About

Not a member? Join Today!

Security

Commitment to Security of Online Services

DCECU is committed to protecting the data and finances you have entrusted to us in all formats, including our online services (website, Online and Mobile Banking). This commitment requires hardware and software maintenance, upgrades, and enhancements.

Your participation and cooperation is critical to our success, which may include future technology and/or system upgrades to the hardware and/or software that you utilize for the best user experience. DCECU’s recommended standard is to update all operating systems, anti-virus software and browsers on devices (desktop, laptop, mobile phone, tablet, etc.) that are supported by the manufacturer to ensure that you are protected by the current levels of security offered.

DCECU is committed to providing access to our online services when using devices that meet these recommended standards. Devices that are no longer supported or updated do not receive critical security updates. This may limit access or functionality and could result in the compromise of your information or finances. We believe that this stance provides our members reasonable opportunity to make updates or upgrades to their devices to ensure security of their information. Both DCECU and our members will need to remain flexible to ensure we are all working together to protect the ongoing security and privacy of our shared information. We appreciate your cooperation and trust that you value our strong security posture.

How DCECU Protects You

  • Privacy Statement
  • ATM and VISA Debit/Credit Card Fraud Protection
  • Secure email encryption
  • Online Banking Multifactor Authentication (MFA) Security questions that provide verification of your identity.
  • Online Banking Password Requirements Reduces the likelihood of someone guessing your password.
  • Online Banking Security Phrase & Picture Allows you to identify a “spoofed” site / phishing attempt.

How to Protect Yourself

While we have many security measures in place, the security of your account and your private information begins with you.

Fraud Monitoring

We recommend that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit reports. You may obtain a free copy of your credit report from each company listed below once every 12 months by requesting your report online at annualcreditreport.com, calling toll-free 1-877-322-8228, or mailing an Annual Credit Report Request Form to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.

You may also purchase a copy of your credit report by contacting any of the credit reporting agencies below:

Equifax
PO Box 740241
Atlanta, GA 30374
equifax.com
888-766-0008

Experian
PO Box 9554
Allen, TX 75013
experian.com
888-397-3742

TransUnion
PO Box 2000
Chester, PA 19016
transunion.com
800-680-7289

If you believe you are the victim of identity theft, visit identitytheft.gov to file a report and get a recovery plan.

Physical Protection Against Fraud and Identity Theft

  • DO NOT give personal information on the phone, through mail, or over the Internet unless self-initiated. This includes credit card numbers, financial information, or social security number.
  • Safeguard all identification, credit cards or other documents (including account statements) containing personal or financial information.
  • Regularly examine your financial statements and report discrepancies immediately to your financial institution and/or law enforcement if applicable.
  • Do not carry more identification (driver’s license, social security card, passport, etc.,) credit or debit cards than you will use.
  • Shred or otherwise properly dispose of documents that contain your personal information.

Secure Computing

Public Computers

Please be aware of the inherent security risks involved when using a public or shared computer, particularly in regards to your usage of Online Banking. Given that a public computer can be accessed by anyone, malicious or negligent activities performed on the computer before or after your use could compromise your privacy. Some risks include: Keyloggers that record usernames and passwords, or viruses that send private user data to a third party. Because of this, it is highly recommended to only use a private computer for account access through Online Banking.

Supported Browsers

DCECU supports the following browsers for our online services:

As of December 11, 2017, out-of-date browsers are unable to access Online Banking & dcecu.org

In order to protect your financial data online, we have disabled TLS 1.0 within Online Banking and our main website. As a result, old browsers – or browsers that do not have TLS 1.1 or higher enabled – are unable to access our site.

Please make sure you are using a browser that supports TLS 1.1 or higher.

Best Practices for Online Banking

Below are a few best practices for secure computing in order to help safeguard your personal information, particularly if should you find yourself in a situation where you must use a shared device.

Before Signing in to Online Banking
  • Make sure your browser, operating system, and anti-virus software is kept up-to-date with the latest security patches.
  • Do not use the computer if there are signs of a breach:
    • The browser warns that the dcecu.org security certificate is not trusted.
    • The computer’s performance has decreased and it is running slower.
    • The computer starts up differently.
    • Programs install themselves without your prompting.
    • The computer stops responding or frequently stops and re-starts.
    • Anti-virus software has been deactivated without your knowledge.
  • Avoid sending sensitive information, such as account numbers, through UNSECURED email.
  • Read email only from senders that you know.
  • Do not open suspicious email attachments.
  • Make sure www.dcecu.org is secure by looking for https:// or the closed padlock or unbroken key icon in the bottom right corner of your browser.
  • Use the computer’s on-screen keyboard for typing in your sign in credentials to protect against keyloggers.
  • Do not select “Save Username and Password” if prompted by the browser.
  • Make sure that your multifactor image and phrase are correct.
After using Online Banking:
  • Remember to logout of Online Banking.
  • Clear your browser cookies and cache.
  • Close the web browser

Best Practices for Mobile Banking

Using your mobile device to check the balances of your accounts or to process a simple transaction is convenient and can save you time, but how do you make sure it is also secure?

Ways to protect your information while using your mobile device:
  • Password-protect your mobile device.
  • Store your mobile device in a safe place.
  • Treat your mobile device with the same level of care as you would a credit card. If it is lost or stolen and you have not protected it adequately, you may be at risk.
  • Do not send confidential information in email or text messages (e.g., account numbers). It is important to understand that text messages are not encrypted the same way your mobile device information is. If someone gains access to your device, they may be able to view any text messages sent or received that have not yet been deleted.
  • Delete messages that contain account information, including account balances, and any alerts you receive on a regular basis.
  • Only download files (photos, ring tones, video clips, etc.) from trusted sources.
  • Follow the same rules you use on your computer with respect to opening email and attachments.

VISA® Card Safety

While DCECU has a variety of mechanisms in place to protect members, there are some steps you can take to help protect yourself as well. Some may seem like common sense, but it’s important to keep them in mind.

General tips on card safety

  • If your card is ever lost or stolen, report it immediately
  • Don’t leave your card anywhere it could be easily taken (this includes the glove compartment of your car)
  • Make sure you memorize your PIN
  • Shred documents that contain any personal or financial information before you dispose of them
  • Before shopping online, ensure your computer has up-to-date anti-virus and spyware software installed
  • Check your statements for unauthorized transactions

Identifying Fraudulent Communications

What is “Phishing”?

Phishing is the method of tricking people into providing their social security numbers, credit card numbers, mother’s maiden name and other personal information. It is becoming apparent that the volume of phishing attempts through email is on the rise. “Phishers” often pretend to be someone else, such as a financial institution, retailer, government agency or other organization. This may include altering the “from” address of a message to make it appear to originate from a legitimate source.

There are a variety of methods that hackers may use in order to gain one’s confidence. For example, a member may receive an email claiming that there is a problem with their account or that their account will be closed unless they provide specific information. The most recent fraudulent attempts include emails claiming that a recent bill payment or ACH transaction was rejected. The sender may ask to verify an address, account number or password. A phishing email could also include an attachment containing a virus to steal sensitive information. Additionally, an emailed website link could be embedded that will lead to a fake site designed to look like a legitimate site, in an attempt to obtain sensitive information.

Always know that DCECU will never ask you to provide your account information in this manner. Furthermore, DCECU emails will never:

  • Include unsolicited attachments
  • Request account-specific information (account numbers, usernames, passwords, card numbers, etc.)
  • Include links directing you to an Online Banking sign in page

If an email includes any of the above, then it is most likely a phishing attempt. If you have any concerns that an email may be a phishing attempt, Online Banking (via www.dcecu.org) can always be used to verify account balances, transaction history, and other related information. If you believe that you may have fallen victim to a phishing attack, or still have any questions, please contact the Credit Union.

Examples of Phishing

1) One common example of a phishing scam uses false alerts to trick the user with a fake sign in page:

From: billcenter <billcenter@dcecu.org>
To: marysue2003@yahoo.com; marysue2004@yahoo.com; marysue2005@yahoo.com; marysue2006@yahoo.com; marysue2007@yahoo.com; marysue2008@yahoo.com; marysue2009@yahoo.com; marysue2010@yahoo.com; marysue2011@yahoo.com;
Sent: Tuesday, October 7, 2011 11:43 PM
Subject: Important Notice from DCECU Billing Center

