Your Credit Union is committed to protecting our members. Here you will find some ways that the credit union protects the security of your accounts. You'll also find great tips on identity theft prevention, and what to do about it if you are a victim. We also frequently post alerts of scams or fraudulent activity that we want members to be aware of.
At Carolinas Telco Federal Credit Union (CTFCU), we are committed to ensuring that your account information via the Internet and third parties is safe. We do not provide personal information with third parties except as allowed or required by law and as necessary to provide you with services, such as processing check orders, providing member service from our affiliated call center, and offering services to you.
How will Carolinas Telco contact me?
CTFCU may contact you by mail, telephone or by email, but we generally won’t ask you for personal information, such as your member number, Social Security number, online banking Login ID, Password, or complete credit or debit card numbers, as we already have access to that information. We may ask you questions to verify your identity, such as full name, street address, date of birth, last four digits of your SSN, amount/date of most recent direct deposit, etc. If you initiate contact with CTFCU by calling us, we may confirm your identity by asking general questions to verify your full name, address, member number, Social Security number, mother’s maiden name, date of birth, amount/date of your most recent direct deposit, etc. If, for any reason, you suspect that you have been contacted by someone stating they represent CTFCU, but you are unsure if the call is legitimate, hang up. You can then call CTFCU directly, at 1-800-622-5305, to ensure you are contacting your credit union.
Card Fraud Prevention
Visa® Check and Visa® Credit Cards have fraud-monitoring services that trigger alerts to the credit union if a card is used in a geographic location or a pattern that is inconsistent with its history. You may occasionally receive calls to verify unusual activity. If you do not answer, a brief message may be left. Neither the credit union nor our providers will ask for your card number, expiration date, or CVC (security) code. If you are uncomfortable with the call, hang up and call the number listed on the back of your card. When traveling, contact the credit union at 1-800-622-5305, and we can note your account to allow legitimate transactions. So we can reach you promptly when needed, keep the credit union informed of any address or telephone number changes.
Accounts with Online Banking
CTFCU online banking employs industry-leading security features to ensure that all of your transactions are conducted with the highest possible privacy and protection. All data is encrypted using 128-bit encryption, the current industry standard, and transferred via the Secure Sockets Layer (SSL) protocol between you and your Credit Union. Our online banking also offers the option of creating a unique Login ID, so that you can discontinue using your member number to login. We recommend periodically assessing your personal online banking risk, such as restricting disclosure of your password to only joint account holders and refraining from writing your login information down in proximity to your computer. If you have a business, be sure you are aware of who has access to your accounts online and take extra due diligence to review account activity.
Mobile Banking Security
CTCU’s mobile web and apps are secure, using 128-bit encryption that masks your sensitive information. A password is required each time you log on and your online banking private “picture and pass phrase” are displayed to protect against “phishing.” You should always maintain the security of your phone, including using a password to access your phone. Be aware of apps that you download and make sure they are apps that you trust. Downloading apps of unknown or suspect origin could compromise your online banking credentials, or any password-protected app or web site you visit. Take caution using your device at all times.
Rights and Responsibilities: The CTFCU membership agreement provides certain protections to members, such as limited liability on certain transactions. You can review the current membership agreement using the Disclosures link in the footer of this page. Review your statements and/or monitor your account activity regularly through NetBranch or Telco Teller. If your statement or transaction history shows transfers or transactions that you did not make, TELL US AT ONCE at 1-800-622-5305.
On Visa® Credit Cards and Visa® Debit Cards, there sometimes is a potential for fraud. But, as long as you keep up with your transaction history on your statements or through mobile banking account access, take caution to whom you reveal your card information, and immediately contact the credit union should your card become lost, stolen or compromised, you should feel secure.
Carolinas Telco Federal Credit Union (CTFCU) Visa® Credit and Debit Cards are covered by Visa's Zero Liability Policy*.
How it works:
- Shop worry-free, Using your Visa® credit or debit card to make purchases at millions of locations.
- Report suspicious charges immediately to CTFCU upon review of your transactions or monthly statement. Immediately report any unauthorized charges to CTFCU.
- Once you have reported an unauthorized transaction covered by Visa's Zero Liability Policy, we will investigate so you can have the issue corrected quickly.
In the event you experience unauthorized transactions:
Notify CTFCU immediately of any unauthorized use. Replacement funds are provided on a provisional basis and may be withheld, delayed, limited, or rescinded by us based on (but not limited) to the following: Gross negligence or fraud, your delay in reporting unauthorized use to us, investigation and verification of the claim, account standing and history.
The transaction-at-issue must be posted to your account before replacement funds may be issued.
*Information above regarding Visa's Zero Liability is referenced from Visa's website. Does not apply to PIN transactions not processed by Visa®. Coverage may not be provided for gross negligence, fraud or delay in reporting unauthorized use. You must notify Carolinas Telco Federal Credit Union immediately of any unauthorized use.
Lost, Stolen, or Compromised - Visa® Credit Card or Visa® Debit Card
During and after business hours, call 1-800-622-5305
Lost, Stolen, or Compromised - ATM Card
During and after business hours, call 1-800-622-5305
Other Unauthorized Access on Your Account
During and after business hours, call 1-800-622-5305
Multi-Factor Authentication is a security feature that works 24/7 to protect your home banking account, even when you are not online. It helps guard against fraudulent logon attempts like “phishing” (malicious requests for your personal information) and identity theft. A few important things for you to know about MFA:
- Your login IDs and passwords remain the same - this is a security supplement that ensures you have reached the correct site through the use of secret pictures and phrases.
- You are able to register your computers and mobile devices, which allows online banking to recognize you as a legitimate user. You may register more than one device (such as work and home) and multiple users (such as family members in the home) will all be able to access their accounts on the same computer or mobile device.
- After registering your device, you can distinguish our online banking site from a look-a-like. Upon registering for this new security feature, you will receive a personal image and phrase, which will become a shared secret between you and us. When you see the image and phrase displayed on the screen, you can be confident that you are at our online banking site and that it is safe to enter your password. It is important to make sure that you NEVER enter your password without seeing your personal image and phrase.
- If you do not register your computer, such as if it is a public computer, online banking will not be able to recognize the computer so it will automatically ask you a secret question which you will set up when you enroll in MFA. You can also choose, instead of a secret question, to be emailed a one-time, temporary password that will give you access. This does not change your permanent password, it only allows online banking to recognize the user as legitimate.
When you shop online and see the Visa Secure badge on participating merchant sites, this means your online purchases are secured with Visa. Learn more about Visa Secure.
Fight identity theft by monitoring and reviewing your credit report. You may request your free credit report online at www.annualcreditreport.com, by phone or through the mail. Free credit reports requested online are viewable immediately upon authentication of identity. Free credit reports requested by phone or mail will be processed within 15 days of receiving your request.
This central site allows you to request a free credit file disclosure, commonly called a credit report, once every 12 months from each of the nationwide consumer credit reporting companies: Equifax, Experian, and TransUnion.
Get a free copy of your credit report at least once a year from www.annualcreditreport.com
Ready for tax season? If you haven’t heard about tax identity theft, you may not be. Tax identity theft happens when someone files a phony tax return using your personal information—like your Social Security number—to get a tax refund from the IRS. It also can happen when someone uses your Social Security number to get a job or claims your child as a dependent on a tax return. Tax identity theft has been the most common form of identity theft reported to the Federal Trade Commission (FTC) for the past five years. Tax identity thieves get your personal information in a number of ways. For example:
- Someone goes through your trash or steals mail from your home or car
- Imposters send phony emails that look like they’re from the IRS and ask for personal information
- Employees at hospitals, nursing homes, banks, and other businesses steal your information
- Phony or dishonest tax preparers misuse their clients’ information or pass it along to identity thieves.
So what can you do about it? To lessen the chance you’ll be a victim you can:
- File your tax return early in the tax season, if you can, before identity thieves do
- Use a secure internet connection if you file electronically. Don’t use unsecure, publicly available Wi-Fi hotspots at places like coffee shops or a hotel lobby
- Mail your tax return directly from the post office
- Shred copies of your tax return, drafts, or calculation sheets you no longer need
- Respond to all mail from the IRS as soon as possible
- Know the IRS won’t contact you by email, text, or social media. If the IRS needs information, it will first contact you by mail.
