How to Protect Your Privacy
Identity theft is a fast growing crime, which is when a thief gains access to and uses an individual’s personal identifying information without his or her knowledge in order to commit fraud or theft. You can protect your privacy and minimize your risk of becoming a victim of identity theft by taking the following steps:
Personal Identifying Information
- Always protect personal identifying information, such as your date of birth, Social Security number, credit card numbers, bank account numbers, Personal Identification Numbers (PINs) and passwords.
- Do not give any of your personal identifying information to any person who is not permitted to have access to your accounts.
- Do not give any of your personal identifying information over the telephone, through the mail or online unless you have initiated the contact or know and trust the person or company to whom it is given.
Credit, Debit and ATM Cards
- Limit the number of credit, debit and ATM cards that you carry.
- Cancel all cards that you do not use.
- Retain all receipts from card transactions.
- Sign new cards as soon as you receive them.
- Report lost or stolen cards immediately.
- Promptly remove mail from your mailbox.
- Deposit outgoing mail in a post office collection box, hand it to a postal carrier, or take it to a post office instead of leaving it in your doorway or home mailbox, where it can be stolen.
- Order a copy of your credit report annually and review it for accuracy.
- Check your credit report for unauthorized bank accounts, credit cards and purchases.
- Look for anything suspicious in the section of your credit report that lists who has received a copy of your credit history.
Bank Account and Credit Card Statements
- Contact your financial institution immediately if a bank account or credit card statement does not arrive on time.
- Review your bank account and credit card statements promptly and immediately report any discrepancy or unauthorized transaction.
Telephone and Internet Solicitations
- Be suspicious of any offer made by telephone, on a Web site or in an email that seems too good to be true.
- Before responding to a telephone or Internet offer, determine if the person or business making the offer is legitimate.
- Do not respond to an unsolicited email that promises some benefit but requests personal identifying information.
- OECU will never request your credit card or account information if we have to contact you. The only time we will ask for your information is when you contact us, and we only request information that will identify you or assist us in addressing a problem with your account. If you should receive an email or phone call requesting such information that appears to be OECU, do not respond and contact us immediately at 405-606-6328 or 877-677-6328.
- Store extra checks, credit cards, documents that list your Social Security number, and similar items in a safe place.
- Shred all credit card receipts and solicitations, ATM receipts, bank account and credit card statements, canceled checks, utility bills and other financial documents before you throw them away.
PINs and Passwords
- Memorize your PINs and passwords and keep them confidential.
- Change your passwords periodically.
- Avoid selecting PINs and passwords that will be easy for an identity thief to figure out.
- Do not carry PINs and passwords in your wallet or purse or keep them near your checkbook, credit cards, debit cards or ATM cards.
Wallets and Purses
- Do not carry more checks, credit cards, debit cards, ATM cards and other bank items in your wallet or purse than you really expect to need.
- Do not carry your Social Security number in your wallet or purse.
- Use common sense and be suspicious when things do not seem right.
- Be suspicious of any proposed transaction that requires you to send an advance payment or deposit by wire transfer.
Identity Theft Prevention
Perform an annual check-up on your credit history.
www.annualcreditreport.com offers consumers one free credit report per year for each of the three reporting credit bureaus. It is recommended that consumers request a report at four-month intervals rather than requesting all three at once. This enables the consumer to track their report several times throughout the year.
To contact the 3 credit bureaus directly:
- Equifax: www.equifax.com – 800-685-1111
- Experian: www.experian.com – 888-397-3742
- Transunion: www.transunion.com – 800-888-4213
Use safe computer practices.
- Don’t open attachments from unknown email sources.
- Delete emails from unknown sources without opening them.
- Block pop-ups.
- Delete temporary internet files after online purchases.
- Turn off computer or use “standby” mode.
- Purchase/Use virus and firewall software
- Use secure internet websites whose web address begin with “https” (rather than “http”). The “s” indicates a secure connection that has an additional layer of security compared to an http connection.
- Wipe out hard drive
Sign-up for electronics services such as online banking and online statements.
Accessing information via a secure internet website is much more secure than having your account information in your mailbox, easily accessible to crooks.
Use online bill pay.
Most payments are processed electronically. For those that are not, payments are paid from a master account which means a crook will not have access to your MICR account and routing numbers.