Dear Dow Chemical Employee’s Bank customer,
PLEASE LOGON AND FOLLOW THE STEPS LISTED AT THE FOLLOWING PAGE: http://www.dcecu.fx5q3zb44vpmc6cbt.com

Thank you,
Chemicale Employee’s Bank

2) A phishing example that targets common banking services:

From: NACHA <ach@nacha.org>
To: johndoe2001@yahoo.com; johndoe2002@yahoo.com; johndoe2003@yahoo.com; johndoe2004@yahoo.com; johndoe2005@yahoo.com; johndoe2006@yahoo.com; johndoe2007@yahoo.com; johndoe2008@yahoo.com; johndoe2009@yahoo.com; johndoe2010@yahoo.com; johndoe2011@yahoo.com; johndoe2012@yahoo.com; johndoe2013@yahoo.com; johndoe2014@yahoo.com; johndoe2015@yahoo.com; johndoe2016@yahoo.com; johndoe2017@yahoo.com;
Sent: Tuesday, September 6, 2011 1:43 AM
Subject: ACH Transfer Review

Dear Client

ACH transfer (ID:620734) is going to be reviewed because of the incorcrectly input data when sending the payment.

Important:
Please,i fill ign the application form attached attentively and send it to us.i
After that your transfer will be processed.

If you have any qukestions or comments, contact us at info@nacha.org.
Thank you for using NACHA

Cathy McNickle
<<app_form.zip>>

These emails should raise many red flags that indicate a phishing attempt:
  • (1&2) Multiple, similar email addresses: Why would a specific alert be sent to more than one person, let alone people with the similar email addresses?
  • (1&2) “Dear Client/Customer”: We will always address you by name or as “member.”
  • (1&2) Many grammar and spelling mistakes: English is rarely the phishers’ primary language.
  • (1) Target URL: Consider that dcecu is just part of the site’s real domain name, which would be fx5q3zb44vpmc6cbt.com.
  • (1) Is this email address even on file with DCECU? While phishers may spoof a from address in order to make the email appear legitimate, they often don’t even bother.
  • (2) Zip attachment: Often used to (poorly) hide viruses. Only open attachments from trusted sources and always scan any attachments with anti-virus software before opening.

Remember: Not all phishing emails are created equal. Some phishing attempts may raise very few red flags. For example, we are Dow Chemical Employees’ Credit Union, not Dow Chemical Employee’s Credit Union. If you are ever concerned about the legitimacy of a DCECU communication, please contact us.

What is “Vishing”?

Vishing Scams Use Phones Instead of Fake Websites In a new twist, identity thieves are sending spam that warns victims that their credit union/bank account or PayPal accounts were supposedly compromised. However, unlike typical phishing emails, there is no website address in these phishing messages. Instead, the victim is urged to call a phone number to verify account details.

The automated voice message says: “Welcome to account verification. Please type your 16-digit card number.” The goal is to get the victim to enter their credit card number. In these reported scams, no mention of the credit union, bank or PayPal is made.

Security experts tracking this scam and other instances of “vishing”, short for “voice phishing”, maintain that these frauds are particularly despicable because they imitate the legitimate ways people interact with financial institutions. In fact, some vishing attacks do not begin with an email. Some come as calls out of the blue, in which the caller already knows the recipient’s credit card number. This increases the perception of legitimacy and the caller only asks for the valuable three-digit security code on the back of the card. Vishing appears to be prospering with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous Internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.

How to prevent loss:
  • Never call a number you receive from a spam email, and certainly do not enter in any private information if you make a mistake and do call. If you want to call your financial institution, use the normal phone number you regularly use, not the phone number you get in an email.
  • Remember that your credit union will NEVER solicit personal/private information via email.
  • Never click on the link provided in an email you believe is fraudulent.
  • Do not open suspicious email attachments.
  • Do not be intimidated by an email or caller who suggests dire consequences if you do not immediately provide or verify information.
  • Secure your computer against viruses, spyware, and malware and update these regularly.

If you are a victim of a phishing or vishing attempt, feel free to contact us. You may also wish to take appropriate steps to protect yourself by canceling your compromised credit/debit cards, reporting the incident to the credit bureaus, or by ordering a copy of your credit report from any or all of the following:

Equifax 800.525.6285
Experian 888.397.3742
TransUnion 800.680.7289
Innovis 800.540.2505