- Get recommendations and research a tax preparer thoroughly before you hand over personal information
- If your Social Security number has been compromised, contact the IRS ID Theft Protection Specialized Unit at 1-800-908-4490
- Check your credit report at least once a year for free at annualcreditreport.com to make sure no other accounts have been opened in your name.
What if you are a victim? Tax identity theft victims typically find out about the crime when they get a letter from the IRS saying that more than one tax return was filed in their name, or IRS records show they received wages from an employer they don’t know. If you get a letter like this, don’t panic. Contact the IRS Identity Protection Specialized Unit at 1-800-908-4490. Visit www.IdentityTheft.gov, the federal government’s one-stop resource to help you report and recover from identity theft. You can report identity theft, get step-by-step advice, sample letters, and your FTC Identity Theft Affidavit. These resources will help you fix problems caused by the theft.
Unfortunately, tax identity theft isn’t the only way scammers are targeting taxpayers. The FTC has gotten thousands of complaints about IRS imposters who claim people owe unpaid taxes and will be arrested if they don’t pay up. They may know all or part of your Social Security number, and rig caller ID to make it look like it’s really the IRS calling. Before you can investigate, you’re told to put the money on a prepaid debit card and tell them the number—something no government agency would ask you to do.
If you owe—or think you owe—federal taxes, call the IRS at 1-800-829-1040 or go to www.irs.gov. IRS workers can help you with your payment questions.
The IRS doesn’t ask people to pay with prepaid debit cards or wire transfers, and doesn’t ask for credit card numbers over the phone. When the IRS contacts people about unpaid taxes, they usually do it by postal mail, not by phone. Report IRS imposter scams to the Treasury Inspector General for Tax Administration (TIGTA) online or at 1-800-366-4484, and to the FTC at www.ftc.gov/complaint.
If you receive a contact through Craigslist where a buyer is giving you a cashier's check far exceeding the value, or an email where the sender claims to be stuck in a foreign country, or an unsolicited secret shopper "opportunity" from someone or an entity you do not know, take caution because you may be scammed.
Secret shopper programs are used by many businesses. The big difference between a legitimate offer and one presented by a scam artist is the amount of compensation involved. The sums of money offered by legitimate companies are modest, maybe $10 to $20 for your time. A scam artist purporting to offer a secret shopper opportunity where you can make thousands of dollars is most likely setting you up for fraud.
The fraud typically involves giving you a check for a significant amount, dollars as high as $2,000 to $5,000, and much more than what you should expect for the value of the item or of your time. Be especially cautious if you are promised a cashier's check, that gives the appearance of legitimacy, because most likely the cashier's check is fraudulent. You'll then be pressured to cash the check, or deposit a check through mobile deposit, and immediately withdraw the funds from an ATM. Calls and emails will then demand that a portion of the cash be wired or mailed back to the sender, while you get to "keep the rest for your time and efforts." This is a clear sign of fraud and you are going to lose money.
The checks are most likely counterfeit, drawn off a closed account, or will return as NSF. It may take up to 10 days for checks to return, but when the check does return, your account is going to be debited for the amount of the check. Depending on the funds in your account at that time, it could leave you in the negative and YOU owing the credit union. They may also ask for your online banking credentials, such as Login ID and Password, or want to access your account with your Visa® Check or ATM Card, to pressure you into withdrawing the funds as soon as possible. Never provide this information to unauthorized users.
It may be tempting to think this is a way to make extra money, but the scammers are a step ahead of you. If it sounds too good to be true, it is!
Some merchants have recently announced that their customers who used credit and debit cards there may have had their names, card numbers, expiration dates, and three-digit security codes exposed. Please note the following:
- We receive notification of incidents and work with VISA and others.
- We monitor your debit and credit card activity 24 hours a day, 7 days a week for suspicious transactions and will contact you immediately if we identify a suspect transaction. This is usually done by phone if you have provided the Credit Union with your contact information.
