Mandy Koester, Director of Electronic Services, shares some insight on steps you can take in protecting yourself from fraud. She will cover financial security and give educational tips, like what to do if you see unauthorized transactions on your account.
Transcription:
Prakash Chandran: We've all heard horror stories about victims of identity fraud, people who have had their identity stolen, their bank accounts compromised and their savings threatened. But what are the early warning signs of fraud and how do you protect yourself from being vulnerable? We're gonna talk about it today with Mandy Koester. She's the director of Electronic Services at Heritage Federal Credit. This is The Talking Sense with Heritage Podcast. I'm your host, Prakash Chandran. So Mandy, thank you so much for joining us today. I really appreciate your time. we're talking about digital fraud today and I'd love to get started with a high level question. What types of fraud typically happen with digital banking in general?
Mandy Koester: Well, the most common type of fraud with digital banking would be money movement. So someone utilizing your digital banking application or logging in via the website to transfer money with tools such as Zell or an external transfer to another, credit union or financial institution. This typically happens when a scammer pretends to be a business or an entity or even the credit union and gets you to give them your credentials. So we never wanna share our credentials, or they may be trying to guess your username and password. And at Heritage we have multi-factor authentication set up.
What that means is you should get an email or a text or a phone call with the code and these scammers will call you and be very convincing that they are with the credit union and ask you for that code. So we never wanna give that out. That is the most common situation, is when you are participating in that. So we never wanna hand out any of our credentials, any multifactor authentication codes and then you should be safe. But we also always want to be very aware and cautious of anybody trying to ask you for any personal information.
Host: Yeah. And let's just kind of paint a picture for like best practices for people. So for example, no one is ever gonna call you and ask for your social security number, that multifactor authentication code. Is there anything that people should be aware of that the bank will never ask for?
Guest: Typically we will never ask you for your, username or your password. if you call us and we're trying to look up your account, we may ask you to verify yourself. We will never call you and ask you for any of your information because we will already have that pulled up. So if someone is calling you and stating they are your financial institution, they should already have your social, they should already have your account number. That is not ever going to happen. If you are suspicious, always hang up and call your credit union directly or your financial institution.
there are. Scammers out there that can spoof a phone number so you can be getting a phone call and it looks like it's coming from your financial institution, but it may not, and no financial institution would be upset if you said, do you mind if I hang up and call you back from the number I know to to reach you at?
Prakash Chandran: Yeah. It's just amazing. Like they're getting so much more technologically advanced. We just have to really be on guard. And I think that recommendation of just saying, you know what, let me hang up and call, the credit union directly back is the right approach. I, another question that I was curious about is, some people may log into their bank account and see unauthorized transactions.
So this is not necessarily someone trying to get their information, but transactions are there that people don't necessarily recognize. People do in that case.
Mandy Koester: Well, the first thing you should do is, especially if it's after hours and it's using a card, but the credit union, you can log into your app and turn that card off and stop using it. But definitely call us immediately and speak with our agent and they can help you determine the types of fraud. It occurred, was it just your debit or credit card that was stolen?
Is someone utilizing fake checks against your account? and they can help you with filing the correct type of dispute to assist you with that?
Prakash Chandran: Okay. Even if someone has not necessarily lost their card, they can just log into their application and stop the card immediately because you don't want any extra or additional charges to be made. Is that correct?
Mandy Koester: Correct. You can block your account multiple ways so you can block your card temporarily. So maybe you don't see any, fraudulent transactions on your account, but you can't find your card. Maybe you've misplaced it, it It might be left in your car or maybe you left it at the office so you can temporarily turn off that card that helps prevent fraud just in case it is lost.
if you tap into find it and it was in a secure location, you can turn it back on easy to use. If you don't find it, you can block it permanently as lost or stolen and get a new card ordered for you and that will be in the mail to you. Or you could come into a branch and get one instantly issued.
So you're not without a card for days, but you can. call us to do that, or the app allows you to do it right there from your phone as well.
Prakash Chandran: and I think this is an important point to make because I've certainly been guilty of this, but sometimes when you lose a card, you don't want to go through. Rigamarole of requesting a new one. Sometimes it can take a long time, but it seems like with the system that you have set up, it's a simple stop and start and you have the flexibility to get an instantly, new card, issued to you when you come into the branch.
Is that correct?
Mandy Koester: That is correct.
Prakash Chandran: Awesome. another thing I wanted to cover with you was remote deposit capture in the digital banking app. Can you talk to us at a high level about what that is and the types of frauds that can come out of it?
Mandy Koester: Yes, so remote deposit capture, or as we like to call it, rdc, is a great convenience tool for members who get physical checks still to deposit. So it allows you to take a picture right from your phone deposited in your account. You don't have to travel to an ATM To go to a branch and see a teller to physically deposit that check.
