If you use online banking, you will be interested to learn that six federal industry regulators teamed up recently to make your accounts more secure.  New supervisory guidance from the Federal Financial Instiutions Examination Council (ffiec) will help credit unions strengthen their vigilance and help make sure that the person signing into your account is actually you.  The supervisory guidance is designed to make online transactions of virtually all types safer and more secure.
Online security begins with the authentication process, used to confirm that it is you, and not someone who has stolen your identity.  Authentication generally involves one or more basic factors:
* Something the user knows (e.g., password, pin)
* Something the user has (e.g., ATM card, debit card)
* Something the user is (e.g., biometric characteristic, such as a fingerprint)
Single factor authentication uses one of these methods; multi-factor authentication uses more than one, and thus is considered a stronger fraud deterrent.  When you use your ATM, for example, you are utilizing multi-factor authentication:  Factor number one is something you have, your ATM card; factor number two is something you know, your PIN.
To assure your continued security online, Health Systems Credit Union uses both single and multi-factor authentication, as well as additional "layered security" measures when appropriate.
Layered security is characterized by the use of different controls at different  points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control.  An example of layered security might be that you follow one process to log in (user/password), and then give additional information to authorize funds transfer.
Layered security can substantially strengthen the overall secu rity of online transactions....protecting sensitive member information, preventing identity theft, and reducing account takeovers and the resulting financial losses. 
The purpose of these layers is to allow your credit union to authenticate members and detect and respond to suspicious activity related to initial login and then to reconfirm this authentication when further transactions involve the transfer of funds to other parties.
*  On the back-end, the new supervisory guidance offers ways your credit union can look for anomalies which could indicate fraud.  The goal is to ensure that the level of authentication called for in a particular transaction is appropriate to the transaction's level of risk.  Accordingly,  your credit union has concluded a comprehensive risk-assessment of its current methods as recommended in this supervisory guidance.
These risk assessments consider, for example:
* changes in the internal and external threat environment
* changes in the member base adopting electronic banking
* changes in the member functionality offered through electronic banking; and
* actual incidents of security breaches, identity theft, or fraud experienced by the
   institution or industry.
Whenever increased risk to your transaction security might warrant it, the credit union will be able to conduct additional verification procedures, or layers of control, such as:
* Utilizing call-back (voice) verification, e-mail approval, or cell phone-based identification.
* Employing member verification procedures
* Analyzing banking transactions to identify suspicious patterns.  For example, that could mean flagging a transaction in which a member who 
  normally pays $10,000 a month to five different vendors suddenly pays $100,000 to a completely new vendor.
* Establishing dollar limits which require manual intervention to exceed a preset limit.
Credit Unions follow specific rules for electronic transactions issued by the Federal Reserve Board.  Known as Regulation E, the rules cover all kinds of situations revolving around transfers made electronically.  Under the consumer protections provided under Reg E, you can recover internet banking losses according to how soon you detect and report them.
Here is what the Federal rules require:  If you report the losses within two days of receiving your statement, you can be liable for the first $50.  After two days, the amount increases to $500.  After 60 days, you could be legally liable for the full amount.  These protections can be modified by state law or by policies at your credit union, so be sure to ask your credit union how these protections apply to your particular situation.
Of course, understanding the risks and knowing how you might be tricked is a critical step in protecting yourself online.  You can make your computer safer by installing and updating regularly your:
* Anti-virus software
* Anti-malware programs
* Firewalls on your computer
* Operating system patches and updates 
You can also learn more about online safety and security at these websites:
If you notice suspicious activity within your account or experience security-related events (such as Phishing email from someone claiming to be from Health Systems Credit Union), you can contact the credit union for information.
We do business in accordance
with the Federal Fair Housing
Law and the Equal Credit
Opportunity Act.
Your Savings Federally insured to at least $250,000
and backed by the National Credit Union
Administration, a U.S. Government Agency.

Notice Regarding Non-VISA Pinless Debit Transactions


You may use your Visa Debit Card to initiate both Visa debit transactions and non-Visa debit transactions without using a personal identification number (PIN) to authenticate the transactions. To initiate a Visa debit transaction, you may sign a receipt, provide a card number or swipe your card through a point-of-sale (POS) terminal and choose to route the transaction over a Visa network. To initiate a non-Visa debit transaction, you may enter a PIN at a point-of-sale terminal or, for certain bill payment transactions, provide the account number for an e-commerce or mail/telephone order transaction after clearly indicating a preference to route it as a non-Visa transaction. We have enabled non-Visa debit transaction processing on the Pulse Network. The rights and protections applicable only to Visa debit transactions, including additional consumer liability limits and streamlined error resolution procedures, as described in your Electronic Fund Transfers Agreement and Disclosure will not apply to transactions processed through non-Visa networks. Please contact the Credit Union with any questions you may have regarding this notice.

Thank you.