What's New

Since the 1980’s, our members have enjoyed the convenience of making purchases and using automated tellers thanks to the invention of debit cards. Can we even imagine life without them now?

Along with the technology came criminals intent upon “beating” the built-in security features of the cards. They discovered ways to obtain the information from the magnetic strip on the card, then once they got your Personal Identification Number (PIN), they could help themselves to your cash at ATMs or purchase merchandise.

How did they get my PIN?

• hidden cameras pointing at point of sale terminals and ATM keypads, or
• the “casual customer” looking over your shoulder at a merchant counter, or
•  dishonest staff

How did they get my magnetic strip information?

• a fake merchant terminal substituted for the real one, or
• a second point of sale terminal under the counter. The clerk swipes once on the legitimate terminal, then “drops” your card and bends down to “pick it up”, or
• a thin device placed inside or over the card slot on an ATM. When you insert your card, it is read by both the fraudsters’ device and the ATM.

This type of criminal activity, called “skimming”, most often takes place in very busy locations, such as gas stations and fast food venues. The information collecting devices don’t have to stay in place for long…even 15 minutes can yield a rich harvest of information for the fraudsters.

Months later, you find that someone has accessed your account, getting cash or making purchases, often on the other side of the country from where you live. Our own members have been victims – we are not immune! Almost every day, our staff have to call members to let them know their cards have been used at suspected skimming locations. Their cards are cancelled and new ones issued.

Fighting Back

What can YOU do to protect yourself?

1. Check your surroundings. If an ATM looks unusual, don’t use it. If another customer is observing you too closely, block the PIN pad with your body so the person can’t see you entering your PIN on the keypad.
2. If you have trouble at an ATM, don't ask a stranger for help. Instead, go into the financial institution and ask staff for assistance.
3. When paying at a point of sale, don’t let your debit card out of your sight, ever! In a restaurant, don’t let the server take your card; pay at the till as you leave if the restaurant does not have a wireless terminal that allows you to pay at your table.
4. If the point of sale terminal has no pad shield, cup your hand over it while you enter your PIN.
5. Report any suspicions of illegal activity to the police immediately.
6. Change your PIN frequently. You can do so at any branch of Wainwright Credit Union, or any other Alberta credit union, with proper ID.
7. Do not tell ANYONE your PIN. Even trusted family members. Even your children. (This is actually part of your user agreement.)
8. Choose a PIN that would not be obvious, such as part of your phone number, date of birth, etc.
9. Memorize your PIN. NEVER write it down on your card. (You might be surprised at how many people do!)
10. Check your account often, and compare your transactions records from ATMs and Points of Sale to your statements. If you see any discrepancies, contact us right away.

What is Wainwright Credit Union doing to protect YOU?

1. CHIP cards

We are replacing debit cards having magnetic strips with CHIP cards. The CHIP provides an added layer of security which will foil skimmers. Your account information is embedded in a micro-chip, rather than on a magnetic strip. And you leave your card in the merchant terminal for the duration of the transaction, thus avoiding double-swiping or the use of simple card readers to harvest your information.

CHIP cards require the use of a PIN, so the PIN security precautions listed above will also apply.

Be cautious, though. Canadian merchants are not required to switch to CHIP-enabled terminals until December 31, 2015. Out of country merchants may or may not be switching. So magnetic strip cards will be with us for a while, and we urge you to continue to protect yourselves.

2. Limitation of liability

In order to protect our members and the credit union, we set a daily withdrawal limit of $600 cash and $2,000 at points of sale. Members whose cards have been skimmed will be reimbursed up to those daily limits of $600.

3. Reports/alerts

Wainwright Credit Union subscribes to an alert system that notifies us of excessive use, pattern variations or use at a distance from your home location. We would contact you immediately if your card shows up on a system-generated report. You would be advised that your card has been cancelled and a new one issued.

4. Co-operation with law enforcement

If you have in fact had money fraudulently taken from your account, we ask you to file an incident report with your local law enforcement agency. As part of the formal investigation, you will give us permission to share certain account information with them, which we will do. Once you have initiated the legal process, we will be able to reimburse you for your loss, up to the daily limits noted above.
 

Late breaking news (September 14) about the phishing scam outlined below on August 24:

September 13th saw another email phishing attempt very similar to the August 24 occurance. The Subject line contained the same reference number as below but included "Procedural Warning - Security Alert" rather than the original text. Additionally, the directions to start the security process varied from the original scam in that it asked "please login inside your account www.cucardsonline.com and follow the steps."

Phishing scam as posted August 24, 2010:

CUETS is advising members to be aware of the following phishing scam that is currently circulating. CUETS is proceeding to have the website shutdown.

The text of the phishing email reads as follows:

From: service@cucardsonline.com <service@cucardsonline.com>
To: undisclosed-recipients <undisclosed-recipients:;>
Sent: Tue Aug 17 07:46:04 2010
Subject: [Ref#58813934] Have not signed on for 32 days

Dear Customer, Your MasterCard Account is out of date.
We need you to complete your details.
To start the update process, login www.cucardsonline.com <http://cu.update-cardsonline.co.cc/EN/index.php>
to your account and follow those steps.

2010 CUETS All rights reserved.

As indicated in the information contained in the August 10, 2010 communication about the MasterCard CHOICE REWARDS e-mail scam:

You can help protect yourself by remembering this important information:

• The simplest way to protect yourself from fraudsters is to avoid clicking on any unexpected link in an email message.
• DO NOT REPLY to emails soliciting personal information. Go to the company's legitimate website and use the page labeled "Contact Us"
• Unlike these phishing e-mails, CUETS (our MasterCard issuer) will never ask you to verify personal information in response to an e-mail
• Most fake communications convey a sense of urgency by threatening discontinued service
• Many fraudulent e-mails contain misspellings, incorrect grammar, and poor punctuation
• Links within the fake e-mail may appear valid, but deliver you to a fraudulent site
• Phishing e-mails often use generic salutations like “Dear Customer,” or “Dear Account Holder” instead of your name
• The address from which the e-mail was sent is often not one from the company it claims to be