Security & Identity Theft
Your MCU Accounts Are Protected.
At MCU, we employ the highest standards of security to ensure the protection of your account information against Identity Theft and Fraud. We utilize advanced networking security technologies to protect our computer systems. Whenever personal information is requested or displayed on our website, we use 128-bit Secure Socket Layer (SSL) technology to encrypt your personal information so that it is scrambled when it is transmitted over the internet and then decoded once it reaches your browser. You can confirm that your session is secure by looking for a small lock symbol in the lower corner of your web browser. You can also look for the letters https:// at the beginning of the URL in your web browser. The letter "s" in https means that the connection is secure.
NYMCU Online Banking (including MCU BillPay and eStatements)
To access your account online, you must enroll in NYMCU Online Banking. Your online banking session will end or automatically "time-out" after inactivity. A browser that supports 128-bit encryption is required to use MCU Online Banking.
Password Strength: A strong, hard-to-guess password that is easy to remember and updated on a regular basis is one of the top defenses against banking and identity fraud. When you create a password in NYMCU Online Banking, the system will rate its strength to make sure you have the best protection against unauthorized access.
As of June 15, 2022, Microsoft no longer supports the Internet Explorer browser. If you are still using IE, we strongly recommend that you download the Microsoft Edge browser [link to: Microsoft Edge]
Online Loan Applications
Loan applications submitted through the MCU website are secure and encrypted. Applicant information is protected by multi-level data security. You can apply online with confidence that your information is secure and protected.
What You Can Do to Keep Your Information and Identity Safe.
Stay Alert for Fraud:
MCU will never contact you by email, text message or telephone to ask you to update or verify your account information. During the online banking login process, we will never ask you to further verify your login by inputting credit card or account information. Do not respond to unsolicited text messages, email messages or telephone calls that ask for any account information or other private information. If you think your accounts have been compromised, report it by calling the Contact Center at 1-844-MCU-NYNY (1-844-628-6969).
Protect Your Identity:
It's important to protect your personal information in order to help reduce your risk of identity theft.
Learn more about Identity Theft and how to avoid it.
Do Your Part:
You play an important role in helping us protect your information and to keep your money safe. Never share your ATM PIN, online banking username, password or account information with anyone.
Notify MCU When You Travel:
When planning a trip, inform MCU of your plans if you are going to be using your MCU ATM/Debit card or Visa credit card on the trip. Changes in your spending habits or patterns can trigger a security alert within our fraud detection system. This is especially true if you are traveling outside the state or the country. For your protection, most foreign countries are blocked. If potential fraud is detected, your card may be temporarily suspended, blocking it from further transactions until the questionable charge can be verified. Additionally, if you are out of town, contacting you to verify the charge may be difficult and you may be inconvenienced if you are unable to use your card.
You can notify us of your travel plans through any of the methods below. You will need to give us your place of travel and your departure and return dates.
- Online Banking:
Login to NYMCU Online Banking, click on the "More" widget, then click "Message Center". You'll be able to send us a secure message detailing the information about your trip.
Call the Contact Center at 844-MCU-NYNY (1-844-628-6969)
- In Person:
Visit your nearest branch and speak with a Member Service Representative.
Set Up Account Alerts:
An easy way to monitor your MCU account for suspicious activity is to enroll in Account Alerts through NYMCU Online Banking. These email or text message notifications will be sent to your email or cell phone when certain activity occurs within your account.
Fraud Alerts and Tips:
FRAUD ALERT! Understanding Spoofing Scams (NEW)
Spoofing is a type of fraud where a scammer contacts a person through phone, email, text or fax and pretends to be from a trusted source. The phone number, email address or website URL the scammer is using is disguised to look like an official communication from the organization they are pretending to be representing. The scammer is trying to get the recipient to provide them with confidential data like passwords, account information, social security numbers, etc.
We want to remind our members that they should never give out their personal or banking information in response to an unsolicited email, phone call, text message or fax, even if the sender or caller identifies themselves as being from a trusted source, like your credit union. Municipal Credit Union will never contact you by email, telephone, text message or fax and ask you to provide confidential personal information.
Here are some tips to help you protect yourself from this type of scam:
- Remember that companies generally don’t contact you to ask for your username and password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
The safety and security of your accounts is very important to us. We are providing you with this information to help you better protect yourself from today's cyber threats. If you have any questions, please don't hesitate to call us at 1-844-MCU-NYNY (1-844-628-6969).
Understanding Phishing Scams
Municipal Credit Union is dedicated to protecting our members from fraudulent activity as much as possible. Part of this commitment, in addition to the work of our Security and Fraud Department, is to keep our members up to date on the various “scams” that may impact our members. One of the more prevalent scams that occurs is “Phishing” scams, and we would like to remind you about what Phishing scams are and how you can prevent yourself from becoming a victim.
A Phishing Scam is an attempt to obtain your personal information (bank account information, usernames, passwords, credit card details, etc.) by disguising as a trustworthy source in an electronic communication. There are various types of Phishing Scams out there, many of which play off the generosity and kind-heartedness of the targets. These scams are typically emails or pop-ups that pretend to come from charity organizations, telling you to click on a link and help aid the poor or under-privileged. A recent example of this is a fake email asking readers to make donations for victims of Ebola. Other popular phishing scams are communications made to look like a reputable financial institution asking individuals to update or verify their personal and account information.
If you receive an email, text, or pop-up that looks like one of the examples above, and you do not know the source or how it appeared, do not click on any links. The links will take you to a personal site that can take your information from your computer. Also, remember that financial institutions, like MCU, will never contact you and ask you for your account and personal information. Do not give personal or account information via email or over the phone unless you are certain the information is being shared securely, or if you contacted MCU directly by calling our contact center (1-844-MCU-NYNY (1-844-628-6969).
Here are some other helpful tips to avoid becoming a victim of a Phishing Scam:
- Do not follow unsolicited web links or attachments in email messages
- Make sure your antivirus software is up-to-date
- Refer to the Using Caution with Email Attachments Cyber Security Tip for information on safely handling email attachments.
- Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for information on social engineering attacks.
- Contact your financial institution immediately if you feel that you have received a fraudulent email, phone, or text communication
Mobile Banking Security
Add a Password to Your Phone.
To prevent unauthorized access to your phone, set a password or Personal Identification Number (PIN). To set a PIN or password, go to your device settings. It is a good practice to change your password every 90 days.
Keep your Mobile Device Up-to-Date.
Your phone's operating system software should be kept up-to-date by enabling automatic updates or accepting updates when prompted from your service provider, operating system provider, device manufacturer, or application provider. By keeping your operating system current, you reduce the risk of exposure to cyber threats.
When you are finished at a website you are logged in to, log out instead of just closing the page. As an added security precaution, NYMCU Mobile Banking will time out after 20 minutes of inactivity.
Understand App Permissions Before Accepting Them.
You should be cautious about granting applications access to personal information on your phone or otherwise letting an application have access to perform functions on your phone.
Report a Stolen Smartphone.
The major wireless service providers, in coordination with the FCC, have established a stolen phone database. If your phone is stolen, you should report the theft to your local law enforcement authorities and then register the stolen phone with your wireless provider.
Avoid Hot Spots.
Accessing WI-FI networks that are open to the public can make your phone an easy target of cybercriminals. You should limit your use of public hotspots at locations like coffee shops or airports. Instead, use protected WI-FI from a network operator you trust or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be cautious if you are asked to enter account or login information.
Enroll in Touch ID or FingerPrint Login.
Touch ID and FingerPrint Login allow users to login with the touch of their finger.
Download Applications from Reputable Sources.
Ensure an app is legitimate before downloading it. You can check the legitimacy of an app by checking reviews, confirming the legitimacy of the app store, and comparing the app store's official website with the app store link. Apps from untrusted sources may contain malware that, once installed, can steal information, install viruses and cause harm to your phone's contents.
Reset before You Resell or Recycle.
Your smartphone contains personal data you want to keep private when you dispose of your old phone. To protect your privacy, completely erase data off your phone and reset the phone to its initial factory settings.