Refuse to give personal information over the phone or internet (unless you initiate the transaction).
Shred account-sensitive documents.
This will help deter identity theft in the event of a burglary.
Shred any unused checks or checks from closed accounts.
Even checks from closed account can be used to instigate fraud. Criminals will use them to make purchases, which can affect the innocent consumer. Criminals will even order more checks off closed accounts to continue their fraud scheme.
Use first initial, last name for preprinted payer information on checks (for example, “J. Doe” instead of “John Doe”).
Use a Sanford® Uniball® Signo Gel 207 ink pen to write and sign checks.
When checks are “washed” by counterfeiters to remove the writing, it is impossible to completely remove this type of ink because the ink is specially formulated to absorb into the fibers of the paper. (This ink pen is recommended by the FBI.)
Consider substituting your work address/phone for personal on your checks.
Request check orders sent directly to your financial institution
To prevent check information stolen from your mailbox.
Don’t leave your purse or wallet unattended.
It’s important that consumers do NOT leave their purse or wallet in their vehicle, even if the car is locked. Also, do NOT leave your purse or wallet unattended in a shopping basket or other vulnerable area.
For your incoming mail, consider investing in a locking mail box or Post Office Box.
A large percentage of identity theft is a result of mail stolen out of the victim’s mail box.
Only drop outgoing mail in an official U.S. Mail Collection Box.
It is best to drop your mail inside a U.S.P.S. facility where mail is not accessible to the general public.
Reconcile bank/credit card statements in a timely manner.
This will help you detect and fight identity theft sooner.
Identity Theft Victim Checklist
File a Police Report in the city/town in which you are a resident.
Get a case number.
Most businesses/financial institutions require a case number to initiate a claim.
Get a copy of the Police Report
Most businesses/financial institutions require a copy of the Police Report to process a claim.
Protect and review your credit report.
Contact information for credit bureaus available below.
Place a Fraud Alert on your credit report as quickly as possible.
By placing a Fraud Alert, an alert will be placed on your credit report that you are a victim of identity theft. The alert will remain on your credit report for 90 days. You can request that the alert remain for an additional 180 days if necessary. (You only have to file it with one credit bureau; that bureau will communicate the alert to the other two bureaus.)
Get a copy of your credit report within 15-31 days.
Placing the Fraud Alert will make you eligible for a free credit report.
Place a “security freeze” on your credit report.
With a “security freeze”, all third parties, such as credit lenders or other companies, will not be able to access your credit report or update your personal information (name, address, SSN, date of birth) without your consent. Generally, a fee is involved in placing and lifting the freeze with each individual credit bureau.
Protect your existing accounts.
Consider closing accounts.
At your financial institutions and opening new accounts (with new account numbers). You would want to do this on any account in which the thief can take money or incur debt (including deposit accounts, credit cards, and investment/trading accounts).
Place passwords/ID Codes on your accounts at ALL your financial institutions.
For any fraudulent accounts, contact the Fraud Department for the financial institution/business.
Follow their procedures to have the account(s) removed from your credit report. (You may have to send supporting documentation to each financial institution/business that is reporting fraudulent account(s) and to the reporting bureau.)
Call check verification agencies to verify the following:
- Verify if any accounts have been opened in your name.
- Verify if any bad checks are being reported to the agency for accounts listed under your name.
- Dispute any bad checks that are being incorrectly reported by completing their required form(s) and sending supporting documentation.
File a compliant with the Federal Trade Commission (FTC).
Federal Trade Commission's toll-free "Identity Theft Hotline": 1-877-438-4338.
Contact the Social Security Administration
If you think your Social Security number has been misused.
- Report the misuse and determine if you qualify for a new Social Security number.
- Request a new social security card if yours has been stolen
- Correct your earnings records (record of wages earned) if incorrect.
- Keep detailed correspondence records (names, dates, actions taken).
- Consider long-term fraud alert membership or fraud alert freeze.
- Be vigilant to watch your accounts and credit for at least one year.
To Contact the 3 Credit Bureaus Directly:
Business Identity Theft
Corporate Account Takeover (also known as Business Identity Theft) is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium-sized businesses to obtain access to their web banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.
- As a business owner, you need an understanding of how to take proactive steps and avoid, or at least minimize, most threats.
