Anti-Virus Software. Be sure to install anti-virus, anti-spyware, malware, and adware detection software from a reputable vendor on to your computer and keep it up to date. You may need to have a professional scan and repair your computer for viruses, malware, and Trojans if your computer has been infected.

Computer Updates. Make sure the computer you are using has the most current updates and patches released by Microsoft, Java, and Adobe. Most of the updates are security patches for browsers such as Internet Explorer, Mozilla Firefox, and other software that could potentially expose the computer to hacking.

Secure Site. Make sure your banking site (URL) starts with https:// and not http://. The “s” indicates a secure transaction using a different method of communication than standard Internet traffic. A security icon that looks like a closed padlock or key appears when the site is authenticated.

Do Not Use Links.  Never use a link to reach a financial institution’s website. Type in your bank’s website address into the Internet browser’s address bar every time.

Public Computer. Never access your financial institution’s website from a public computer at a hotel, library, airport, or public wireless access point.

Website Familiarity. Know what your financial institution’s website looks like and which questions are asked to verify your identity. Some attacks, known as man-in-the-middle attacks, will change the login page. A user can sometimes spot these attacks by noticing slight modifications to the bank’s standard page, such as extra security questions, poor grammar, misspellings, a fuzzy or older bank logo, or a change to the location of each feature. A typical malware behavior will also ask a user to enter their user ID, password, and security information three or four times and will then post a message that the site is down for maintenance or servicing. Online Banking sites will not be down for maintenance during normal business hours. If the site is down for any reason, you will see that message in advance and the log in screen will not be accessible.

Suspicious E-Mails.  Be extremely suspicious of e-mails purporting to be from your financial institution, a government agency, or any suspicious e-mails from unknown sources. Financial institutions should never contact you via e-mail to request you to verify information. If you believe the contact may be legitimate, do NOT use the link provided in the e-mail; instead, type the website address of your financial institution into your Internet browser’s address bar or contact your financial institution at a phone number you know is valid.

Online Purchase Transactions. Avoid using debit cards for online transactions, as this provides direct access to your bank account. If you use a credit card to shop online, use only one credit card with a low credit limit. Monitor the activity on the card as often as possible.

Log Off Properly.  Properly log out of all financial institution websites before closing the browser window.

Shut Off Computer.  Always lock or shut off your computer when you leave it unattended. Set your computer to automatically lock after a set period of inactivity (i.e. 15 minutes).

Passwords. Use strong passwords (at least 10 characters combining uppercase and lowercase letters, numbers, and symbols) and change them frequently. Do not allow your computer to save your login names or passwords and keep them confidential. Do not use your login or password for your financial institution on any other website or software. Superior Credit Union will never request login user names, passwords, or answers to security questions from our clients on an unsolicited basis under any circumstances.

Use a Different Computer. Do not use the same computer for financial transactions that children or non-savvy Internet users utilize for regular Internet access.

Posting Personal Information. Do not post your personal information on the Internet. Your high school, maiden name, date of birth, first car, first school, youngest sibling’s name, mother’s full name, father’s full name, etc. are the answers to many security questions on financial websites. When you post this information, you are making it easier for criminals to gain access to your financial information. In addition, never send confidential information, such as your account number, Social Security number, etc., in an Internet e-mail or over an unsecure website.

Alerts. Check with your financial institution about enabling “Alerts” and other security measures that may be available. Superior Credit Union does have Online Banking alerts for such areas as minimum balance, maximum balance, transfers, deposits completed, checks completed, and CD maturity.

Report Suspicious Activity. Regularly log in to your online accounts and check your bank and credit card statements to ensure transactions are legitimate. Immediately report any suspicious activity on your account(s). There is a limited recovery window and a rapid response may prevent additional losses.

Security & Fraud Education. Sign up for Superior Credit Union’s Fraud Prevention eAlerts. Once you are enrolled in Superior Credit Union’s eStatements service, signing up for eAlerts is an easy way to receive information about ways you can protect yourself from fraud.

(We are currently updating our Account Disclosure)

Best Security Practices for Mobile Banking Use

Important: If you have not signed up for Scu@Home Online Banking, you must do that from a PC before you can access Mobile Banking.

