequently for anomalies or unidentifiable charges or transactions.
- Utilize the account activity alert feature that can be configured via AmeriCU’s e-banking application, Member Connect Web, to ensure that you always know when fraudulent activity takes place on your accounts.
- Only insert the card when the ATM prompts you to do so – fraudsters jam ATMs to create confusion with customers.
- Don’t allow anyone to call you back to the ATM or KIOSK after transacting, requesting you to insert your card again – fraudsters use this technique to confuse customers who’ve already finalized their transactions and are busy walking away.
- Be observant of your surroundings when transacting at the ATM – Leave the ATM immediately if you feel unsafe or when suspicious people are loitering around the ATM.
- Use ATMs you are familiar with and do not use ATMs in secluded areas or late at night.
- Choose your ATM carefully: Use ATMs in high traffic areas that are well lit.
- Never force your card into an ATM slot.
- If your card is trapped or swallowed by an ATM, do not leave the ATM. Call the bank card stop number immediately to cancel the card before leaving the ATM. AmeriCU only utilizes ‘dip’ style card reader on all ATMs and KIOSKS but other institutions still utilize card capture style card readers.
- Do not accept an offer to use someone else’s phone when phoning your bank to cancel your card.
The practice of luring unsuspecting Internet users to a fake website by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack.
Please note that there are two easy and clear identifiers that guarantee you have reached AmeriCU Credit Union’s Online Banking Login Page. This is the Website’s address located in the address bar of your browser:
- AmeriCU Address Bar
- “Secure” Lock
Both of these must be visible in your browser.
If you double-click on the yellow pad lock, you can view our Verisign Certificate details. These details verify AmeriCU’s Website and ensure that you have reached the authentic Login Page. If the certificate is not issued by Verisign and is not for the Website www2.americu.org, then the site is not valid. Please be sure to check the spelling.
A variant on phishing is “vishing”, which uses telephone systems to obtain this information from unwary consumers. The term vishing is a combination of “voice” and phishing.The criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward.
Consumers are becoming more aware that an e-mail they receive containing a link or other contact information could be malicious in nature. So criminals are using methods victims are more familiar with, like calling a number. In essence, vishing is the criminal practice of using the phone to gain access to private, personal, and financial information from the public for the purpose of financial reward. Vishing exploits the public’s trust in landline telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for Caller ID “spoofing” and thus provides anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software programs to create phony automated customer call center service lines.
An example of a vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a “fraudulent call center” established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).
Vishing is very hard for authorities to monitor or trace. To protect yourself, we advise our members to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e. do not use contact information provided in the suspicious message).
Text Message Scams
The practice of sending fraudulent text messages on mobile phones advising members of issues with their account, in order to gain access to private personal and financial information.