- Each situation is different. In some cases, the credit union, in an abundance of caution, may opt to block and reissue cards even if fraudulent activity has yet to occur. In those cases, if your card(s) are directly affected, you will receive a letter from the credit union with information about your current card's status and the reissue process.
- Visa offers Zero Liability* protection, meaning Visa will cover any fraud on your account as long as you notify the credit union in a timely manner. Neither you nor the credit union is able to always prevent fraud, but take note that should fraud happen, you are protected.*
What can you do?
- Remember that with Zero Liability coverage you're not responsible for unauthorized transactions, so continue to use your card with confidence.
- We encourage you to review your account activity on a regular basis and report any suspicious transactions.
- You don't need to contact us at this time unless you see any fraudulent activity on your account.
If you have any further concerns or questions please Contact us online or call 1-800-622-5305.
*Does not apply to PIN transactions not processed by Visa, which are protected after the first $50. Coverage may not be provided for gross negligence/fraud or delay in reporting unauthorized use. You must notify your credit union immediately of any unauthorized use.
Criminal groups across the country are taking advantage of the requirements in the Fair Credit Reporting Act (FCRA) by using credit repair services to dispute derogatory credit report item(s). The "companies" recruit individuals to use credit repair services to dispute derogatory credit report items and assists the individuals in applying for credit union membership under their real identities.
After joining the credit union or bank, the individuals applied for loans and credit cards during the dispute investigation period knowing the credit score would be temporarily inflated. The individuals sometimes also misrepresent their employment and income information. Upon approval of the loans, the individuals run the cards to the credit limit or maximize any funds they can gain access to, then are required to share proceeds with the credit repair "company."
If you see a sign on the side of the road advertising credit repair, it is likely involving fraud, so don't fall victim to these scams.
However, if you are a true victim of fraud, the Fair Credit Report Act is there to help you. Consumers have the right to dispute items contained in their credit report under the FCRA. The person receiving the dispute (e.g., the furnisher of the disputed data or a consumer reporting agency) is required to conduct an investigation relating to the dispute. The investigation must be completed within 30 days of receiving the dispute but may be extended an additional 15 days if the consumer provides information to the credit reporting agency that is relevant to the investigation. Upon completing the investigation (up to 45 days from the date of the dispute), the credit reporting agency must make any necessary adjustments to the disputed item.
The National Credit Union Administration warned consumers to beware of a new telephone fraud, known as a "vishing” scheme, that is using the agency’s name in an attempt to obtain personal financial information.
Individuals have been contacted by an automated phone call claiming to be from NCUA and notifying consumers their debit cards have been compromised. The call then asks the receiver to follow prompts, which request personal information, including sensitive financial data and personal identification information.
Anyone contacted by this so-called "vishing” scheme should immediately contact NCUA’s Consumer Assistance Center Hotline at 1-800-755-1030 or by email at email@example.com to report the scam. Operators answer calls Monday through Friday between 8 a.m. - 5 p.m. EST.
Posing as legitimate businesses, such as a financial institution, credit card company, Internet service provider or retailer, criminals send official-looking email or set up Web sites to trick you into providing your personal or financial information. This illegal activity is called "phishing." Beware of any email urgently asking you for:
- Account numbers
- Credit card account numbers
- Checking account information
- Account passwords
- Social Security number
Take special caution if the email warns of impending issues, such as a threat that if you do not respond, your account will be closed. If you receive an email that appears to be from any financial institution or association or government entity asking for your account information, it is fraudulent. Do not reply to the email or click on any links within the email, and delete immediately. A sample email may appear like this:
Account Info Verification
Dear FCU holder account,
As part of our security measures, we regularly screen activity in the Federal Credit Union (FCU) network. We recently noticed the following issue on your account: A recent review of your account determined that we require some additional information from you in order to provide you with secure service. Case ID Number: PP-065-617-349. For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. Please log in to your FCU account to restore your access as soon as possible.
You must click the link below and fill in the form on the following page to complete the verification process.
In accordance with NCUA User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your FCU account as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
Sincerely, NCUA Account Review Department
Please do not reply to this email. Mail sent to this address cannot be answered.
