Heartbleed Bug Not a Threat to Peninsula Credit Union Members
Posted on April 14, 2014
On an ongoing basis, Peninsula Credit Union evaluates its website and online systems for security threats and potential vulnerabilities. Peninsula Credit Union internal systems are not susceptible to the recent “Heartbleed Bug and have not been compromised.
Although many websites are targets, Peninsula Credit Union Online Banking is not vulnerable because it DOES NOT use OpenSSL or open source encryption technology.
Your accounts are safe and secure. You do not need to change your username and password and can continue to securely access your Peninsula Credit Union online banking and bill pay via both computer and mobile devices. However, you may always change your password at any time. Best security practices do recommend that you change your passwords from time to time.
For your home or personal computer, remember the rules of good security:
- Install and update anti-virus and spyware-detection software, as well as a firewall.
- Keep your computer and browser updated by allowing automatic updates.
- Never respond to emails or web pages requesting personal information verification.
- Delete emails from unknown senders with nonsensical information, subject line typos, or suspicious links.
- Do not click any links in suspicious emails.
- When you shop online, check your browser for an "s" (for "secure") in the web address (i.e., "https") and a locked padlock symbol.
Peninsula Credit Union will be performing system maintenance on Sunday, March 16 from 4:00am – Noon PST. During that time there will be no access to:
- Online Banking
- Phone Banking
- Text Banking
- Mobile Banking
- ATM balance inquiry and transfers
There will be limited access to ATM withdrawals and debit card purchases during that time. We apologize for any inconvenience that this might cause and hope to have the work done as soon as possible. Thank you for your membership.
TARGET BREACH INFORMATION – Updated 1/12/2014
Target disclosed today, January 10, that personal information from an additional 30 million Target customers may have been included in the data that was stolen during the breach period of November 27 to December 15, 2013. This brings the total of Target customers affected to 70 million. According to Target’s release, the data in jeopardy for the additional 30 million customers DOES NOT include payment card data. Target states that the names, mailing addresses, phone numbers, and email addresses of the additional 30 million customers were exposed in part or in whole. Target’s release is available for reading at:
TARGET BREACH INFORMATION – Updated 12/31/2013
As previously shared, once news broke that Target had suffered a data breach, Peninsula Credit Union began to take action and monitor the situation (see previous postings on this web page). As soon as it was available, we obtained the list of Peninsula Credit Union debit cards that were compromised from Visa. We then began to reissue those affected cards and send letters notifying members via a letter.
The process of reissuing all affected cards has been completed. If you were a member whose debit card number was at risk, you will be receiving a letter in the mail letting you know that your card is being reissued, when you should expect the new card to arrive and when your existing card will be no longer be able to be used. It is important that you activate your new card once you receive it. There will be no charge for replacing your compromised card(s).
We want to assure members that your accounts with us are monitored 24/7 by an experienced team of security professionals for any suspicious or potentially fraudulent activity. Peninsula Credit Union employs the most advanced fraud detection and prevention technology to guard members’ debit accounts against unauthorized access and use.
Questions about the Target REDcards should be directed to Target at 1-866-852-8680 or Target.com.
It is always a good practice for members to keep a watchful eye on their accounts and transactions. If you notice any unauthorized activity on your checking account, please contact Peninsula Credit Union immediately at 360-426-1601 or 1-800-426-1601.
Thank you for being a valued member of Peninsula Credit Union.
TARGET BREACH INFORMATION – Updated 12/23/2013
Peninsula Credit Union has been monitoring the issue with regards to the Target data breach every day since the news broke last Wednesday.
As our 12/19/2013 Alert shared (see below), this event was limited to November 27 through December 15 for in-store transactions only. Be assured that your Credit Union was not involved in any part of this security breach.
VISA has sent notification to Peninsula Credit Union regarding those debit cards exposed during this data compromise. Affected cardholders will receive a letter and a new card within 14 business days of the date of that letter. There will be no charge for replacing your compromised card(s). You should activate your new card immediately. Your existing card will continue to work until the date specified within your notification.
Questions about the Target REDcards (transactions posted to a checking account through ACH) should be directed to Target at 1-866-852-8680 or Target.com. If you notice any activity on your checking account that you did not authorize, please contact Peninsula Credit Union immediately.
