Heartbleed Vulnerability Assessment:
Per media reports, a flaw in OpenSSL encryption technology was recently discovered and announced this week. We are pleased to report that all scans concluded that the credit union has no vulnerabilities in this situation.
Important Information Regarding your VISA Debit/ATM Card
Please be diligent in monitoring transaction activity on your account and contact us immediately if you identify any fraudulent transactions.
Here are some additional tips on protecting yourself from debit card fraud.
- Unless absolutely required for a legitimate business purpose, avoid giving out your:
- Address and ZIP code
- Phone number
- Date of birth
- Social Security number
- Card or account number
- Card expiration date
Your PIN is private; never give it out.
- In stores and at ATMs, always cover your card and PIN, and watch for:
- Cell phone cameras, mirrors, or other tools used to view cards and PINs
- People watching your transactions
- Cashiers taking your card out of sight; take it to the register yourself
- Any unusual activity at ATMs; if you feel uncomfortable, go to another ATM
- Online, you should never respond to unsolicited emails that:
- Ask you to verify your card or account number; such emails are not sent by legitimate businesses
- Link to websites; such sites can look legitimate but may collect data or put spyware on your computer
Conducting Your Transactions Online
Federal financial regulators are reporting that Internet threats have changed significantly over the past several
years. Sophisticated hacking techniques and growing organized cyber-criminal groups are increasingly targeting
financial institutions, compromising security controls, and engaging in online account takeovers and fraudulent
electronic funds transfers.
In order to help ensure the security of your online transactions, we want you to know that:
In addition, we may require owners of commercial accounts to perform their own risk assessments and controls
evaluations. For example:
- We will never email, call or otherwise ask you for your user name, password or other electronic banking
- You can help protect yourself by implementing alternative risk control processes like:
- Making sure you choose an adequate user name and password that, at a minimum, mixes in
small case letters, upper case letters and numbers
- Periodically changing your password (e.g., at least every 90 days)
- Safeguarding your user name and password information
- Making sure you have a firewall in place when conducting your financial transactions
- Logging off the system when you're done conducting business (don't just close the page or "X" out of the
- Monitoring your account activity on a regular basis
Federal regulations provide consumers with some protections for electronic fund transfers. These regulations
generally apply to accounts with Internet access. For example, these federal laws establish limits on a consumer's
liability for unauthorized electronic fund transfers. They also provide specific steps you need to take to help
resolve an error with your account. Note, however, that in order to take advantage of these protections, you must
act in a timely manner. Make sure you notify us immediately if you believe your access information has been
stolen or compromised. Also, review your account activity and periodic statement and promptly report any errors
or unauthorized transactions. See the Electronic Fund Transfer disclosures that were provided at account opening
for more information on these types of protections. These disclosures are also available online (or ask us and we
will gladly provide you with a copy).
- Make a list of the risks related to online transactions that your business faces including
- Passwords being written down and left out in the open
- The use of old or inadequate passwords
- The possibility of internal fraud or theft
- Delays in terminating the rights of former employees
- The lack of dual control or other checks and balances over individual access to online transaction
- An evaluation of controls your business uses may include
- Using password protected software to house passwords in
- Conducting employee background checks
- Initiating a policy and process to terminate access for former employees
- Segregating duties among two or more people so no one person has too much access or control
- Conducting internal or third party audits of controls
- Using firewalls to protect from outside intrusion or hackers
If you become aware of suspicious account activity, you should immediately contact the authorities and contact us
at the number listed below.
|Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA) and Regulation GG Advisory Against Illegal Use
The UIGEA, signed into law in 2006, prohibits any person engaged in the business of betting or wagering (as defined by the act) from knowingly accepting payments in connection with the participation of another person in unlawful internet gambling. The Department of Treasury and the Federal Reserve Board have issued a joint final rule, Regulation GG, to implement this Act.
As defined by Regulation GG, unlawful internet gambling means to “place, receive or otherwise knowingly transmit a bet or wage by means which involves the use, at least in part, of the internet where such bet or wager is unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received or otherwise made”.
As a member of Alaska Airlines/Horizon Air Employees Federal Credit Union, these restricted transactions are prohibited from being processed through your commercial account or banking relationship with us. If you do engage in an Internet gambling business and
open a new account with us, we will ask that you provide evidence of your legal capacity to do so. Commercial accounts are defined as any account that is not a consumer customer.
Restricted transactions generally include, but are not limited to, those in which credit, electronic fund transfers, checks, or drafts are knowingly accepted by gambling businesses in connection with the participation by others in unlawful internet gambling.