However, we do sometimes see fraud with this because again, scammers will reach out to you and they will, a lot of them are new jobs, but you have a job via the internet. It's a new startup and they're gonna send you a. and it's gonna be for more money because they want you to go buy some things such as maybe computer equipment or office supplies.
or gift cards is a big one. please use this money. Go buy some, gift cards and mail that back to us. Or, oh, we accidentally overpaid you. Can you send us money back via cash app? And they take that picture via R D C and, and that account, that check will come back that after a couple of days and you've already spent the money.
another big one is, Scammers will email you a check no check received via email is ever a good check. It is not a valid check. so that's also a very common scam that we see people, utilize R D C because the instructions in the email are, Hey, deposit this check via your app. Because you take a picture, and someone like an employee is not physically looking at that check and helping warn you like, how did you get this check?
Or, this doesn't seem to be a legit. Items. So because that human interaction is missing, which is a great convenience when you know you have a valid check, but if you are, a little bit skeptical or it seems too good to be true, it is probably not a valid check, and you may wanna come in and speak with one of our representatives about that versus depositing it via the app.
Prakash Chandran: So one of the last things that I wanted to talk to you about was just being proactive and protecting themselves against fraud. Do you have any tips or frameworks that people should be thinking about when it comes to protecting themselves?
Mandy Koester: Yes. several things we've talked about already, but I'll go ahead and repeat them. just be mindful that there are scammers out there. A good rule of thumb is if it is too good to be true. Than it probably is. be mindful if you're getting offered new jobs via the internet and getting large paychecks to deposit and then asking for things back in return, such as cash app transactions or gift cards.
Facebook marketplace is another thing. So again, if you are receiving more funds than what you're asking for, for an item, be cautious. Do not give out any multifactor authentication codes that you may receive. we ask for this, the credit union requires them to, as an added protection of security.
So when scammers are trying to access your account, they're gonna need that code to get in. Another good thing to remember is at this time, we do allow MF a codes to be sent to your email, but you get to choose the email is not the most secure, so, Be mindful of your email and how you have that set up.
Make sure you change your password on a consistent basis, or a lot of email applications will also ask if you wanna set up a multifactor authentication coded order to access that. So those are all good rules of thumb and, don't give out your information as we spoke about earlier. Keep all of your account information in a secure place.
Again, use the temporary block on your debit and credit cards if you've accidentally misplaced them and do not share your online banking credentials with any third party. Again, the credit union will never ask for those, nor will any reputable financial institution. They are never going to call and ask you for your username and password, or your account number.
Prakash Chandran: Yeah, these are really good prevention measures to help people stay secure and to protect themselves. And I realize that it may seem intimidating because there's so many of them. but this is really important information and obviously has to do with your financial health. Another thing that I just wanted to double check on was the method of multifactor, authentication.
Is this something that is a requirement, for logging into their banking application?
Mandy Koester: we use that for different types of transactions. So if you forget your password and want to log in, it's going to ask you for a multi-factor authentication. If you want to transfer money to an account you've never transferred money to before, it's going to ask for a multi-factor authentication. If you want to use the.
Function within the app to send money outside of the credit union. It's going to ask you for a multifactor authentication. So there's certain types of transactions that you will do that are going to ask you for that information.
Prakash Chandran: Got it. it something that they can proactively get set up so when the time comes, they're just aware of the method or the second factor authentication is there, is there something they can be proactive about?
Mandy Koester: Yes. within our app, under the tools and settings function, you can actually set up that you wanna receive an mfa, multifactor authentication anytime you sign in or the type of MFA you would like to receive. So the highest security is likely going to be one of the authenticator apps like, there's a Google Authenticator app.
There's a Microsoft Authenticator app. That way you have to have a password to that app to get a code to input. You can get a text, you can get a phone call, and like I said, you can get an email, which is still secure, but probably the least secure of the ways to get that code. And you can, add extra security.
But we will not allow you to take away security from within your digital app.
Prakash Chandran: Yeah. And that's another good point because if you are proactive and set that up and you know, for example, that that is being, verified a second time with your phone, then if you get an email of someone asking you for that code, you definitely know it's fraudulent, because you set that up in that way.
Mandy Koester: Correct. I have a different type of app, multiple apps use multifactor authentication that was recently trying to be hacked, and I kept getting a notification on my Authenticator app, like, here's your code, and I was able to quickly hit, deny, and block that fraudster from accessing my account or my application.
Prakash Chandran: Amazing. thank you so much, uh, for all the advice and the framework around how we should be thinking about protecting ourselves. Mandy, is there anything else that you'd like to share with our audience before we sign off today?
Mandy Koester: Thank you so much for having me as well. I would just like to reiterate to be very cautious and suspicious, and if you have any questions, always feel free to give us a call and we are here to assist.
Prakash Chandran: Beautiful. thank you so much again, Mandy. I really appreciated your time today.
Mandy Koester: Thank you.
Prakash Chandran: That was Mandy Kester, director of Electronic Services at Heritage Federal Credit Union. For more information, you can visit heritage federal.org. Go to the search bar and type financial security and education. If you found this podcast to be helpful, please share it on your social channels and be sure to check out the entire podcast library for topics of interest to you.
Thanks again for listening to Talking Sense with Heritage. My name's Prash.