Phone Security:

• You should Lock your mobile phone with a password so that it is not easily accessed.
• Do not leave your mobile phone unattended where others can use it.
• Do not save your Scu@Home Username, Password or account information on your phone.
• If you should lose your mobile phone, contact your cell carrier immediately and have your phone disabled. Also, login to
  Home Banking using a PC and change your password.
• Superior Credit Union will never send an email or text message requesting your Username or Password. If you get such a request, be sure to check your mobile phone for malware or other viruses.
• If you purchased a used or refurbished mobile phone, check it for pre-loaded malware or viruses that can be used to steal your data.
• Confirm that your Bluetooth technology is set to a high security mode so that you must approve any connections or downloads before they are made.
• Always disable your phone’s Bluetooth function when it is not in use.
• Make sure you are using a secure internet browser and connection while connected to Mobile Banking.
• Regularly run anti-virus and anti-spyware programs on your smartphone, just as you would on your PC.

Access Security:

• Do not share your Scu@Home Username and Password. If you allow others to use your Username and Password, you are responsible for any transactions that occur.
• If you click the option to “Remember this phone”, this could disable the one-time pass code (via voice call, text, or email) at login but this action also reduces the level of access security. We do not recommend clicking this option.
• If you have clicked “Remember this phone” and would like to reverse this option, click on the “Remove extra security from this phone” link on the Accounts tab. This will remove the security cookie and cause you to get a one-time passcode by voice call, text, or email each time you log into your account (which enhances your account security).  We recommend that you click this option.
• You may be required to get a one-time pass code via voice call, text, or email each time at login if you clear cookies or remove the battery from your phone. 
• Close out of Mobile Banking when you are finished with your session. For added security, Mobile Banking will automatically log you out after 5 minutes.

Security & Fraud Education:

• Sign up for Superior Credit Union’s Fraud Prevention eAlerts. Once you are enrolled in Superior Credit Union’s eStatements service, signing up for eAlerts is an easy way to receive information about ways you can protect yourself from fraud.

 Best Practices for Mobile Devices

Mobile devices have the potential to store large amounts of private user information as well as sensitive data, including personal account information, website login IDs and passwords, email, and location information. Consequently, mobile device malware is on the rise.

The Federal Communications Commission (FCC) recommended the following steps to reduce your exposure to mobile threats:

• Set PINs and Passwords—The first line of defense is setting a password or PIN to access your device, then configure it to lock after being idle for two minutes or less. Also, devices that support SIM cards should use the SIM password capability.
• Do Not Modify Built-In Security Features—Jailbreaking, rooting or tampering with your device’s factory settings increases the risk of compromise.
• Back up and Secure Data—Frequently back up your device’s stored data to enable its recovery if your device were lost, stolen or erased.
• Only Install Apps from Trusted Sources—Research apps prior to installing them to ensure they are legitimate. You can do this by checking reviews and the app store, and comparing the app developer’s official website to confirm they are consistent.
• Understand App Permissions Before Accepting—Think twice before granting an app access to data or functions on your device. Also, always check the privacy settings for each app prior to installation.
• Install Security Apps that Enable Remote Location and Wiping—Most devices, either as an app or system function, have the ability to remotely locate and erase all settings and data. The “Find My iPhone” app for iOS and “Locate My Droid” app for
• Install System Updates when Released—Doing so when prompted will reduce the risk of exposure to known malware and cyber threats.
• Beware of Open Wi-Fi Networks—Data transmitted on unencrypted Wi-Fi networks can be viewed by anyone connected to the same network. If you are not asked to enter a key when attempting to connect to the network, it is not secure, so use your company’s VPN or such apps as HotSpot Shield (available for both iOS and Android).
• Wipe Data Prior to Donating, Selling or Recycling Old Devices—In order to keep sensitive information private, data should be completely erased, and the device reset to its initial factory settings, prior to disposal.
• Report Stolen Devices—The major wireless service providers established a stolen phone database, in coordination with the FCC. You should report your phone as stolen to your local law enforcement and inform your wireless provider. This will prevent your stolen phone from being activated on any wireless network.

Best Practices for Online Banking Security

• Use strong, complex passwords that contain:

    • alpha/numeric characters and symbols

    • upper and lower case characters

    • minimum of  8 characters but longer is recommended

    • no real words or names of family/friends/pets

    • use entire keyboard; avoid strings of identical characters

• Change your passwords regularly and use a different password for each website you access.

• Never reveal your confidential login ID, password, PIN or answers to security questions to anyone.

• Never reveal your confidential login ID, password, PIN or answers to security questions by e-mail.

• Never share your security token.

• Report lost or stolen tokens immediately.

• Never bank online using computers at kiosks, cafes, unsecured computers or unsecured wireless networks.

• Prohibit the use of shared usernames and passwords for your online banking accounts.

Tips to Avoid Phishing, Spyware and Malware

• Don’t open e-mail from unknown sources.

• Never respond to a suspicious e-mail or click on any hyperlink embedded in a suspicious e-mail:

• Call the purported source if you are unsure who sent an e-mail.

• If an e-mail claims to be from your bank, call a client services representative.

• Educate your staff about current scams and loss- prevention steps.

• Make sure all of the computers your staff members use for work-related business, at the office and at home, have the latest versions and patches of both anti-virus and anti-spyware software.

• Maintain updated and patched systems and software.

• Install a firewall between your computers and the Internet.

• Restrict administrative rights to install programs to IT staff.

• Check your settings and select at least a medium level of security for your browsers.

• Clear the browser cache before starting an online banking session to eliminate copies of Web pages that have been stored on the hard drive.

• Dedicate and restrict one computer to online banking transactions; allow no Internet browsing or e-mail exchange and ensure this computer is equipped with the latest versions and patches of both anti-virus and anti-spyware software.

• Segregate responsibilities among different employees by maintenance, entry and approval.

• Delete online user IDs as part of the exit procedure when employees leave your company.

• Assign dual system administrators for online cash management services.

• Periodically evaluate employee job functions and remove online services.

• Establish transaction limits for employees who initiate and approve online payments.

• Set up alerts to notify manager of payments initiated above a threshold amount that warrant management’s attention.

• Use dual controls; require multiple users to release an online payment because it is less likely a fraudster would control the workstation of both initiating employees.

• Reconcile by carefully monitoring account activity and reviewing all transactions initiated by your company on a daily basis.

• Use separate accounts for electronic and paper transactions to simplify monitoring and tracking any discrepancies.

We’d like to take this time to inform you of a recent data breach. At this time, 1.2 billion passwords have been compromised from more than 420,000 websites. However, as far as we know, no financial information has been compromised. Please inform your members that they should take this time to change their passwords and remind them to be diligent in using safe password protocol – such as using a variety of passwords for different sites.

Please be assured that your account information has not been compromised at SCU.  We work hard at maintaining your account safety and currently have more protocols in place than most institutions in our area.  

Tips For Online Password Security

1.  Be Unique and Creative.

Use strong, complex passwords that contain:

    • alpha/numeric characters and symbols

    • upper and lower case characters

    • minimum of 8 characters but longer is recommended

    • no real words or names of family/friends/pets

    • use entire keyboard; avoid strings of identical characters

2.  Change your passwords regularly and use a different password for each website you access.

3.  Never reveal your confidential login ID, password, PIN or answers to security questions to anyone.

4.  Never reveal your confidential login ID, password, PIN or answers to security questions by e-mail.

5.  Never bank online using computers at kiosks, cafes, unsecured computers or unsecured wireless networks.

6.  Prohibit the use of shared usernames and passwords for your online banking accounts.

Your business is ultimately responsible for safeguarding your own data, including information that can be used to access or transact against your accounts at Superior Credit Union. However, we recommend that you consider implementing the following data security-related best practices or controls for your company.

There is no substitute for the advice of experts with intimate knowledge of your operations.  We at Superior Credit Union recommend that you obtain data security and anti-fraud advice from such experts. While we may provide you with some recommendations regarding controls or best practices from time to time, these recommendations cannot replace the services of dedicated data security and anti-fraud experts with a true understanding of your business.

The best way to protect against corporate account takeover is a strong partnership with your financial institution.  Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.

A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover.  Consider these tips to ensure your business is well prepared:

• Protect your online environment.  It is important to protect your cyber environment just as you would your cash and physical location.  Do not use unprotected internet connections.  Encrypt sensitive data and keep updated virus protections on your computer.  Use complex passwords and change them frequently.  Adopt advanced security measures by working with consultants or dedicated IT staff.
• Partner with your bank to prevent unauthorized transactions.  Talk to your banker about programs that safeguard your form unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
• Pay attention to suspicious activity and react quickly.  Look out for unexplained account or network activity, pop ups, and suspicious emails.  If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised.  Keep records of what happened.  Practice ongoing account monitoring and reconciliation, especially near the end of the day.
• Understand your responsibility and liabilities.  The account agreement with your bank will detail what commercially reasonable security measures are required of your business.  It is critical that you understand and implement the security safeguards in the agreement.  If you don’t, you could be liable for losses resulting from a takeover.