Several banks in northern Alabama have issued warnings regarding an increasing number of phone calls to their customers from scammers attempting to steal credit card information.
Calls to customers may appear to have their bank’s name or phone number as the caller ID, a practice known as caller ID spoofing. The scammer identifies as an employee of your bank or law enforcement, usually stating that your card has been compromised and you need to take action. They will likely know your name and credit card number. They use the known information and ask you to verify the three numbers on the back of you card, called a card verification value (CVV) or card verification code (CVC) number. Tthe card is now fully compromised once they have the CVV/CVC number
What To Do
The following information was shared by Redstone Federal
1. RFCU will never call you to verify your credit/debit card CVV number(s) or any other personal security information. If you receive such a call, please call 800-234-1234 or the number on the back of your card to verify its authenticity.
2. Don’t give out any personal information to anyone online, through social media, or over the phone unless you initiated the contact or can validate that they are actually employed by the company he or she is representing.
3. Keep a close eye on your accounts. Use Redstone’s online banking to check your accounts daily. Use Credit Card Control or Debit Card Control to track how your card’s usage or turn the card on and off.
4. Use strong passwords – Each of your passwords should be unique and include elements such as symbols, numbers & uppercase & lowercase letters.
5. Click carefully – Don’t open unsolicited emails & only download files and software you can trust.
If you believe your card has been compromised, call the
service phone number on the back of your card immediately. They will cancel the
card and issue a new card.
On September 7, 2017, Equifax, one of the three largest U.S.
credit bureaus, announced a massive data breach affecting 143 million
consumers. As a result, they established a website – www.equifaxsecurity2017.com – to
address the issue and keep consumers up to date on the latest news around the
breach. Included in the website is a list of actions they have taken, frequently
asked questions (FAQs), a link to determine if you may have been affected by
the breach, and a link for free credit monitoring for a year from TrustedID.
You can follow these steps to determine if you may be
- Go to www.equifaxsecurity2017.com
- At the bottom of the page, click “Potential Impact”
- Provide your last name and the last six digits
of your Social Security number
If you are interested in obtaining one year of free credit
monitoring, you’ll be given an enrollment date. At that given time, return to www.equifaxsecurity2017.com and
follow the steps to enroll. It is important to note that free credit monitoring
is open to everyone even if you do not believe you were affected by the breach.
The best way to protect yourself is to stay informed. Here
are a few tips we recommend for protecting yourself:
- Check your account statements and history at
least monthly to verify transactions.
- If you have not been proactive about reviewing
your credit reports on a regular basis, now is a great time to start. Each US
citizen has access to their free credit report from each of the three largest
U.S. credit bureaus – Equifax, Experian and Transunion – once a year through annualcreditreport.com. You can get all three reports at one time or
stagger them throughout the year.
- Consider a fraud alert or credit freeze on your
If you are aware that your personal
information has been compromised, you can place a free fraud alert on your
account. This will require a business to notify you if someone tries to open an
account in your name. A fraud alert lasts for 90 days, but can be renewed, or
if you are a victim of identity theft, you can choose to have an extended fraud
alert for seven years.
A credit freeze actually restricts access
to your report completely. Fees for a credit freeze are limited to a maximum of
$10 per credit bureau. A credit freeze is a greater protection than a fraud
alert; however, it also requires the freeze be removed and reapplied each time
you need to have your credit reviewed by someone other than yourself.
- Change passwords regularly and use strong
passwords. At Longview, we use LastPass.
LastPass is a free consumer tool for storing and developing passwords. LastPass
can automatically generate a password that meets a site’s requirements and
offers strong encryption.
- Consider using two-key authentications where available. This is a second layer of protection for your
accounts. Not only are you required to give a password, but you are also
required to provide a code that is either emailed or sent by text to you during
We live in a world reliant on electronic access and delivery
of information. It is important to remain proactive and protect your
information as best you can. If you have any questions or would like to learn
more about protecting your information, we encourage you to reach out to us.
How Longview Protects
The internet has increased the speed and ease at which we
can provide and access information, but it has also created another entry point
for thieves. It is a growing struggle for businesses to stay ahead and put
protections in place. It is a scary reminder that if large organizations, like
Equifax, can be breached, so can the smaller businesses, like Longview. That is
why it is so important for us to maintain policies to review and protect our
client’s information. Here are a few of the policies and procedures Longview
has implemented to protect your data:
- Identity Theft Program: We have a list of red
flags for which all employees are responsible to watch. Red flags include: changes in addresses,
request of funds, wires, notifications of possible breaches, and suspicious
activities. Whenever a red flag occurs, there is a process in place to review
the action for client protection.
- Password Policy: Longview uses a corporate
license for LastPass, a free consumer
product to store and generate passwords. This program offers encryption of
passwords, strong password creation and requires a change in the master
password every 90 days. Longview also has internal requirements for passwords.
- Two-Key Authentication: Fidelity and our
customer relationship manager software requires two-key authentication for
access of client accounts. This is a second layer of security protection for
- Information Security Policy: Longview has
adopted an information security policy to provide a plan to prepare for and
respond to possible breaches. Several safeguards are included in the policy:
- Review of all third-party security policies on
an annual basis.
- Physical copies of information containing
personally identifiable information are stored in locked rooms/filing cabinets
and all hardcopies of client information is locked away daily.
- Electronic copies of client information are
encrypted and stored through Box.com, which is backed up through Amazon. No
client copies are saved on individual laptop computers.
- The firm’s firewall and antivirus software is
- All access to the firm’s network requires a
secure password and is separate from a client’s network access.
- Incident Response Plan: Longview has compiled a process
for employees to follow if an incident does occur. The plan includes a list of
access persons, policies and procedures, succession and business continuity
plans, vendor due diligence reports, periodic computer reviews, daily download
deletions, and a process to remediate and recover information.
In addition to Longview’s protections, Fidelity has a customer
protection guarantee that covers losses from unauthorized activity in your
As always, thank you for your business. We value your
partnership and will continue to strive to protect your information.