Card Safety Guidelines

With Card payments being one of the safest and most convenient ways to pay for goods and services many stores do not even touch your card and get you to enter it in to the payment terminal yourself since the introduction of Chip & PIN. There are always situations where this is not the case and it is important that at a minimum you always keep the card within your sight.

Your Debit Card details can be used fraudulently even when the card itself is safely in your care, so it is vital to check your statements regularly. If you identify purchases that you didn’t make, you must report them immediately to Credit Union Card Services team on +353 (1) 693 3333 available 24/7 or your Credit Union

Support / Card Safety Guidelines

 

  • NEVER click on a link in an email or text message asking you for your personal security information.
  • DO NOT click on a link, attachment, or image that you receive in an unsolicited text without first verifying that the text is legitimate and that you understand what you are clicking on.
  • ALWAYS check the legitimacy of a request even if the message comes from a person or business, you are familiar with.
  • STOP THINK CHECK don’t be pressured into sharing information or a request to make an urgent payment. Never respond to a text message that requests your 4-digit card PIN or your online banking password or any other password.
  • Your Credit Union will NEVER EVER ask you for any PINs or Passwords to your App or Online Banking or request you withdraw money to hand over to them or transfer money to another account, even if they say it is in your name.
  • IMMEDIATELY contact your Credit Union or Credit Union Card Services on +353 (1) 693 3333 available 24/7 if you think you might have responded to a smishing text message and provided your bank details to an unknown third party.
  • Be WARY of any number that is not already in your contacts, and to try the original stored number of the person who is apparently making contact.
  • If in doubt, temporarily SUSPEND your Current Account debit card until you have verified all your debit card transactions.
  • ENSURE you are using trusted websites when shopping, betting, or online dating.
  • ALWAYS think twice before using your webcam
  • REMEMBER if its too good to be true, trust your instincts – it’s likely to be a scam.
  • KEEP your card in a safe place. Do not leave it lying around. Report it to your Credit Union or Credit Union Card Services immediately if it is lost or stolen.
  • PROTECT your PIN do not write it down, or keep it anywhere with your Debit Card or give it to anyone.
  • CHANGE your PIN If you believe someone knows your PIN you can change it immediately at an ATM machine or phone Credit Union Card Services on +353 (1) 693 3333 available 24/7.
  • COVER your PIN when using an ATM or PIN pad in a store. Ensure you are not being overlooked or distracted entering your PIN in a public place.
  • SIGN new cards immediately ensuring the old card is destroyed by cutting the magnetic strip as soon as the new one becomes valid.
  • KEEP financial information secure (e.g. account numbers, statements, ATM and sales receipts) in a secure place before disposing of them carefully.
  • NEVER reveal your secure credentials to anyone over the phone or online such as your Card PIN or User ID.
  • NEVER divulge details to Cold Callers – Don’t give your card number over the telephone to “cold” callers under any circumstances. Only make telephone transactions when you have instigated the call and are familiar with the company.
  • NEVER open suspicious emails or attachments, limiting what you share on social media.

Criminals can use fake advertising and websites to lure you into providing your debit card information. Once you have either, entered your debit card details to authenticate a purchase or provided a One Time Passcode (OTP) to complete the payment, the fraudster / fake website now has stolen your card details and can spend your hard-earned money.

This is known as Tokenised Fraud, using the ‘Smishing’ method. Smishing is a combination of the words SMS (text message) and Phishing.

The message will typically ask you to click on a link to a website or to call a phone number in order to “verify”, “update” or to “reactivate” your account. The website link leads to a bogus website and the phone number leads to a fraudster pretending to be the legitimate company. The criminal attempts to get you to disclose personal, financial or security information, which will then be used to steal your money.

Similar to phishing, the messages often attempt to alarm you, claiming that urgent action is needed, or it will have negative consequences.

Here are some tips for recognising when a website isn’t all that it may seem and how you can keep your debit card details safe online.

