Following on the subject of ciber-security, today I’m going to focus on the Credit Union’s operations. For that purpose, I have recently interviewed one of the members of the personnel, one who plays a key role in the processing of your transactions.
Always very friendly and smiling, Maria Antonieta Arraya is OAS FCU’s Network and Operations Coordinator.
Well, to start, why don’t you tell our members, so that they understand, what is your day to day work at the Credit Union?
(Maria Antonieta laughs) I’m the one they call when there’s a problem; when members can’t access their Online Banking, when a transaction has posted twice on an account; when they’ve requested a transaction but it’s not showing on the account, or maybe something appears that they haven’t authorized. But that’s not really my main function.
 |
| María Antonieta Arraya, OAS FCU's Network and Operations Coordinator |
The thing I do every day is process and post to member’s accounts the ACH debits (these are the electronic payments, checks that members have paid over the phone, the transactions requested via Click-Pay, and the automatic payments that people set up from their accounts).
I also provide support to members by managing their access to our electronic services: the Online Banking, the Click-Pay payment system, and our Mobile Banking (that’s the access to accounts and some transactions from your mobile phone). A portion of it consists in monitoring the actual activity of our members. For example, if I see that a member has opened an online form several times but never submitted it, I will contact him or her to offer help completing it.
Is it part of your responsibility to detect suspicious activity or transactions?
Yes. For instance, the Online Banking system alerts me when someone has blocked his or her password, or has entered the wrong answer to the security questions. In both those cases, the account is automatically flagged and access is suspended temporarily. It is my responsibility to find out if the lockout is due to a forgetful member forgetting his password, in which case I’ll reset the password, and if the email that we have on hand is his or her work email, then I will contact them that way, attaching the copy of the alert. If the email on the account is not the work email, I’ll use a different protocol.
Also, the Online Banking system lets me know whenever a member is transferring money to another member’s account, if the account number of the recipient or the name on the account don’t correspond to that the sending member is using. In those cases I contact the sender and put a hold on the transaction. Because there is always the chance that the sender is fishing to find the account number, I always contact them.
However, from the strictly transactional standpoint, there’s a report that is generated automatically everyday which lays out every instance of unusual activity on the accounts. But I am not in charge of this report, because it’s rather complex. It has a bit of everything unusual: from suspected cases of abuse against elderly members, to transactions in amounts that we consider unusual. The report is sent to Ana Maria Fiorilo, our Quality Control Specialist, who examines it on a daily basis. That’s why, when it comes to our members, their account security is a team effort. Other sections of our operations are monitored by various members of the staff. This way we’re always on the lookout to safeguard our members’ money. After all, that is everyone’s job here.
Nowadays, what is the most common type of attempt on members’ accounts that you see?
For me the most common are ACH problems, those on the electronic debits. In the Automated Clearinghouse (that’s what ACH stands for) world, not just in our Credit Union, there’s a lot of spam-by this she means a lot of unauthorized activity-. It is very often that I have to ask members to come in and sign an affidavit in which they state under penalty of law that they have not authorized a deduction that they’ve found posted on their accounts. That’s how we can cancel the payment and get their money back.
For instance, what I’ve seen a lot recently is the tax scam. A member receives a phone call from someone claiming to be calling from the IRS, accusing them aggressively of owing taxes and demanding immediately payment or they will be arrested. Or they get the same kind of call from someone who claims they owe such and such company money. Because of the aggressive nature of the call, they give out their checking account information to process these fake payments, and then the fraudulent debits start.
Unfortunately, I have also seen a lot of grandchildren stealing grandpa or grandma’s checking account information to pay their own cell phone bills and a variety of other things. It stands to reason that younger people understand current technologies and some elder members don’t, so the abuse starts and it’s my job to protect their money, if I can.
This is why everyone must remember to keep an eye on their accounts, and know that they have 60 days to contact us if they see a transaction that they didn’t authorize. They should remember as well that when they’ve called a company to cancel an automatic debit, and that company ignored the cancellation and charged their account anyway, they are entitled to ask us to deny that payment. It happens often when changing insurances and phone providers, for example.
Do you have any practical advice for our members to help protect their money?
Members must be aware of the importance of maintaining their computers secure in general. It usually starts there. Don’t click links from senders that you don’t know. Because the moment you click the wrong link, you get malware, and it escalates from there. Preventing problems is a lot easier and less stressful than fixing them.
Recently we’ve received quite a few communications from members from their Yahoo, Hotmail, or Gmail accounts that had been clearly hacked. We contacted them immediately to let them know of their problem. This is why you should always maintain the security tight both on your computer and your email accounts.
Also, I would recommend that everyone keep tabs on their checkbooks, because nowadays checks can be authorized over the phone, without a signature. So if someone else has access to the bottom line numbers on your checkbook, they have access to your account. Sure, if you catch it within 60 days we can always cancel those payments, but nobody’s going to take away the upset of clearing it up and knowing that someone stole from you.
And more advice: every member should know the characteristics of a ‘strong password’, which has 10 characters or more, using uppercase and lowercase letters, numbers, and symbols (&, %, #, etcetera). They should use that kind of password on their email accounts and the Online Banking system.
What many members don’t realize is that their Online Banking password should be handled with as much case as their house keys or they PIN number, if not more. With all the services that we offer via the Online Banking system, it grants whoever has access to it power over all the money in the account.
That’s why it’s so important to have top-notch secure passwords for Online Banking, and also to not share that information with anyone else. You’re safeguarding your money.
Sharing your account access information with others, you mean?
(Laughing) Yeah, let me give you an example. I get a call from mister Such and Such’s secretary; he is the director of this or that large organization, and the secretary’s calling me because he wants his access information for the Online Banking system. So what do I do? I answer the secretary “thanks for letting me know, please inform mister Such and Such that I’m sending the information he is requesting to his personal email”. It’s normal, some of these people may be very busy in their jobs and they send their secretaries on personal errands. Though thankfully I see that less and less, because every member, boss or not, has to be fully aware of what can be done with online access to their account and they should not only manage their own accounts themselves, but also monitor them daily or as often as possible.
To end, if you could pick one thing to tell members about safeguarding their money in the Credit Union, something more important than anything else, what would it be?
Manage your online access safely. Keep a strong password, don’t write it down anywhere, monitor your account daily, and change your password quarterly. If you did that, you would never have problems with your accounts.
Thanks Maria Antonieta for sharing your knowledge with the Credit Union members.
Maria Antonieta Arraya has worked at OAS Staff FCU since 2004. She is originally from Cochabamba, Bolivia. She lives with her daughter in Virginia.
No comments :
Post a Comment