Security Information

Debit Card Fraud Protection
Debit Card Denied?
Traveling Abroad
Avoid Being a Fraud Victim

Fraudulent Text Messages
Protecting your Computer


EnFact Debit Card Fraud Detection System

CFCU is employing a risk management system for debit card fraud detection. It uses a neural network, daily reports and call center of skilled analysts who work around the clock watching for suspicious activity.

Here’s how it works:

  1. The system reviews each debit card transaction and scores it based on the degree of probability that it might be fraudulent. Then, a fraud analyst reviews each card alert report to determine if notification should be made.
  2. If it’s determined there is a high probability of fraud, the cardholder is notified immediately. Two call attempts are made every two hours for up to two days. (These calls will be made between 8:00 a.m. and 9:00 p.m. local time.) If the fraud analyst cannot reach the cardholder during this period, and the activity is considered high risk, the card may be temporarily blocked.
  3. When contact is made, the cardholder will be asked about the transaction and card status. (To differentiate a call like this from an identity theft phishing attempt, we will not ask for any personally identifying information. Our callers will already have this information.) If the cardholder confirms a transaction was legitimate, the fraud analyst thanks the member and notifies the Credit Union.
  4. If the cardholder confirms fraud, the system blocks the card from future use, thus protecting the member’s funds. It will also mark the transaction as confirmed fraud for use in future scoring and tracking to help identify potential fraudulent patterns or trends. In the case where a card is blocked, CFCU will work closely with the member to quickly reissue a new card.

Debit Card denied? Try using your PIN number

If a signature-based debit card transaction doesn’t go through at a merchant location, try it as a pinned transaction (enter your PIN as part of the transaction). From time to time, we may block signature-based transactions at a particular merchant type if we are experiencing high volumes of debit card fraud.

Traveling Abroad?

Please let us know so we can insure smooth credit and debit transactions.

If you're traveling abroad and intend to use your CFCU credit or debit card on your trip, make sure you let us know. That way we can place a message on your account to make sure transactions are processed smoothly.

Why is this necessary?

Fraud protection. Most credit and debit card fraud comes from foreign countries. As a result, we may block transactions from certain countries where we have experienced fraud. Notifying us will help ensure your transactions are recognized as legitimate and can go through as expected, even if you're in a country where transactions are being blocked.

Fraud costs cardholders and issuers hundreds of millions of dollars each year. To protect you, we implemented this new Web-based system developed to help block potential fraud in real time. Countries from which transactions are blocked may change as we detect new scams and schemes. Please notify Member Services at 607-257-8500 when you're traveling abroad to avoid any problems with your cards.

For a list of currently blocked countries please contact us.

Avoid Being a Fraud Victim

The Looks Too Good To Be website was built to educate you, the consumer, and help prevent you from becoming a victim of an Internet fraud scheme.

The website was developed and is maintained by a joint federal law enforcement and industry task force. Funding for the site has been provided by the United States Postal Inspection Service and the Federal Bureau of Investigation. Key partners include the National White Collar Crime Center,, Target and members of the Merchants Risk Council.

Fraudulent Text Messages

So your cell phone alerts you to a new text message. It’s from your financial institution, saying your debit card has been deactivated. To clear up the situation, all you have to do is call the number in the text. Should you make the call?

With the popularity of cell phones and the fact consumers are wising up to computer-based fraud, scammers are turning their attention to texting. According to online security experts, cell phone users are three times more likely to fall for fake messages than computer users. Don’t take the bait:

  • Never respond to unsolicited messages (Even sending a “remove” of “stop” response to a fraudulent text tells the scammer your number is active.)
  • Never click on unknown links in texts
  • Block suspicious numbers
  • Always verify a source before sharing information
  • Don’t store credit card or account login information on your phone
  • Set your phone to time out and lock after a short period
  • Review statements and credit reports regularly to detect suspicious activity


You’ll receive an e-mail that appears to come from a reputable company like a financial institution or government agency, including one of the federal financial regulatory agencies.

The e-mail will warn you of a serious problem that requires immediate attention. It may use phrases such as, “Immediate attention required,” or “Please contact us immediately about your account.” It will then encourage you to click on a button to go to the institution’s Web site. You could be redirected to a phony site that looks exactly like the real thing. Maybe, it’s the company’s actual Web site, but a pop-up window appears to harvest the information.

You may be asked to update your account information, or provide information for verification purposes, such as your Social Security number, account number, password, your mother’s maiden name or your place of birth.

How to protect yourself:
  1. Never provide your personal information in response to an unsolicited request whether over the phone or the Internet.
  2. Never click on the link provided in an e-mail you believe is fraudulent.
  3. If you believe the contact may be legitimate, contact the financial institution yourself. The key is that you should be the one to initiate the contact using contact information you have verified.
  4. Never provide your password over the phone or in response to an unsolicited Internet request. (Do not be intimidated by an e-mail or caller who suggests dire consequences if you do not immediately provide or verify financial information.)
  5. Review account statements regularly to ensure all charges are correct.
  6. If you fall victim to an attack, act immediately. Alert your financial institution. Place fraud alerts on your credit files with the three major credit bureaus (Equifax—800-525-6285, Experian—888-397-3742, TranUnion—800-680-7289). Monitor your credit files and account statements closely.

CFCU already has your personal information on file. We do not need and will not ask for it!


A variant on the phishing approach uses telephone systems, known as Vishing, is used to obtain confidential information such as bank account and credit card numbers, Social Security Numbers, passwords, and personal identification numbers from consumers.

In essence, Vishing is the criminal practice of using social engineering and Voice over Internet Protocol (VoIP) telephony to gain access to private personal and financial information from the public for the purpose of financial reward. The term Vishing is a combination of “voice” and phishing. Vishing exploits the public’s trust in landline telephone services, which have traditionally terminated in physical locations, are known to the telephone company, and are associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing thus providing anonymity for the criminal caller. Vishing is attractive to criminals because VoIP service is fairly inexpensive, especially for long distance, making it cheap to make fake calls. In addition, because it’s web-based, criminals can use software programs to create phony automated customer call center service lines.

An example of a Vishing scam is when a consumer receives a recorded message telling them that their credit card and/or financial institution account has been breached and to immediately call a number provided in the recorded message. The phone number provided in the message leads the consumer to a “fraudulent call center” established by the perpetrator of the fraud. The perpetrator then attempts to obtain confidential account information and login credentials in order to access the account. A twist on this scam is when the recorded message provides the address of a fraudulent website for the consumer to access (instead of a telephone number) and to provide certain information to reinstate the supposedly affected account(s).

Vishing is very hard for authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages (telephone, email, or otherwise) directing them to call and provide personal, confidential, and/or account related information. Rather than provide any information, the consumer should contact their financial institution or credit card company directly to verify the validity of the message using contact information they already have in their possession (i.e., do not use contact information provided in the suspicious message).

Protecting Your Computer

What can I do to protect my computer?

  1. Don’t click on pop-up ads that advertise anti-virus or anti-spyware programs.  Even though pop-up ads are used for valid advertising they can also be used for malicious purposes, like getting you to install fake security programs. If you are interested in a security product, search for it and visit its homepage, don’t get to it through a pop-up ad.
  2. Use and regularly update firewalls, anti-virus, and anti-spyware programs.  It is very important to use and keep these programs updated regularly so they can protect your computer against the most recent threats. If possible, update them automatically and at least daily.
  3. Properly configure and patch operating systems, browsers, and other software programs.  Keep your system and programs updated and patched so that your computer will not be exposed to known vulnerabilities and attacks.
  4. Turn off ActiveX and Scripting, or prompt for their use.  ActiveX controls are small programs or animations that are downloaded or embedded in web pages, which will typically enhance functionality and user experience. Many types of malware can infect your computer when you simply visit a compromised site and allow anything to run from the website, such as ads. Turning off ActiveX and Scripting can help protect your computer if you inadvertently browse to or are unwillingly redirected to a malicious site. (You can limit the functionality of your Internet browser through its configuration choices, but be sure to look for a guide if you are unfamiliar with how to limit scripting and active contents.)
  5. Keep backups of important files.  Sometimes cleaning infections can be very easy; sometimes they can be very difficult.  You may find that an infection has affected your computer so much that the operating system and applications need to be reinstalled. In cases like this it is best to have your important data backed up already so you can restore your system without fear of losing your data.
  6. Regularly scan and clean your computer.  If your organization already has configured this on your computer, do not disable it. If you need to scan your computer yourself, schedule regular scans in your programs. Also, several trusted anti-virus and anti-spyware vendors offer free scans and cleaning. Access these types of services from reputable companies and from their webpage, not from an unexpected pop-up.

For more information, please visit:

Staying Safe Online: