Take steps to prevent and detect identity theft and fraud

Take steps to prevent and detect identity theft and fraud

Privacy and Security

Protecting your financial identity is very crucial. Together with Redstone Federal Credit Union®, you can take steps to prevent and detect identity theft and fraud. The most important step toward protecting yourself is to never give out account information to anyone who comes asking for it. RFCU® does not call, text, or send emails asking for account information. Remember—we already have it!

Online Banking

Redstone Federal Credit Union is committed to providing members secure methods for banking online. However, your browser and operating system are a key component of keeping your online information safe and secure. To ensure the maximum level of security we recommend keeping both up to date. Click here for more information on upgrading.

Phone Calls about Suspicious Card Transactions

As a result of suspicious or out-of-the ordinary card transaction(s) on your Redstone Federal Credit Union credit or debit card(s), you may occasionally receive a call from a Redstone Federal Credit Union employee or third party representing Redstone Federal Credit Union that will be calling to validate the transaction(s) as legitimate.

Be aware that the persons making these calls will never ask for your account number, card number or social security number as we already have that information. You should never give this information to anyone calling you.

If you are ever suspicious of a call from Redstone Federal Credit Union or a party representing Redstone Federal Credit Union, disconnect the call and initiate a call to Redstone Federal Credit Union to validate.

To minimize chances of receiving these calls, please submit the "Travel Form for Cards" located inside Online Banking under the Additional Services tab prior to making domestic or international travel during which you will be using your Redstone Federal Credit Union card and ensure Redstone Federal Credit has your best contact information on file.

Online Security Vulnerabilities

When Redstone becomes aware of online security vulnerabilities that may impact you as a member, helpful information will be posted here with trusted advice on how to best protect yourself.

Debit and Credit Card Data Breaches

If you think you may have been impacted by an unauthorized debit or credit card data breach from a retailer or any other institution you do business with, there are a few simple things you can do to protect yourself. Keep an eye on your account through Online Banking or monthly statements to watch for any unusual activity. You can even set up alerts that will notify you if account balances or transaction amounts exceed certain thresholds you set, and fraud text alerts are available for your Redstone credit card. This service sends text alerts to your mobile phone allowing you to confirm or deny suspicious activity quickly and stop fraud fast. You can enroll through the Credit Card Info tab within Online Banking or the mobile app.

If you notice anything suspicious or unusual on your Redstone accounts, please notify Member Connect immediately for assistance by calling 800-234-1234. If desired, Redstone can close your debit or credit card and reissue a new one for you. You should also report fraud or identity theft to the Federal Trade Commission and local law enforcement.

If you suspect that your card has been breached, it is recommended that you change your PIN number as an added measure of security. To help protect your account information, consider periodically changing your PIN number quarterly or annually.

RFCU will never call you asking for your card number, PIN, or other card information in the case of a debit or credit card data breach. As always, if you ever question the legitimacy of a call from RFCU, please hang up and call 256-837-6110 or 1-800-234-1234.

Protect Your Identity

An excellent way to detect fraudulent activity is to keep a close eye on your accounts, such as by using RFCU’s Online Banking to watch your accounts on a daily basis. Restrict the usage of your debit card with the Debit Card Control settings inside the Redstone Mobile Banking app. You should also take advantage of your free annual credit report check, which gives an overview of your credit accounts from all financial institutions.

Free credit reports are available under Federal law at AnnualCreditReport.com.
To receive your free annual credit report, you can

There are several other precautions you can take to protect yourself against identity theft. These government websites provide precautions, tips, and advice on protecting yourself online, while on the telephone, or by mail.

Social Engineering

Those looking to misuse your account information will often disguise themselves as Redstone Federal Credit Union, or any other financial institution, and then ask you to “verify” your account information by sending them confidential information. These “social engineers” also search dumpsters for valuable information, memorize access codes by looking over someone’s shoulder (shoulder surfing), or take advantage of people’s natural inclination to choose passwords that are meaningful to them but can be easily guessed. Some examples of social engineering techniques include the following:

Phishing – Phishing uses e-mails that appear to originate from a trusted source (such as a financial institution) to trick users into entering confidential information on a fake web page.

Vishing – This technique uses an interactive voice response (IVR) system to recreate a legitimate-sounding copy of a financial institution’s IVR system. The victim is prompted to “verify” various financial information. More advanced systems transfer the victim to the attacker, posing as a customer service agent, for further questioning.

Smishing – The victim receives a text message telling them to call a toll-free number, which is answered by a bogus interactive voice-response system that tries to fool the victim into providing his or her account number and password.

Baiting – An attacker will leave a software-infected computer disk or USB flash drive in a location such as a bathroom, elevator, or parking lot. The attacker gives it a legitimate looking label and name, and then simply waits for the victim to use the device. Baiting can also take the form of an App for your mobile phone. These Apps are designed to look and feel legitimate.

