How We Protect You
Keeping your online financial and personal information secure and confidential remains one of our top priorities. We ensure your privacy and security by offering technology and services designed by the brightest minds in the Digital Banking industry.
We do not store member information on publically accessed Web servers. All account information is housed on servers that are behind our firewall (protected area). The Web server only passes information between your Browser and our computers located behind the firewall, and vice-versa.
What kind of security procedures are in place to protect my information when I am managing my money or paying bills through Digital Banking?
All Digital Banking sessions are authenticated and encrypted. The authentication of a Digital Banking session is handled through your User ID and Password combination, which is required at login. The Password is the same as that used when conducting your Phone Banking transactions.
The encryption is accomplished by establishing a Secure Socket Layer (SSL) connection between the Browser and the Web server. You can only access Digital Banking with an SSL-compliant browser.
Encryption: The privacy of communications between you (your Browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your Browser and our Digital Banking server.
It is important to verify that only authorized persons log in to Digital Banking. This is achieved by verifying your Password. When you submit your Password, it is compared with the Password we have stored in our secure data center. We allow you to enter your Password incorrectly a limited number of times; too many incorrect Passwords will result in the locking of your Digital Banking account until you call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e. someone trying to guess your Password). You play a crucial role in preventing others from logging in to your account.
Never use easy-to-guess Passwords, such as: Examples:
- Birth dates
- First names
- Pet names
- Phone numbers
- Social Security numbers
Never reveal your Password to another person. You should periodically change your Password in the User Options section of Internet Banking.
The computers storing your actual account information are not linked directly to the Internet. Transactions initiated through the Internet are received by Digital Banking Web servers. These servers route your transaction through firewall servers. Firewall servers act as a traffic cop between segments of our Digital Banking network, used to store information, and the public Internet.
What to Expect from Shell FCU
Shell FCU will NEVER call, email or otherwise contact you and ask for your User ID, Password or other Digital Banking credentials.
Shell FCU will NEVER contact you and ask for your credit or debit card number, PIN or 3-digit security code. Please see below for more information about how our card providers approach member service calls.
Our card provider will identify themselves as Card Services calling on behalf of Shell FCU. They will never ask for your card number, expiration date or CVC (security) code.
They will: verify SS# and DOB
They may: refer you to call the credit union
Our card provider will identify themselves as Card Fraud Detection.
They will: verify the reference number that was left on your voicemail and verify the card number
They will never: ask for your Social Security Number
Rights and Responsibilities
With respect to Digital Banking and electronic fund transfers, the Federal government has put in place rights and responsibilities for both you and the credit union.
As many people know, Web pages with "https" addresses indicate online security. You can also verify a secure page by looking for the gold lock located in your Browser window.
You can always log in safely from the homepage on this website.
MFA (Multi-Factor Authentication) is necessary to keep up-to-date with the latest technologies and remain in compliance with Federal regulations. It provides an added layer of security and helps further protect members from online fraud and identity theft.
Shell FCU's Digital Banking occasionally requires a multi-step authentication by email or text message. The verification code used to authenticate your identity will be sent to the phone number or email address we currently have on file for you. If you choose the email option, please check your spam folder.
These security measures are put into place to ensure you are accessing the legitimate Shell FCU service; as well as confirming your identity when logging in from an uncommon PC or conducting transactions out of your normal routine.
Two Factor Authentication settings can be customized within User Settings under the Security section. Google Authenticator is also available on the Security page, should you choose to enroll. As always, Shell FCU is available to assist you with any questions.
How to Keep Yourself Safe in Cyberspace
In today’s high-tech world, we are able to do things more quickly and conveniently electronically, whether it is to send a letter via email, pay bills or even go shopping online. With this increase in speed and convenience also comes increased risk. Every day, unscrupulous individuals are busy developing new scams targeting the unsuspecting public. At Shell FCU, the security of member information is a priority. We are strongly committed to the safety and confidentiality of your records. One of the best ways to avoid fraud is to become an educated consumer and we would like to help you in this endeavor. Please take a moment to read this important information on how to keep yourself safe when conducting business online.
Reduce Your Risk
eStatements can reduce your risk of mail fraud.
Protect Your Identity
Monitor account activity. Monitor your account activity regularly either online or by reviewing your monthly Statements and report any unauthorized transactions right away.
Access your risk. We recommend periodically assessing your Digital Banking risk and put into place increased security controls where weaknesses are found; particularly for members with business accounts. Some items to consider when assessing your Digital Banking risk are:
- Who has access to your online business accounts?
- How and where are User IDs and Passwords stored?
- How strong are your Passwords and how often are they changed? Are they changed before or immediately after terminating an employee who had access to them?
- Do you have dual controls or other checks and balances with respect to access to Digital Banking transactions?
Online Security Tips
An important part of online safety is knowledge. The more you know, the safer you’ll be.
- Set strong Passwords. A good Password is a combination of upper and lower case letters and numbers and one that is not easily guessed. Do not use Social Security numbers as User ID or Password. Try to use “special character” such as pound (#) and at (@) signs. Change your Password frequently. Don't write it down or share it with others.
- Protect your answers to security questions. Select questions and provide answers that are easy for you to remember, but hard for anyone else to guess. Remember, with today’s social media networks such as Facebook and Twitter, some of these answers would be easy for a determined fraudster. So avoid using questions that would be easy for them to find. Avoid using the same questions that you used for other websites.
