Tuesday, August 30, 2016

Gas Stations and Card Skimming - Be Alert!

Millions of travelers will be hitting the roads this Labor Day holiday weekend and consumers are urged to remain alert to the possibility of card skimming at gas stations. Our insurance bond carrier, CUNA Mutual Group, has alerted member credit unions about the possibility of increased card skimming activity at gas stations. The new EMV card readers are not required at gas stations until October 2017 so gas station locations around the country have become a popular spot for stealing card information. More than 260 skimming devices have been detected in the last year at gas pumps in the state of Florida alone.

Part of the problem with gas pumps is that most of them have a universal key lock making them extremely vulnerable to tampering by data thieves. Once the tampering is done with a skimming device inside the gas pump, it is often well disguised and not easily noticeable to patrons.

After the data is captured, fraudsters return to harvest the stolen card information from the skimming device or, is some cases, access and retrieve the data remotely. The harvested data is then used to manufacture counterfeit cards or the data is sold to other criminals.

Scary stuff here! While the credit unions have some internal tools to monitor card activity, what steps can consumers take to protect themselves?

Look for security tape over gas pump cabinets to reduce the chances that it hasn't been tampered with by unauthorized parties. (Picture above in left corner). If the tape is removed, cut, or the gas pump appears tampered with, do not use it and report it to the gas station manager.

Try to utilize gas pumps that are located closer to the front of the gas station as fraudsters will typically place skimming devices at gas pumps away from the store to go unnoticed.

Consider using a credit card rather than a debit card at the gas pumps. While there is consumer liability protection for both, most find dealing with a credit card compromise less intrusive.

If using a debit card at the gas pump, run the debit card as a credit authorization where you don't have to enter your card PIN number. This would prevent counterfeit ATM transactions since they would not have the stolen PIN number.

Consider going inside the gas station to prepay for your gas purchase. They may have the EMV card reader inside to protect your data from being stolen.

Finally, check your card accounts closely to watch for any unauthorized transactions. Home banking and mobile banking are great ways to closely monitor your accounts during the month plus they can show pre-authorizations that have not been debited yet on the account.

Thursday, August 11, 2016

Liars, Thieves, and Crooks

There doesn't seem to be any shortage of thieves trying to separate consumers from their money from online or telephone scams. The credit union continues to hear about multiple variations of old dirty tricks designed to either invoke trust or fear as the catalyst for stealing money. 

It seems as if more telephone scams by calls or text are on the rise. The fake jury duty call scam has been making the rounds where a call is made stating that a warrant has been issued for your arrest because of failing to appear for jury duty. Providing a credit card number can pay the fine and make it all go away they say. Fake calls for a loved one supposedly in a jail or hospital late at night are fairly common. Again, fear is the prime motivator here as they strike fear into the victim's heart in hopes of rendering them oblivious to the normally obvious red flags associated with an unknown caller. 

Fake collection calls where they state that your arrest is imminent if you don't pay over the phone are another common scam taking place.

Fake Microsoft or Internet support calls from "tech support" callers are numerous and they want access to your computer to steal your personal information. I had one of these calls myself some time ago and quizzed them on multiple points which of course caused them to promptly hang up.  

Calls and text messages claiming to be from your financial institution attempt to utilize trust and fear as a tool to steal. Members typically trust their credit unions so if their credit union says that something is wrong with their account, they must act quickly to avoid any loss of their hard earned savings. Unfortunately the opposite occurs when criminals are able to obtain personal account information. Our Fraud Department will call and text members on suspicious transactions but we will not be asking for any personal information. 

How do you keep from becoming a financial victim? 

First and foremost, recognize that people wake every day thinking up ways to steal your money.
Adopt a general distrust of any calls or texts that you receive that are asking you to provide any personal information. NEVER give out personal information or account numbers to strangers, including callers who claim to be from your financial institution. Remember not to trust Caller ID as a verification of the actual caller since Caller ID can be spoofed to display any number. 
If fear is a component of the urgency of a requested transaction, that is a huge red flag. Step away from the situation and ask yourself "does this make sense?". If a loved one is supposedly in harm's way and needs assistance, contact other relatives to confirm or ask for the name of the facility/location involved and call yourself using a telephone number that you have verified yourself. 

If urgency is required, caution is required. 

Call the credit union with any suspicious requests that you may receive. I'm happy to speak with members on these scams as it also helps us to know what types of fraud is being attempted in the community. Be careful out there! 

Monday, May 23, 2016

EMV Chip Cards are Here: Now What?

The new EMV chip debit and credit cards are here. That being said, how should you change how you used your new EMV chip for transactions? The security value of these new cards is only realized when the EMV card is being used by an EMV card reader by the merchant accepting the card for payment. Much of the counterfeit card fraud that has taken place over the past few years occurred because of a card swipe where the data was stolen at some point by hackers. Cards that are swiped for the authorization do NOT transmit that card information in the most secure environment. There are many merchants and retailers out there right now who have the EMV chip reader at their point-of-sale terminals but do not use them because they don’t have the technology implemented yet. So what does that mean? They ask you to swipe your EMV chip card for your transaction. This is defeating the purpose of the technology and expense of issuing EMV chip debit and credit cards. Merchants who utilize the EMV chip reader at the point-of-sale are doing their best to protect your personal card information. As consumers and holders of these EMV chip cards, it is in our best interest to transact business with those merchants and retailers who have functioning EMV chip card readers.

True, the liability does shift from the issuer (credit union in this case) to the merchant/retailer when the EMV chip reader technology is not being utilized. Does that really mean much to you though when your money has been taken out of your account from a counterfeit card transaction from a location five states away? It is an incredible inconvenience to have your card information hacked and money stolen. Initially, your money is gone and you don’t have a working debit or credit card anymore.

Consumers need to put pressure on the merchants and retailers to implement the EMV card readers at their point-of-sale terminals. Does the authorization process take slightly longer than a swiped card transaction? Yes, but that time is secure time and would greatly reduce the threat of your money being stolen at some point in the future. Ask the store manager why they aren’t doing all they can do to keep your card information as safe as possible. If you have two retailers and one has an operational EMV card reader and the other doesn’t, you would be wise to choose the first one.

So far in 2016, North Alabama Educators Credit Union members have seen just over $80,000 in fraudulent transactions due to counterfeited debit cards on data that was stolen from the merchant card swipe process. Let’s get away from the card swipe process at retailers and reduce card fraud for everyone! 

Monday, November 23, 2015

EMV Cards & Liability for Consumers

EMV stands for Europay, Visa, and Mastercard, the three companies that originally created the idea of the EMV chip card where card information is stored in a chip embedded in the front of the card. (Traditional debit and credit cards have the information stored on a magnetic stripe on the back of the card.). The authentication parameters with the EMV cards change with each transaction where the magnetic stripe cards maintain the same card information, thus making it much more difficult to counterfeit an EMV chip card. The technology is only beneficial for "card present" situations where the card is physically presented for a transaction and the merchant has the point-of-sale terminal that can communicate with the EMV card chip. Online Internet transactions would not have any additional security enhancements from the EMV chip cards. Verified by Visa or MasterCard's SecureCode are the best tools available to prevent online card fraud.

Card issuers are still in the process of issuing EMV chip cards and merchants are installing EMV point-of-sale terminals that can read the EMV chips. North Alabama Educators Credit Union will have a mass card EMV card reissue of all member debit cards in the spring of 2016. Roughly only 20% of merchants have installed the EMV chip readers at this point.

The focus of the EMV card technology was about reducing fraud and shifting liability. What does this mean to the consumer in terms of liability? In short, nothing should change from a liability standpoint. The liability shifts being discussed have been between the merchants and the card issuers who are the financial institutions. The credit union has not charged our membership for any portion of unauthorized charges even though VISA rules and government regulations allow for consumers being responsible for the first $50.00 per fraudulent incident for fraudulent charges. One concern that I have is if the liability for a fraudulent charge is shifted to the merchant, it would not surprise me to see that $50.00 cost be passed on to consumers, possibly more if the fraud is not reported promptly;
  • up to $500 if you fail to notify the bank within two business days after you realize the card is missing, but do notify the bank within 60 days after your bank statement is mailed to you listing the unauthorized withdrawals. 
A banking financial institution has an ongoing account relationship with a consumer. A retailer two states away does not share that same relationship so if they have liability for a fraudulent transaction, they will most certainly hold the consumer responsible for the first $50.00 in their reimbursements for unauthorized charges. Time will tell how the liability shifts between the merchants and the institutions will impact any costs passed on to the card consumer. If there were to be $50.00 fraud liability costs passed on to the members by the merchants, it would be guess that the credit union would absorb that $50.00 cost since we have already been doing so. Rest assured that many traditional banks out there would not be doing that. 

More information on our EMV cards to be issued in 2016 will be provided to our cardholders during the first quarter of 2016. In the meantime, member liability for unauthorized transactions still remains a $0.00 liability for our credit union members. 

Monday, November 16, 2015

Weather Closings and Delays at NAECU

It has been predicted by multiple sources that the Tennessee Valley can expect a harsher winter this year due to changes associated with the El Nino weather patterns. Time will tell whether the forecasters are correct or not. One thing is for certain however in the Tennessee Valley - this area is not well suited to clear roads from winter weather events. Governmental budgets are stretched thin as they are so additional resources for winter weather events are pretty much non-existent. That translates to roads being impassable and officially closed under fairly minimal snow and ice events.
If roads are not safe or closed due to weather conditions, that means that our employees cannot travel safely to and from their own homes. Safety of our employees is the primary factor in determining our operating hours when dealing with weather events.

My decision in closing or delaying operating hours of the credit union is not made lightly. I never make a decision on a closing or delayed opening until at least the early morning of a day in question. There have been too many occasions where a winter weather event was expected the night before that did not produce the anticipated results. In order for the credit union to close or delay an opening, there must be active road problems taking place or a line of known winter weather coming that is causing driving problems in its path. We all know that tornadoes are possible throughout the year as well. We did close early on the tornado outbreak day of April 27, 2011 because of the high probability of damaging tornadoes which sadly did occur. Luckily our employees were home when the long track tornado took out the power grid and did so much damage in Morgan, Limestone, and Madison counties. Again, safety of our employees is our primary objective.

We are working on a phone app system where members could be alerted to changing office hours due to weather events. In the meantime, our web site's home page is updated as well as our social media pages on Facebook and Twitter. We send out an email message via Constant Contact to subscribers (no cost) to inform about any necessary office hour changes. To subscribe to our Constant Contact mailing list, CLICK HERE to provide you name and valid email address. You can unsubscribe at any time.  

Everyone should be weather aware. If there is anticipated poor weather expected in our area, making financial plans and obtaining some cash before the weather event is always a good idea.

Thursday, October 15, 2015

Bank Robbers and Hats

The picture on the right here is a bank robber who robbed the south branch of Cullman Savings Bank just before 2:00 PM yesterday. A note was presented to the teller and an undisclosed amount of money was stolen from the bank in the robbery.

What you see here is extremely common for bank robbers, that being that the suspect is wearing a hat. This is especially true for silent robberies where a note is used as opposed to a strong-arm armed robbery.

I have not seen the photo image of the robber at the teller window which may be more disguised since he is wearing a hat during the robbery. The image shown here is an excellent photo which is not always the case. Video camera placements behind the teller line typically have to be placed higher due to structural logistics. This higher camera placement makes it more difficult to capture a good facial image when a person is wearing a hat at a teller window.

All of these security issues are exactly why we must ask members and visitors to our teller lines to remove their hats as part of the transaction. Several years ago a police investigator questioned why we were allowing people to wear hats at the teller line since it makes it more difficult to secure good evidence when a crime is committed. (We had just been robbed ourselves by a person wearing a hat). Keep in mind that not all crimes are robberies. They can be stolen checks, counterfeit checks, identity theft, or any transaction questioned at a later time.

We are not trying to be difficult in asking people to remove their hats and sunglasses when coming to our teller lines. We are trying to secure the assets of our member's money. Keep in mind that our drive thru's are always available for transactions if removing a hat is too much of a burden.

Thursday, October 1, 2015

Improper Conduct Towards Employees

Below is a standard notice that is sent out or given from time to time to members regarding interactions with our employees. Our employees work in a public setting and every now and then we have some individuals who would like to pursue contact with our employees outside of the credit union. Sometimes it is just a case of mistaken motives, sometimes it is not. In the end though we need to be able to provide a workplace that is free from unwanted advances. 

Here is the notice;

We thank you for your membership with North Alabama Educators Credit Union. Please understand that our employees are here to provide friendly member service to all of our members in the course of their work transactions. Sometimes, members mistake that friendliness as an opening to request personal employee information or seek contact with our employees outside of the credit union. Please do not approach our employees regarding a request for personal contact information, social media requests, or contact outside of the credit union. We instruct all of our employees to reply with a simple “no thank you” which should be more than enough to prevent continued requests. Our employees are here to provide friendly member service and nothing else. Please refrain from any comments or activity that could be deemed as unwanted advances towards our employees. As an employer, I am responsible for maintaining a workplace that is free of unwanted advances. I thank you in advance for your cooperation. 

The notice along with a phone call at times is usually all that is needed to rectify any ongoing issues. As an employer, our primary focus must be upon our employees in maintaining the best workplace environment. Most members understand this so we rarely have problem issues to begin with.