Spotting Fake online retailers

Look for a ‘padlock’ symbol in the address bar or browser.

  • This normally indicates the site is encrypted so your activity can’t be intercepted.

This should be combined with other checks as fraudsters can copy or buy these padlocks, so it isn’t a guarantee the website is safe.

Look closely at websites before you use your Debit Card

  • Are there any grammar or typo errors?
  • Have they a registered business address?
  • Have they a good returns policy?
  • Are there positive Google reviews?

If anything looks unusual, DO NOT make a purchase from them!

Review the social media & contact information

  • Are there genuine followings and legitimate posts?
  • Do they provide a physical phone number and email address?
    • Try a quick call to test the customer service to see if the company exists by speaking with a representative, if possible, send an email, automated response or bounce back? Be aware, if you receive an automated response or bounce back be on alert this may be a fraudulent website?

These requests are better known as Spoofing – Phishing – Vishing – Smishing or CEO Email Requests.

Spoofing is a type of scam in which a criminal disguise an email address, display name, phone number, text message, or website URL to convince a person that they are interacting with a known, trusted source.

Criminals use a technique called ‘Spoofing’ to make it look like you are being contacted by a trusted organisation. These scam calls or texts can often appear in genuine message threads making them difficult to spot.

Phishing is the attempt by fraudsters to trick you into handing over personal information such as your credit union details, usernames, or passwords via email, by pretending to be from a trustworthy source such as your Credit Union. The information they gain can then be used to access your current account or debit cards or online banking account.

  • The criminal typically sends thousands of generic emails out (like bait when fishing – hence the name phishing) to people whose email addresses have been obtained from an unknown source, in the hope of getting a “bite”.
  • These emails tend to have generic greetings such as “Dear Customer” or “Account Holder”. However, in some cases, a tactic called “spear phishing” is used. In these cases, the fraudster has some detail about you (frequently sourced through social media) and may use your name or some other specific detail about you in the email.

Phone scam where fraudsters target you by phone and try to trick you into divulging personal, financial or security information in relation to your debit card or online banking access or into making a financial transfer to them.

  • A fraudster can phone you, claiming to be from a bank, Credit Union, the Gardaí/Police or a service provider such as a telephone company, internet provider or computer company. They trick you into believing they are a legitimate representative of the organisation and that it is in your interest to give the information they ask for.
  • Fraudsters can try to extract information from you such as debit card details, One Time Passcodes (OTP) used for additional authentication for online shopping, PIN numbers, online banking details or passwords and personal details such as name, address and date of birth. Sometimes they may ask to take control of your device to “fix a problem” , once they have control of your device they can access your information. This information is then used to access your Credit Union Current Account or carry out transactions with your debit card.

Scam where fraudsters send text messages to random mobile phones – the text messages claim to come from a reputable organisation such as a bank, credit union or a service provider e.g., a mobile phone company.

  • The message will typically ask you to click on a link to a website or to call a phone number to “verify”, “update” or to “reactivate” your account. The website link leads to a bogus website and the phone number leads to a fraudster pretending to be the legitimate company. The criminal attempts to get you to disclose personal, financial or security information, which will then be used to steal your money.
  • Similar to phishing, the messages often attempt to alarm you, claiming that urgent action is needed, or it will have negative consequences.

Can take place when an email purporting to be from your Chief Executive Officer or a senior member in your company is sent to the Finance Team requesting that a payment to be made to a supplier or another third party or in some cases to the senior member.

  • Fraudsters impersonate the senior member either by hacking into their email account, spoofing the sender’s actual address or using one that is very similar, but almost indistinguishable for example there may be an extra dot or a sneaky extra letter stuck in.

For example;

  • Correct:     Rita.book@creditunion.com
  • Fake:          Rita.book1@creditunion.com

As students begin to look for accommodation for the college year or for upcoming trips, they should take heed when paying a deposit for a property that potentially does not exist, has already been rented or is a fraudster using a short term let to get payment of a deposit and not show up on move-in day.