- Use a dedicated computer for financial transactional activity. DO NOT use this computer for general web browsing and email
- Apply operating system and application updates (patches) regularly
- Ensure that anti-virus/spyware software is installed, functional and is updated with the most current version
- Have host-based firewall software installed on computers
- Use latest versions of Internet browsers and keep patches up to date
- Turn off your computer when not in use
- Do not batch approve transactions; be sure to review and approve each one individually
- Review your banking transactions and your credit report regularly
- Contact your Information Technology provider to determine the best way to safeguard the security of your computers and networks
At OECU, your privacy is very important to us. That's why we want to let you know about an email scam on the Internet called "phishing" (pronounced "fishing") a technique fraudsters use to lure online consumers to fake corporate Web sites through links sent via email.
The message in the email often warns consumers that their account will be closed if their information is not updated or "verified." The links within the email are often pointed to Web forms that ask for bank account information, such as routing numbers, account numbers, PIN numbers, passwords and Social Security numbers.
It is OECU’s policy to not send or request confidential account information through email because it is not a secure form of communication. You should never enter private, personal information in a form that was sent to you by email.
Here are a few ways you can protect yourself from Internet and email fraud (phishing):
- Never click on links in unexpected emails that request confidential information. If updates to information are needed, always type the address for the institution’s Web site into your browser.
- Before submitting confidential information through forms, make sure that you are using a secure Internet connection. There are two ways of determining if your connection to a Web site is secure. First, look at the address bar at the top of your browser. If the Web site address begins with "https://", then you have established a secure connection, but if it begins with "http://", then the connection is NOT secure. Second, look for a "lock" icon in your browser's status bar at the bottom right hand corner of your browser. The lock verifies that your connection to the Web site is secure.
- Make sure that you have installed and run updated anti-virus and anti-spyware software. Both viruses and spyware can leave your computer vulnerable to attack and intrusion. Anti-virus and anti-spyware software will keep your computer safe from malicious software that might have installed itself or may try to install itself on your computer. Anti-virus & anti-spyware software is especially important if you are using a broadband Internet connection like DSL, cable or satellite.
- Install a Firewall, either software or hardware. A firewall will prevent attacks on your computer through the Internet by determining if a requested connection is malicious or not. A firewall is especially important if you are using a broadband Internet connection like DSL, cable or satellite.
- Keep your Internet browser, anti-virus, anti-spyware and firewall up to date by visiting the manufacturer's Web site and checking regularly for software and security upgrades.
- Review and monitor your checking account, debit card, credit card statements and your credit report regularly to be sure all transactions are legitimate.
- Watch for misspelling or grammatical errors on forms requesting confidential information. Hackers often make errors while rushing to get bogus Web sites in place. If something doesn't look right, there is a good chance that it's not.
OECU will never request your credit card or account information if we have to contact you. The only time we will ask for your information is when you contact us, and we only request information that will identify you or assist us in addressing a problem with your account. If you should receive an email or phone call requesting such information that appears to be OECU, do not respond and contact us immediately at 405-606-6328 or 877-677-6328.
Here is a new twist on the old phishing scam. Now, individuals are receiving telephone text messages alerting them that their debit card has been deactivated. with instructions to call a certain phone number to get their account opened again. Unless you have signed up for this type of service with a financial institution, you can be pretty certain such a text message is a phishing scam. A positive indication of a scam would be if you are contacted in any manner and instructed to contact a financial institution regarding your account and you do not have an account or any other form of relationship with that institution.
In the lottery scam, you receive an email notification claiming that you have won an international lottery. In order to claim your winnings, you must contact the claims agent, typically via an email address that is most often from a free provider (e.g., Yahoo, Hotmail, etc.). The agent then sends you a claim form to verify your identity. You must then return the form with your personal details, along with copies of your passport and/or driver’s license to “verify your true identity.” The fraudsters now have enough information to duplicate your identity. In addition, in order to claim the winnings, you are required to wire funds to the fraudsters to cover the transaction, insurance, tax and legal fees associated with receiving their winnings. The victims are required to transfer the money requested via Western Union. You are now out the funds that you have wired to the fraudsters, and the fraudsters have your personal identification to continue to commit fraud.