- Use secure websites for transactions and shopping. Shop with merchants you know and trust. Make sure Internet purchases are secured with encryption to protect your account information. Look for “secure transaction” symbols like a lock symbol in the lower right-hand corner of your Web Browser window, or https://... in the address bar of the website. The “s” indicates “secured” and means the webpage uses encryption.
- Conduct Digital Banking activities on secure computers only. Public computers (at Internet cafes, copy centers, etc.) should be used with caution, due to shared use and possible tampering. Digital Banking activities and viewing or downloading documents (Statements, etc.) should only be conducted on a computer you know to be safe and secure.
- Don't reveal personal information via email. eMails and text messages can be masked to look like they are coming from a trusted sender when they are actually from someone else. Play it safe. Do not send your personal information, such as account numbers, Social Security numbers, Passwords etc. via email or text.
- Don't download that file! Opening files attached to emails can be dangerous, especially when they are from someone you don't know, as they can allow harmful malware or viruses to be downloaded onto your computer. Make sure you have a good antivirus program on your computer that is up-to-date, and don't open attachments you aren't expecting. They can be bad news.
- Links aren't always what they seem. Never log in from a link that is embedded in an email message. Criminals can use fake email addresses and make fake Web pages that mimic the page you would expect. To avoid falling into their trap, type in the URL address directly and then log in.
- Log out of sites when you are done. When you are ready to leave a site you have logged into, log out rather than just closing the page.
- Close your Browser when you’re not using the Internet.
- Turn it off! Your computer should be completely turned off when you are finished using it; don’t leave it in sleep mode.
- Install, run and keep anti-virus software updated.
Digital Banking App Security Tips
When you use a mobile device (cellular phone, iPhone, iPad touch or other devices) for Browser or text-based account access, keep these tips in mind:
- Keep your phone software updated & stay away from “Jailbroken / Rooted” devices.
- Don’t open suspicious emails or click on suspicious links.
- Use your data connection instead of public WiFi, especially when accessing your Digital Banking.
- Never disclose via text message any personal information (account numbers, password, or any combination of sensitive information like your social security number or birth date that could be used in ID theft.
- Use the keypad, password or finger-print lock function on your mobile device when it is not in use. These functions protect your device so that nobody else can use it or view your information.
- Be sure to delete text messages sent from Shell FCU before loaning, discarding, donating or selling your mobile device.
- Use anti-virus/anti-malware on your mobile device for added security.
Identity Fraud versus Identity Theft
Identity fraud is usually limited to an isolated attempt to steal money from an existing account such as a charge on a stolen credit card.
Identity theft is when a thief uses stolen personal information, such as Social Security number or your member number, to open accounts or initiate several transactions in your name. This may cause financial loss or damaged credit.
Usually, identity theft is more extensive than identity fraud. If fraudulent transactions occur on your account, it does not automatically mean your identity was stolen. It may be an isolated incident of theft that can be quickly resolved.
Internet Fraud Information
Shell FCU does not solicit personal/private information from members via email.
If you ever receive a message asking for you to update personal/private information that is either outdated or incomplete and the sender claims to be Shell FCU, please ignore the request. You are most likely being targeted in a phishing scam. Delete the message immediately.
Shell FCU recommends you handle unwanted email scams as follows:
- Delete the message immediately. Do Not Open It. Your curiosity could result in a computer virus or worse.
- Report the incident to: Internet Crime Complaint Center
- If you have been victimized by a spoofed email or website scam, contact:
- Shell FCU - So that we can alert other members.
- Your local law enforcement
- U.S. Postal Inspector
By paying closer attention to the information we disclose via email and through efforts to report these scams, we can make it much more difficult for this type of criminal activity to succeed.
Report Online Fraud and Suspicious Activity
ATM Safety Tips
- Observe your surroundings before using an ATM. If the machine is obstructed from view or poorly lit, visit another ATM.
- Shield the screen and keyboard so anyone waiting to use the ATM cannot see you enter your PIN or transaction amount.
- Put your cash, card and receipt away immediately. Count your money later, and always keep your receipt.
- If you see anyone or anything suspicious, cancel your transaction and leave immediately. If anyone follows you after making a transaction, go to a crowded, well-lit area and call the police.
- When using an enclosed ATM that requires your card to open the door, avoid letting strangers follow you inside.
- When using a drive-up ATM, make sure all passenger car doors are locked and windows are up.
- Do not leave your car unlocked or engine running when you get out to use an ATM.
- While many ATMs are available 24 hours a day, some may be open only during local business hours. To be on the safe side, plan your withdrawals ahead of time.
Protecting Your Card
- Keep your card in a safe place to avoid damage or theft.
- Memorize your Personal Identification Number (PIN). Never write the PIN down on anything in your wallet or on the card.
- When selecting a PIN, avoid numbers and letters that relate to your personal information. For example, don’t use your initials, birthday, telephone or Social Security number.
- Immediately report a lost or stolen card to the issuing financial institution.
- To help guard against fraud, keep your ATM receipts until you check them against your monthly statement.
Tips When Traveling Abroad
- International ATMs may save you money. Withdrawals are dispensed in local currency and are debited from your account in U.S. dollars based on a favorable exchange rate.
- Have your card out and ready to use.
- Some international ATMs are available only during normal business hours. Hours vary from Country to Country.
- Most international ATMs do not permit transactions involving multiple accounts. Most likely, your transaction will be routed to your primary account.
- Four-digit numeric PINs are standard in most Countries.