Business and Commercial Accounts

Unfortunately, even businesses are not immune to identity theft and fraud. In fact, some online business account transactions may incur a higher level of risk when it comes to fraud than a consumer account transaction. To help protect your business against identity theft and fraud, RFCU strongly encourages you to conduct periodic risk assessments and evaluations of your controls to detect weaknesses or inadequacies.

Many companies keep sensitive personal information about customers or employees in their files. Having a sound security plan in place can help you meet your legal requirements to protect sensitive information. The Federal Trade Commission provides helpful guidelines to take into consideration when conducting your risk assessments and controls evaluation. This booklet by the FTC also provides information on how a business can protect information, as does this document from the Bureau of Consumer Protection Business Center.

Protect Yourself

Always bear in mind that security does not stop or start with the technology alone. The majority of security issues can be prevented by simply using common sense.

  • If you get an email, phone call, or text alert about an account, don’t respond before you verify that it’s legitimate. It is best to verify by initiating a call to Redstone Federal Credit Union at 800-234-1234 before responding to any communication.
  • Use strong passwords that are hard to guess, and never share them with anyone. Our recommendation includes the following:
  • Use at least one number in your password
  • Use at least one CAPITAL letter in your password
  • Use at least one symbol or special character in your password
  • It is recommended that your passwords be a minimum of 12 characters in length. For highly confidential sites or information, we recommend 15 characters.
  • Many of the precautions taken to protect mobile devices are the same as those for desktop computers. Devices should be password protected, and programs should only be downloaded and installed from trusted sources.

Members’ Rights and Liabilities

There are several federal regulations which may protect victims who incur unauthorized or fraudulent transactions on their accounts. The victim’s rights and liabilities for the fraudulent or unauthorized transaction depends on the type of transaction, the amount of time it took to notify the Credit Union of the fraudulent transaction, and whether the victim was a consumer or a business.

Consumer Accounts

For a consumer, certain protections are provided under Regulations E and Z for fraudulent or unauthorized transactions. The protections are dependent on numerous factors, including the type of transaction.

Some of the types of transactions that are covered by Regulation E include the following:

  • Point-of-sale (POS) transfers;
  • Automated teller machine (ATM) transfers;
  • Direct deposits or withdrawals of funds;
  • Transfers initiated by telephone;
  • Transactions where a check, draft, or similar paper instrument is used as a source of information to initiate a one-time electronic fund transfer from a consumer’s account; and
  • Transfers resulting from debit card transactions, whether or not initiated through an electronic terminal.

Likewise, there are other transactions which are not covered by Regulation E and are not given the same protection as the transactions listed above. Transactions that are not covered by Regulation E include the following:

  • Checks;
  • Check guarantees or authorizations;
  • Wire or other similar transfers;
  • Securities and commodities transfers;
  • Automatic transfers by the Credit Union resulting from an agreement between the member and the Credit Union in which the Credit Union initiates individual transfers without a specific request from the member; and
  • Telephone-initiated transfers including any transfer of funds initiated by a telephone communication between the member and the Credit Union that does not take place under a telephone bill-payment or any other written plan in which periodic or recurring transfers are contemplated.

Below is a list of some of the protections consumers may have under these two federal regulations. Additional protections may also be provided by Visa® and they are included below as well.

Business/Commercial Accounts

Unfortunately, business accounts are not provided the same protections as consumer accounts under Regulations E and Z. Rest assured, however, that the Credit Union will still investigate any fraudulent or unauthorized business transaction thoroughly and in a timely manner. While business accounts may not have the same protections under Regulations E and Z, Visa and CheckFree Services Corporation may still offer some protections to these accounts. Protections offered for business accounts for fraudulent or unauthorized transactions are listed below:

Learn more about privacy and security for businesses. View the video now!

Ready to Open a Redstone Account?

Must be RFCU member or service group to open an account, obtain a product, or utilize a service. Must be eligible for membership and open a share savings account to join RFCU. $5 minimum balance is required to open share savings account and be maintained in share savings account at all times. Must have RFCU checking account to obtain a debit card. Minimum opening deposits, average monthly balances, transaction fees, and monthly checking maintenance fees may apply to the checking accounts. Redstone Federal Credit Union is an Equal Credit Opportunity Lender.

Must be RFCU member with online banking and PIN/password to use RFCU mobile banking and bill pay. Must have Company ID, User ID, and password to access business online banking. Must have business online banking service and Company ID, User ID, and password to access business mobile banking. Standard wireless carrier text message and/or data rates and fees may apply; check with your carrier for more information. Other restrictions may apply. RFCU does not warrant, guarantee or insure any product, purchase or service offered by any third party company. RFCU and third party companies are separate entities.

Card Control: Must have compatible mobile device to use service. Certain functions of the service may not be available for all transactions or at all times. Controls and alerts based on the location of mobile device or location of merchant may not apply appropriately in some transactions and in some card-not-present transactions.