Privacy and Security
San Francisco Federal Credit Union has a robust Member Information Security program that ensures adequate security is built into our platforms, which include the latest cutting-edge technology, internal processes and staff manpower. We take extensive measures to protect your personal information, and are constantly monitoring accounts for fraud and identity theft. We ensure ongoing compliance to industry required security frameworks to verify that our internal procedural operations have security built into them.
If you believe you have been a victim of fraud please call us immediately 415.775.5377.
Review the below tools and information available to help you recognize fraudulent activity, and steps to take if this occurs.
- Travel Notification Form
Alert us when you travel and we’ll monitor your card 24/7.
- Identity Theft
Take steps to prevent & deal with identity theft.
Learn how we protect your personal information.
Phishing is a scam that attempts to trick consumers into providing personal information. A communication claiming a need to verify personal information is sent, often directing consumers to a fake website to verify personal details or prove eligibility for a non-existent prize. These fake websites and email messages can look legitimate, using logos and other elements from actual financial or government institutions.
- The attempt to acquire confidential information through spam and e-mail spoofing.
- Usually contain an E-mail with a fake logo and an urgent call to action.
- San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply.
- The attempt to acquire confidential information through malicious or fake cloned websites.
- Usually comes in the form of a Website requesting sensitive data.
- San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply or via a website.
- The attempt to acquire confidential information through phone impersonation. The calls or text messages often instruct consumers to urgently call a telephone number.
- Consumers who fall victim to these call the number and furnish sensitive information to a person they believe is trusted.
- Security attacks that include text messages are especially important, as often the consumer is tricked into clicking on a link and thereby downloading a Trojan horse, virus or other malware onto their cellular phone or other mobile device.
- The attempt to use Psychological manipulation of people into giving confidential information for the purpose of information gathering, fraud, or system access. Also known as Human hacking.
- Social engineering has many attack vectors including email, phone, in-person conversation, social networking, and even snail-mail or fax.
The Attacker's Motives
- Financial gain: For obvious reasons.
- Political gain: Think of cyber warfare and terrorism. For instance, you may have heard about the alleged state-sponsored attacks coming from China or Russia. Or the hacker groups that have formed and launched attacks in support of ISIS.
- Personal vendettas: This can include revenge, disgruntled employees and insider attacks. However, this could also be disgruntled members or non-members with the same motives.
- Malice or curiosity: The classic stereotype of hackers depicted in TV and film. While some may want to prove their SE expertise, some could be amateurs who are curious to test what they are capable of.
Tips To Avoid Falling Victim to Scams
- Never give out bank account or credit card numbers over the phone if you didn't initiate the call to a reputable, known business. Scam artists constantly try fresh stories to trick consumers into giving out their private personal and financial information.
- Do not reply to the unsolicited e-mail or respond by clicking on a link within the unsolicited e-mail message. Make sure you know who or where an e-mail is from before opening any attachments.
- If entering personal data, be careful and be sure to only do so on Web sites known to be legitimate and secure. Always look for a “locked padlock” in the browser or “https” at the beginning of the Web site's URL address for proof of security.
- Check your accounts, view statements, and verify all transactions a few times per month for any unauthorized charges.
- Regularly update anti-virus software and system security patches.
- Try to stay away from "free offers," especially those that ask you for private information bank account or credit card numbers. Keep in mind that such great offers tend to cover up the real purpose of just persuading you to give up your financial information.
For more information about Phishing scams, please visit these sites:
We have integrated Multi-Factor Authentication (MFA) into Online Banking that uses multiple layers of security and verification to confirm Member identity.
In addition we have implemented:
- Encryption and password protection. When you sign on to Online Banking, we secure the connection using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology to encrypt all the information transported on the network. This ensures secure information transfer between you and San Francisco FCU.
- Extended Validation Certificates (EV). The EV certificate establishes and clearly displays the website’s owner. This lets you know that you're at a valid San Francisco FCU website, and not a fraudulent look-a-like one.
- Always keep your password private and safe
- Avoid using the same password for multiple accounts or different sites
- Ensure your password is unique, long and strong. Create passwords that are easy to remember, but hard for other people to guess.
- Use both capital and lower case letters, as well as include a special character (!, &, #, %, etc)
- Don’t use names of family members or pets
- Don’t use phone numbers, Social Security numbers or birthdates
- Don’t use your account number within the password
- Update your password. Change your password on a regular basis. This helps keep your accounts secure should someone obtain your user ID and password.