You should monitor your account for any unauthorized activity by frequently reviewing your account history through On-line banking, the PCU Mobile App, Peninsula Financial Manager (PFM) Alerts, or your statements.
If you have any questions or concerns, please don’t hesitate to give us a call at 360-426-1601 or 1-800-426-1601.
TARGET BREACH INFORMATION - 12/19/13
There have been inquiries regarding the potential data breach reported by Target. As your credit union, we have taken steps to monitor whether any of our members have been affected at this time. We have not been able to identify that any of our members have but we feel that it is important to help understand what steps member can take to monitor their accounts.
The information that is available to us states that the only cards potentially impacted by this breach, as it is now known, are ones utilized IN A TARGET STORE DURING THE TIME FRAME OF NOVEMBER 27th through DECEMBER 15. (If a card was used in an online purchase, it is not impacted.)
Things to keep in mind:
- If you did not use your card during this period you should not be affected.
- If you did use your card during the period listed above, you should monitor your account for any unauthorized activity.
- We have tools available for this purpose:
- On-line banking
- Mobile App
- PFM alerts
- If you detect unauthorized activity on a TARGET credit card, TARGET debit card or RED Card you should contact Target at 866-852-8680.
- If you detect unauthorized activity on another financial institution’s credit card, you should contact that institution and Target at the number listed above.
- If you have a TARGET DEBIT CARD linked to a PCU checking account, or have used your Peninsula debit card at Target and unauthorized activity is detected, you should contact our Member Services department immediately at 800-426-1601.
- Bulletins regarding this potential breach have not yet been issued by various agencies; but we expect that they will be forthcoming shortly with additional information.
- Because of the timing of this potential breach, you may not want to experience the inconvenience involved in a card re-issue if it is not necessary. The agencies and firms that we typically receive guidance from in these types of situations are encouraging people to be diligent in monitoring their accounts, but also encouraging folks to “sit tight” regarding a card re-issue until additional information is available.
At Peninsula Credit Union, we take member security seriously and take great precautions to safeguard our data. If you have any questions regarding this or any other matter, please do not hesitate to call or visit a branch.
Thank you for being a member. Our Priority is You.
Report Phishing - 7/12/13
The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
What is phishing?
Phishing is a scam typically carried out by unsolicited email and/or websites that pose as legitimate sites and lure unsuspecting victims to provide personal and financial information.
Skimming Fraud Incident - 10/17/12
Members have been contacting us stating that they’ve received the following text message:
“The credit union center alert: your card had been deactivated. Please call 360-554-0095.”
This is a SCAM. The number has been disconnected.
If you have any questions, pease give us a call at 360-426-1601
Beware of Skimming Fraud
Recently, there has been an increased rate of debit card fraud, in particular "skimming at self serve gas pumps". Skimming has been described as one of the most significant problems facing the credit card industry, as it can happen anywhere a credit card is accepted. The best way for consumers to protect themselves from skimming is by paying attention to the details of credit card usage. When a credit card is skimmed, data on the card, including the account number, is electronically transmitted or stored. The credit card information can then be encoded onto a lost, stolen, or counterfeit credit card and used anywhere in the world. Since there are legitimate uses for many of the devices used to read or skim credit cards, paying attention to where you use your credit cards can also help prevent fraud.
June 12, 2012
A telephone scam that emerged last month holding out a “sweepstakes” offer from the Consumer Financial Protection Bureau has since evolved and promises payments up to $1.5 million after the consumer pays “taxes.” The CFPB issued a notice in May and again last week warning consumers not to be fooled. “The CFPB does not host sweepstakes and will never ask you to send us money in exchange for us sending you money in return,” it said. The CFPB says consumers receiving such calls should not provide any personal, consumer, or commercial information. Some of the calls may tell the consumer that if they can’t pay the taxes, the caller will find a sponsor who can. “A popular model for scams is to trick the intended victim into cashing a fraudulent check in order to send a portion to a scammer,” the CFPB warns. “We continue to stress that you should not provide any personal, consumer, or commercial information to the caller. Anyone receiving suspicious calls related to the CFPB are directed to call the bureau directly at 877-411-CFPB and report them.
Spotting an Impostor: Scammers Pose as Friends, Family and Government Agencies
It's easy to think "It couldn't happen to me." But scammers know how to get around our better judgment. They play on our emotions or promise big payoffs to get us to act. And many use the names of government agencies like the FTC, trusted companies, or friends and family to get us to buy into their schemes. We may not be able to spot the impostor until it's too late.