  • The scams work by offering to let property in prime areas at below market rents and asking for deposits, or in some cases full payment upfront to secure the property prior to visiting it, or to prove they have the money to rent for the duration.
  • Prospective tenants are convinced to part with their debit card details, cheques or cash before seeing the property, which then turn out not to exist. Payments are then not returned, and the student cannot contact the supposed “landlord”.
  • There have also been occasions whereby fraudsters gain access to properties and take prospective tenants around, portraying the property as being vacant and under their control. In other cases the fraudsters are claiming to rent out property that does not exist, has already been rented out, or has been rented to several victims at the same time.

Follow these steps to avoid being scammed!

Be Informed

  • Do your homework – familiarise yourself with the average rent prices in your search area. If it seems too good to be true, it usually is!
  • Use online maps to double check that the property exists at the address being advertised.
  • Check short term rental sites to ensure the property is not being used by a fraudster for “viewings” who will take your deposit.

Be Secure

  • Keep copies of all correspondence between yourself and the advertiser, including bank details and the advertisement itself.
  • Use legitimate well-known rental agencies where possible.
  • Don’t hand over any money until you have seen the property and are happy with its condition. Once satisfied use a cheque or bank draft to pay the deposit.

Be Alert

  • Don’t make any payments until you have been given the keys and signed the rental contract. Always check that the keys fit the lock.
  • Remember, don’t transfer any money unless you have carried out all the relevant checks and you are sure that the list is genuine.
  • Don’t be embarrassed if you have been scammed. Report it to your local Garda Station and contact your Credit Union.

Money Muling is a type of money laundering and the majority of money muling incidents involving current accounts belonging to those aged in their late teens and early twenties.

  • Criminals are deliberately targeting teens and young adults when recruiting money mules so it is critical that this age group as well as their parents fully understand how these crimes operate and how they can avoid getting caught up in it.
  • While money muling might initially appear to be an easy fix for those who are struggling financially or want to make some extra money, young people need to be aware that money muling is effectively money laundering and therefore a criminal offence.
  • Money mules are typically recruited though social media in what appears to be a friendly approach by the criminal offering ‘easy’ money in return for something which appears as simple as opening a new current account on behalf of the criminal or using their own current account to lodge or transfer money.

 The consequences of becoming involved in muling are very serious!

  • People who are recruited as money mules can be threatened with violence or physically attacked if they do not continue to allow their account to be used by the criminals to transfer
  • If convicted of these serious criminal offences, a person could face a prison term of between five years and ten years.
  • Being charged and convicted of this offence can have serious implications for students, including being banned from travelling to certain countries such as the United States.
  • As well as having a criminal record, money mules who are caught face having their current account closed and will have difficulty opening another account and accessing loans or other credit facilities in the future.

What to watch out for

  • Beware if you receive an unsolicited email or social media message that promises easy money for little or no effort.
  • Never agree to open a new current account in your own name in order receive a transfer/inbound payment on behalf of the criminal.
  • Do not accept any job offers that ask you to use your own current account to transfer money – a real company will not ask you to do this.
  • Never give your financial details to someone you don’t know and trust, in particular if you have met them online.
  • Acting as a money mule can damage your credit and financial standing.

Red Flags for Parents / Guardians

  • Be on the lookout for signs of your child suddenly having extra money or becoming secretive, withdrawn, or stressed.
  • Additional red flags include the appearance of increased spending on new clothes or technology with very little explanation as to how they got the money.
  • Teens are particularly at risk because they are often unaware of the true nature of the activity that they are undertaking. They are attracted by the lure of money in return for the use of their current account to move money on behalf of criminals.
  • If you think your child may have become a victim of money muling, contact your local Garda station, and inform their Financial Institution immediately.
  • Being a Money Mule is a criminal offence under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and it can carry up to 14 years imprisonment.