Counterfeit Cashier’s Check Scams
The Counterfeit Cashier’s Check Scam is another form of fraud that is becoming widespread in auction sites and on business’ ecommerce Web sites. A buyer will bid on or seek to purchase big-ticket goods (e.g., cars, boats, etc.) from the Web site. The buyer will “accidentally” overpay the seller, stating they “wanted to make sure there were enough funds for shipping.” The buyer will then ask the seller to deposit the check and refund the amount of the overpayment. The seller will deposit the counterfeit check and send the overpayment to the buyer prior to the check clearing through the international banking system. The seller is out the funds equal to the overpayment. In addition, the seller could be down the value of the shipped goods if those are sent at the same time.
To protect yourself, always be careful when transacting with unknown parties. If you question the legitimacy of a buyer, talk with your branch representative to determine the best way to validate the check and funds prior to shipping any goods or providing a refund for the overpayment.
You get an email or a letter in the mail from a "mystery shopping company" often times the name of the company sounds official. Usually there is a check included or a promise to send a check. They tell you to cash the check and complete an assignment at a major retail store. Then they tell you to take the rest of the money that you didn't spend and send it to another mystery shopper via Western Union. The only problem is that's not a mystery shopper, that's the scammer! The check sent to you was not legitimate, but the bank won't realize it for at least a week. When the check is returned as fraudulent, you become responsible for the charges. Meanwhile, you just sent money to the scammer via Western Union and you're left holding the bag.
If you receive an email or letter in the mail saying you won a lottery and they send you a check or if you sell something on eBay and the buyer pays with a check, you may think you can just take the check to your bank and cash it.
Unfortunately, you can’t. What’s worse, if you cash it in most states, you may be assisting a criminal in passing a counterfeit check, money laundering or worse. Blank checks are stolen every day from individual mail boxes, homes, businesses and even banks. Counterfeiters and scammers use these checks to create scams and frauds.
What Can You Do?
If you receive a check in the mail that you are not expecting, DO NOT CASH IT. You should call the issuing bank directly to verify that the account is valid and the check is real.
If you believe you may have fallen victim to this type of scam and wish to report it, please file a complaint with the U.S. government Internet Crime Complaint Center at: http://www.ic3.gov.
Electronic Funds Transfer Act – Rights & Responsibilities
The Electronic Funds Transfer Act (known as Regulation E) was passed in 1978 to establish the rights and liabilities of consumers, and to establish the responsibilities of all participants in electronic funds transfers (EFT).
Who is Covered by Regulation E?
Regulation E applies to any electronic fund transfer that occurs against a consumer accounts. Regulation E does not cover commercial, trust, business, or organizational accounts.
Electronic fund transfers covered:
- Point-of-Sale transfers/purchases
- ATM transfers
- Direct deposits or withdrawal of funds
- Transfers initiated by telephone
- Transfers resulting from debit card transactions
Liability for Unauthorized Transactions
Tell us at once if you believe your debit/credit card or PIN has been lost or stolen, or if you believe that either of them is in the possession of an unauthorized person. Telephoning is the best way of keeping your possible losses down. You could lose all the money in your account(s) plus any available maximum overdraft line of credit. If you tell us within 2 business days you can lose no more than $50 if someone used your card or PIN without your permission.
If you do not tell us within 2 business days after you learn of the loss or theft of your debit/credit card or PIN, and we can prove we could have stopped someone from using your card or PIN without your permission if you had told us, you could lose as much as $500.
Also, if your statement shows transactions that you did not make, tell us at once. If you do not tell us about unauthorized transactions within sixty (60) days after the statement was mailed to you, you may not get back any money lost after the sixty (60) days if we can prove that we could have stopped someone from taking the money if you had told us in time.
If a good reason kept you from telling us, such as a long trip or a hospital stay, we will extend the time periods. Note: The liability limits stated above refer only to unauthorized electronic access and transfers through Telephone Banking, ATMs, point-of sale terminals and Preauthorized Transfers. There are no set limits for customer liability for over-the counter unauthorized transactions at an OECU branch. For your protection, please examine you statements promptly and notify us immediately of any problem.
Contact Information for Lost/Stolen Debit/Credit Cards
If you believe your debit/credit card or PIN has been lost or stolen or that someone has transferred or may transfer money from your account(s) without permission, contact us immediately at 405-606-6328 during business hours. After hours, if it was an OECU issued credit card, call 866-760-7119 or for an OECU issued debit card, call 800-791-2525.