- Use and regularly update firewall, anti-spyware, and anti-virus software to protect your computer against viruses.
- Ensure your browsers are up-to-date with latest versions.
- Periodically delete your browser cache and history or opt to disable web caching.
- Setup Alerts within your Online Banking account to notify you of any suspicious activity.
- Never share your device, especially with someone you do not know
- Never store your passwords in un-secure apps
- Always be sure to log-off from the mobile application when you are not using it
- If you have lost your mobile device, be sure to change your San Francisco FCU password as soon as possible
- Only install applications from Google Play or the Apple App Store, and only select applications from trusted sources.
- Be sure you regularly update your device operating system as well as check the App Store for updates to your installed apps.
- Add your Visa debit or credit card into mobile payment apps that use tokenization – like Apple Pay®, Android Pay™ or Samsung Pay™. Every time you pay using the mobile payment app instead of using your physical card, you help to shield your card number from fraud.
- Avoid unusual-looking ATMs
- When using an ATM, stand directly in front of the ATM and cover your hand when you type in your PIN
- If you notice that the card slot, pin pad, or any part of the ATM seems have been tampered with or altered, do not use the ATM
- Notify San Francisco FCU if your card has been captured and not returned - enter the branch or call our Service Center at 415.775.5377
Verified By VISA® Secure purchases by registering your card with merchants who use this service.
- For VISA Debit Cards: please click here to enroll your card with Verified By VISA®
- For Platinum and Classic VISA Consumer Credit Cards: please click here to enroll your card with Verified by VISA®
- For Business VISA Credit Cards: please click here to enroll your card with Verified By VISA®
For lost/stolen cards please see below for phone numbers:
|SFFCU Visa Credit Card||SFFCU Visa Debit Card|
|During Business Hours||415.775.5377||415.775.5377|
|After Business Hours
||415.775.5377 - Option 5
|415.775.5377 - Option 6
|Outside of U.S||206.352.4950 (collect)||909.941.1398 (collect)|
According to the Federal Trade Commission's Web site, identity theft is defined as "The act of stealing your good name to commit fraud." Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.
Take the time to review the below points to avoid becoming a victim:
- Guard your personal information
- Check your financial statements for any unauthorized charges
- Review your credit report at least once a year
- Shred documents that contain your personal informationbefore throwing them away
- Sign up for Paperless Statements - try not leaving mail sitting in your postal mailbox
- Protect your electronic devices by using secure sites and making passwords hard to guess
- Only carry the credit cards and documents that you really need, try not to carry pin numbers, passwords, Passport or Social Security card in your wallet or purse.
- Keep personal and sensitive information (bank statements, log-in for online banking accounts, debit card PIN numbers or paper checks) away from where others, including your family members, friends, and neighbors could see it.
- Retrieve your postal mail promptly.
- Do not respond to emails requesting personal information. San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply.
- Before you dispose of a computer or mobile device, be sure to delete any personal information
- Always ask employers, creditors and businesses how they will use and secure your personal information
- Always cancel & destroy old/unused credit cards
If you find yourself a victim of identity theft, immediately take the following actions:
- File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
- Contact the fraud departments of each of the three major credit-reporting agencies listed below. Request that they place a "fraud alert" on your file and that no new credit be granted without your approval.
- File your complaint with the Federal Trade Commission (FTC). The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Link to file a complaint: https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc
- Contact San Francisco FCU’s Service Center at 415.775.5377 to close your defrauded accounts and open new accounts.
Three Major Credit Reporting Agencies:
To order your report, call: 800-685-1111
To report fraud, call: 800-525-6285
P.O. Box 740241
Atlanta, GA 30374-0241
To order your report, call: 888-EXPERIAN (397-3742)
To report fraud, call: 888-EXPERIAN (397-3742)
P.O. Box 9532
Allen TX 75013
To order your report, call: 800-888-4213
To report fraud, call: 800-680-7289
P.O. Box 6790
Fullerton, CA 92834-6790
For more information about identity theft visit:
We recommend you request and check your credit report once a year. To obtain a copy of your free credit report, visit the Web site at http://www.AnnualCreditReport.com or call 877.322.8228.
Feel free to also visit these links to the sites of the three major credit reporting agencies: