Tips for cardholders regarding common fraud vulnerabilities
Seasonal and Holiday Charity and Travel Scams
• A legitimate charity will welcome your donation whenever you choose to make it; whereas fraudsters will “pressure” you to make it right then.
• You should not send donations in the form of gift cards or wire transfers.
• Remember to watch for travel deals that are too good to be true, and to know who they are booking their travel through.
Two-Factor Authentication Scams
As fraud controls get smarter, fraudsters are shifting their attack patterns to bypass controls. Fraudsters have been using automated phone calls to try to steal consumers two-factor authentication codes and hack into banking, merchant, and third-party payment accounts. These include Apple, Amazon, PayPal, and bank accounts.
An example of these calls state: "In order to secure your account, please enter the code we have sent your mobile device now.” Financial institutions and valid merchants will ask cardholders to enter this code on their website or app, not via text or automated phone call. A communication like this indicates the fraudster has tried to access an account and has run into a two-factor challenge from the merchant or institution. This call is an attempt to secure the code sent to a phone number or email on file at the merchant or institution. Usually something like the enter code that had has popped up on your phone. Once entered the automated message will say: "Thank you, your account has been secured and this request has been blocked.” Sometimes the call will say don’t worry about any payments or fees, we will refund it and then state, “you may now hang up.”
Scams like these require a hacker to already know several details about a cardholder, such as email address, phone number, and passwords. Personal data like this is often found on the dark web, collected from previous breaches and hacks, sold by POS merchants to marketers, or given out by cardholders themselves.
Phishing/Smishing Attacks
Phishing and smishing (phishing by SMS texts) are attempts to trick cardholders into providing sensitive confidential information in order to commit fraud. Its variations, and frequency, continue to be on the rise. Phishing schemes such as “spear-phishing,” which is more targeted and difficult to identify, are becoming even more sophisticated than in the past. Instead of using only suspicious links in poorly designed emails, phishing emails are mimicking websites and appearing to be legitimate and credible. The use of web address shortening tools, such as TinyURL, make detection of suspicious links more difficult, even by savvy online users.
It is important to safeguard your financial data and online banking credentials against criminals trying to harvest them. It is also a good idea to avoid clicking on links that appear in random emails and instant messages. Some phishing emails will start with “Dear Customer,” so you should be on the alert when you come across these emails. When in doubt, go directly to the source rather than clicking on a potentially dangerous link.
In general, cardholders should never give out full card numbers, passwords, full social security numbers, or other sensitive information over the phone.
Securing Digital Devices
Cardholders should avoid storing confidential card information in unencrypted format on digital devices unless it is stored using a Digital Wallet or secure password management application. Security concerns to be aware of include:
• Unencrypted card information on digital devices is susceptible to malware attacks.
• Sensitive information, such as PIN, Social Security number, or answers to security questions can also be stolen by way of malware and remote access applications downloaded to a digital device.
• Choose reputable and secure applications to store passwords and other sensitive data on digital devices.
Fraud Alerts
Here's how we alert you about potential debit card fraud
Phishing schemes and other types of fraud try to deceive you into thinking you're talking to a legitimate institution such as a retailer, bank, or other trusted organization. In reality, when you fall victim to these scams, you're giving your information to thieves. Taking this into consideration, it's important to know how we communicate with you when there's potential fraud on your accounts.
If we see suspicious activity on your debit card you'll be notified in the following ways:
Automated Phone Call
When a transaction is detected by Fiserv EFT, our debit card processor, that seems unusual, Fiserv will call you and ask you to verify if you initiated the transaction.
Text Notifications
We offer texts to our debit cardholders. Text ‘YES’ or ‘NO’ to confirm, or deny, authorization of the purchase. We will never ask you to give details about your debit card or transaction purchases.
Members are automatically enrolled in this program, and we will use the phone number we have on file for you. Text messaging will follow the Telephone Consumer Protection Act (TCPA), which allows text messages to only be sent between 8:00 a.m. and 9:00 p.m. If the alert is generated outside of these hours you will still receive a phone call.
Safeguard yourself from fraudulent activity, especially text messages that are from an unknown source. We do not use text messages to handle security questions regarding your account. If you receive a text message and are unsure of its validity, call us directly at 877-888-9510, or visit any one of our branches to speak to a representative.
Additional fraud resources:
The above scams are only a few of the most prevalent happening in the world today. To learn more about additional popular sources of fraud, visit the resources below.
Common Scams and Crimes – Search the FBI’s website for categories of scams and crimes filtered by year
Fraud Watch – Sign up for AARP’s fraud watch alerts
Fraud and Scams – Consumer Financial Protection Bureau's fraud overview
Card Valet
The mobile application that allows you to control the use and expense limits of your debit card while traveling. Protect your debit cards through your mobile device by receiving alerts and defining when, where and how your payment cards are used.
Learn more about Card Valet