This scam involves fraudsters posing as family members to manipulate victims into transferring money.

  • Parents are targeted by criminals pretending to be one of their children, saying they are texting from a new number as their phone has been lost or damaged.
  • They typically begin the conversation with “Hello Mum” or “Hello Dad” and then ask for their parents to transfer money urgently as they need to buy a new phone or pay a bill.
  • Typically, the conversation on WhatsApp, or via text message, is started by an automated bot, and then forwarded to a human who can communicate with the victim if they engage.
  • Some can take weeks because they believe that, if they can really dupe those people, it might be worth it!!

Impersonating family members is a new tactic by criminals to undermine people’s mental safeguards against being defrauded.

  • These scammers believe if you can add the psychological element into a scam, they work far better than the previously used phishing emails thrown out as a net.
  • When you are called Mum or Dad, that is what many people would have in their phonebook. Preying on the heartstrings by saying they have lost their phone – it fits in with what is very likely.
  • It is easy for criminals to obtain a database of names, phone numbers and dates of birth through the dark web and social media channels.

WhatsApp is designed to protect people from unwanted contact, which is why, whenever you get a message from someone who isn’t in your contacts, it should ask if you want to block or report them.

Romance fraud occurs when you think you’ve met the perfect partner online, but they are using a fake profile to form a relationship with you. They gain your trust over several weeks or months and have you believe you are in a loving and caring relationship.

  • A romance scammer may ask you to send money for: Travel expenses like a plane ticket or a visa or perhaps medical expenses like surgeries.
  • In the beginning these amounts may be small in value, until a stronger relationship has been established, building the relationship & tricking the victim.
  • The scammer will often use endearing, loving terms such as “dear,” “darling,” and “love of my life’’, making the victim feel as special as possible. Romance scammers may also propose marriage extremely quickly.

Sometimes, the extent of the scam is not fully known because many of the victims are too embarrassed to report the fraud to Gardaí.

Behaviour of Romance Scammers

  • They might try to move the conversation away from dating websites, suggesting that you move to direct messaging, text or phone calls.
  • They might try and avoid answering personal questions about themselves. The details that they do tell you seem made up or do not reflect reality. For instance, they may say that they’re university educated, but their spelling and grammar is poor.
  • They try to establish a bond quickly. For example, they may give you an endearing pet name e.g., baby, darling, etc.
  • They ask for financial help, telling you about money problems in the hope that you’ll offer to help.
  • They are never available to meet you in person, presenting obstacles and may go as far as making arrangements and cancelling them at the last minute.

Your Credit Union Debit Card is secured with a Chip & PIN. Fraud carried out on cards that have been lost or stolen is quite low these days, since the introduction of Chip & PIN.

Important! Credit Union Debit Card holders should still immediately report an incident of loss, theft or any suspicious activity regarding their Debit Card to their Credit Union or Credit Union Card Services on +353 (1) 693 3333 available 24/7.

Always keep your Card PIN secure and Cover your hand while entering your PIN at an ATM or Point of Sale key pad.

ATM skimming is when criminals electronically “skim” the Magnetic Stripe at the back of a card in order to steal a card’s details and PIN during ATM transactions.

  • By fitting an often-unseen portable electronic card reader and mini camera onto an ATM, criminals can create a fake plastic card, which contains the real cards details – this is known as a counterfeit card that can potentially be used in foreign countries that have not yet implemented Chip & PIN technology
  • For skimmed card data to be of greatest use to the criminal, they also need to know the PIN number for the card and using the combined information, can withdraw funds from accounts.
  • The cardholder information obtained from skimming incidents is normally sold onto crime syndicates and used immediately. While the crime can happen at your local ATM the fraudulent transaction may well take place abroad.
  • It is important to check your Current Account statements regularly to identify suspicious or disputed transactions. The sooner you spot and report any purchases that you didn’t make, the sooner your Credit Union can stop further fraudulent activity on your account.