Email and telemarketing scams take on many forms, attempting to defraud you to steal money and account information. Some warnings to be aware of:
- If it is too good to be true ... be careful. Never respond to someone who asks you to share in lottery winnings, a rich inheritance, or who makes other outlandish promises.
- If there is pressure in the phone call or email, that you "must act now", be careful. Do not make a decision or commitment when you are not familiar with the company.
- Never send advance money in the hopes to win a prize. Some perpetrators may ask you to pay for the shipping & handling, taxes, or a finder's fee, in advance, but this is illegal.
- The FBI is warning the public about ongoing schemes involving jury service and tax preparation so be wary.
- Ignore any correspondence that seems to be from Nigeria, or other foreign countries. They often promise the opportunity to share in millions of dollars that the author, a self-proclaimed government official, is trying to transfer illegally out of their country. The recipient is encouraged to send bank information. Payment of taxes, bribes to government officials, and legal fees are often described with the promise that all expenses will be reimbursed. These funds do not exist, but leaves the consumer with a loss.
What should I do if I think I may be a victim of identity theft? Here are tips from Annual Credit Report.
You should place an initial fraud alert on your file as soon as you suspect you might be a victim of identity theft. You can do this online at the three credit reporting companies:
- Equifax - www.equifax.com/CreditReportAssistance
- Experian - www.experian.com/fraud
- TransUnion - www.transunion.com/fraud
Here are some other steps you can take:
- Contact the security or fraud departments of each company where an account was opened or charged without your knowledge.
- Follow up in writing, with copies of supporting documents.
- Keep copies of documents and records of your conversations about the theft
- Use the ID Theft Affidavit to support your written statement.
- Ask for verification that the disputed account has been dealt with and the fraudulent debts discharged.
- File a report with law enforcement officials to help you correct your credit report and deal with creditors who may want proof of the crime.
- Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
- Report theft to the Consumer Finance Protection Bureau by submitting a complaint. Your complaint helps law enforcement officials across the country in their investigations. To find out more, visit the CFPB's website at https://www.consumerfinance.gov/complaint.
When someone pretends to be you, it’s called Identity Theft. Armed with personal data, identity thieves can take over your existing accounts, open new ones, and obtain credit cards, a driver’s license, loans and more. Here are ways to help keep your personal information safe and secure online:
- Install anti-virus software, spyware-detection software, and a firewall, on your computer.
- Keep your computer and browser updated and download patches only from official vendors’ web sites.
- Do not offer your personal information unless you have initiated the contact and confirmed the recipient’s identity. Carolinas Telco Federal Credit Union will not initiate contact to ask for personal information such as online credentials, account numbers, or card numbers through email, voice, or text messaging.
- Delete emails from unknown senders with nonsensical information or typos in the subject lines. If you receive unsolicited email offers or spam, you can forward the messages to the Federal Trade Commission at firstname.lastname@example.org.
- Type URLs, don’t click. If opening a suspicious email, don’t click on any links. These links could be redirecting you to a fake page designed to trick you into entering your information.
- Look beyond the logo. Scammers often include actual logos and images they have stolen from official web sites.
- Logoff from sites when you are done instead of just closing the page.
- Protect your information when shopping online. Make sure there is an “s” (for secure) after the http in the web address (i.e., https). If the site participates in Verified By Visa®, be sure to enter your secure credentials. Lastly, if you’re not familiar with the company, try to confirm a physical address, or research the company online to make sure they’re reputable.
- Review your statements and/or monitor your account activity regularly through Online Banking or Telco Teller and verify that the account information and transaction summary is correct. If anything seems suspicious, unusual, or you find unauthorized transactions, report it to the credit union immediately at 1-800-622-5305.
Planning to travel soon? Contact us at 1-800-622-5305 so we can notate your account for use of your Visa® Debit, Visa Credit, and ATM Cards. This is not just for international travel, as visiting other states may trigger an alert on your card as unlikely activity, so be safe and call us at 1-800-622-5305.
To fight fraud, there are security systems on the Visa and ATM networks which help institutions like Carolinas Telco Federal Credit Union discover and prevent fraud. Unfortunately, that means sometimes blocking certain types of merchants or even blocking all transactions in a specific location. This is typically done as a last resort when institutions become aware of a high probability of fraudulent cards and transactions occurring on certain merchants or in certain geographic areas. To fight fraud, and the losses that come with it, some transactions may be blocked based on the location of the merchant, even if it is a valid transaction. Even more unfortunate, it used to be only certain countries, but now, some states within the U.S. have a high propensity of fraud. So, should you attempt to use your Visa® Credit Card or Visa Check Card, but a transaction is blocked, call us and let us sort out any issues to see if we can help. Many times, if you contact the credit union, we are able to assist you by making an adjustment on our systems to allow your card to be used while you travel to certain areas.
Using your card while traveling can occasionally create false alarms with our fraud monitoring service. In order to minimize any inconvenience this may cause, please contact us prior to departure. Calling our Cards Department at 1-800-622-5305, in advance, may allow us to place a travel advisory notice on your account, which will typically allow your card to be used without issue. However, in some countries, access through the Visa network may not be allowed at all. And it is not just in the third-world or in countries in distress - in Spain, there is currently a high volume of card fraud occurring which may prevent you from using your card for a legitimate transaction. When you contact us in advance of travel, we may suggest you consider cash and traveler’s checks if your cards won’t work.
Please know that this is not an issue with the credit union or our systems, or even the Visa network. This is just a case of criminals out there who are able to attempt to process fraudulent transactions, and the best way to block those transactions is to block certain merchants or geographic areas. It becomes a minor inconvenience when you are attempting a legitimate transaction, but it does reduce potential fraud losses facing the credit union and you as a member. We constantly work with Visa and our processors to stay abreast of trends to protect our members and the credit union.
There are times an email is sent to you that is legitimate. If you have sent an email to Carolinas Telco Federal Credit Union (CTFCU) either through our online Contact Us form, or by a direct email to an employee, the email address of the sender will be from email@example.com. Depending on the type of email, you may be prompted to enter or create a password to read our response to you.
Our E-Statement notifications are sent by CTFCU from the email address firstname.lastname@example.org. This email provides instruction that your E-Statement is available, but it does not include a copy of your actual statement or ask for personal information.
Another type of email you may receive is a verification email if you have changed your password or an email to authenticate your identity through our MFA system, which will also come from email@example.com. If you do not register your computer, you can choose, instead of a secret question, to be emailed a one-time, temporary Password that will give you access. This does not change your permanent password, it only allows Online Banking to recognize the user as legitimate. An important thing to remember is that this email is only sent if you have requested the email option, so it should come at a time that you are expecting it. An easier way to enter Online Banking, if it doesn't recognize you and your computer, is by answering your secret questions, which will give you immediate access. At this step, you can also register the computer so that it will recognize you in the future.
When you create your own password, take some precaution to select one that is hard to identify. Do not use your last name followed by a number, as that might be the most obvious Password for a perpetrator to guess. Try these suggestions:
- Use “strong” passwords and NEVER share it with anyone. If you write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.
- Don't use obvious phrases, such as password1
- Use phrases that no one would recognize, such as last name of your favorite teacher followed by year of graduation
- To be creative, don't use words, but combinations of letters
- Think of your favorite song lyric, and use the first letter of each word. For example, oscysbtdel1776 ... which is from Oh say can you see, by the dawn's early light."
Here are some important safety reminders when conducting transactions at an ATM.
- Be cautious when you approach an ATM and be aware of your surroundings and others around you
- Make sure the ATM and area around it is well-lit
- If you are at a drive-up ATM, keep your vehicle running
- If you ask for a receipt, keep it so that you can shred it later. Do not dispose of your ATM receipt in a trash receptacle.
An email chain letter making the rounds on the Internet is a "PIN Reversal" technique, a concept based upon the possibility that a cardholder could remember (and reverse) his or her PIN at an ATM to draw attention to a dangerous situation like a kidnapping or a robbery. This does not work, so do not attempt. Financial institutions within the United States have not deployed this technique, despite several well circulated email chain letters that have misstated this fact.