The Federal Trade Commission (FTC), the nation's consumer protection agency, wants you to know that scammers are posing as people, agencies and companies you know and trust. They may use phone calls, emails, letters, faxes or even text messages in their deceptions. To see past the disguise, you need to be alert to signs of an impostor scam:
- They want you to wire money. Wiring money is like sending cash; once it's gone, you can't get it back. Don't send a check or money order by overnight delivery or courier, either. And don't deposit a check and wire money back — the check will turn out to be a fake. Con artists tell you to use these services so they can get your money before you realize you've been cheated. For more on money wiring scams, visit ftc.gov/ScamWatch.
- They want you to pay to collect your winnings. Legitimate sweepstakes don't require you to pay insurance, taxes, or shipping to claim what you've won. Scammers pretend to be with banks and well-known companies like WalMart and Publishers Clearing House to make you think it's the real deal. No matter how convincing the reasons, never send money to claim a prize.
- They claim to be with a government agency. They may try to get you to send money by saying they're with the FBI, FTC, IRS, U.S. Customs and Border Protection or the U.S. Marshals Service. They might even use a real employee's name and call from a Washington, D.C., phone number. But it's a number they've faked. Contrary to scammers' lines, no federal government agency supervises or runs sweepstakes. Similarly, insurers like Lloyd's of London don't insure the delivery of sweepstakes winnings.
- They claim to be someone you care about. You think it's your grandson calling, panicked because he needs you to wire money to help him fix a car, get out of jail or a hospital emergency room, or leave a foreign country without the rest of the family finding out. Or a stranded friend emails and asks you to wire money overseas. In reality, it's a scammer who sleuthed out your grandchild's name, or hacked your friend's email account. To make sure it's not really a loved one in trouble, call a number you know to be genuine, and check the story out with other people in your circle. You also can ask the caller some questions that a stranger couldn't possibly answer.
- They want you to act now. The key to successful impostor scams is getting you to send money before you find out who's really on the other end. The more time you have, the more likely you'll figure it out. Resist the pressure to act immediately before you've checked it out.
File a complaint with the FTC
If you encounter an impostor scam, let the FTC know. File a complaint at ftc.gov or call 1-877-FTC-HELP.
January 2, 2011
Due to unusually high levels of fraudulent activity abroad, Peninsula Credit Union has placed debit card usage restrictions on certain countries. Please contact us regarding your international travel plans to discuss the use of your debit card for the duration of your trip.
July 29, 2010
Phishing Alert: the email message: "Subject: pcfcu.org account notification" was not sent by Peninsula Credit Union and possibly contains a virus. Do not open and delete upon receipt. Following is an example of the false email:
This e-mail was send by pcfcu.org to notify you that we have temporanly prevented access to your account.
We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.
Peninsula Credit Union will never solicit information by email. If you are ever in doubt about an email or other contact from Peninsula Credit Union, please call 800-426-1601 to confirm that you are dealing with a legitimate representative of Peninsula Credit Union.
Phishing alert: E-mail claims to be from NACHA
WASHINGTON (7/23/10)--A phishing e-mail scam claiming to be from NACHA, the electronic payments association, has prompted an alert to key players, including financial institutions, in the electronic auto clearinghouse (ACH) payments system.
NACHA received reports that individuals and/or companies received the e-mail. The subject line of the e-mail states, "Unauthorized ACH transaction," however, recipients should be alert for different variations of fraudulent e-mailes.
The message contains a link that directs recipients to a fake Web page sporting a link with an executable virus with malware.
NACHA warns recipients not to click on the link. "Both the e-mail and the related website are fraudulent," it said in the alert. "Do not follow Web links in unsolicited e-mails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual," NACHA said.
NACHA does not process or touch the ACH transactions that flow to and from organizations and financial institutions. It does not send out communications to individuals or organizations about individual ACH transactions that they originate or receive.
Peninsula Credit Union will never contact you asking for your account number or social security number. Some fraudulent scams are known to call with a message that says that your debit card account had been compromised due to billing problems and that you must provide an account number to get your card reactivated.
If you receive such a call, you should ignore it. You may also wish to contact us so that we can be aware of the situation or if you wish to clarify your account status with us.