ECCU Blog

If you’re like me, last week’s bank card breach involving Global Payments prompted a question: “Was my card affected?” While the odds of the answer being “yes” are small—just a fraction of the billion or so cards in use in North America were affected by the breach—the thought of nearly 1.5 million cards being compromised is still alarming.

We received an alert from the Credit Union National Association (CUNA) this week that says, in the wake of this card breach, you’re wise to be vigilant about card security. Quoting from the alert:

In the wake of the card breach, the next several days or weeks are critical for credit union members to be on the alert for any suspicious emails, text messages or phone calls requesting personal or financial information, especially card data. The card information that may be requested includes, cardholder billing address, 3 digit CVV2/CVC2 code found on the back of the card, or enrollment criteria/passwords for Verified by Visa or MasterCard SecureCode. This card information was not part of the recent Global Payments breach. Criminals may ask members for this information to add to the other card data they may have obtained from the breach to perform card present (key entered) or card-not-present (mail/telephone/internet) non-magnetic stripe transactions.

Given this cautionary note, here’s a reminder: NEVER respond to emails, text messages, or phone calls requesting this type of information. If you receive a suspicious request, contact ECCU immediately at 800.634.3228. And be sure to monitor your financial accounts closely, and report any discrepancies.

I was in a meeting the other day when one of my coworkers received a text message on her cell phone from the bank where her daughter, a college sophomore, has an account. She looked at her phone and commented, “It looks like there’s some strange activity on my daughter’s account.”

After the meeting she contacted her daughter and discovered that the strange activity was fraud, but thanks to the early detection by her bank, it would be handled swiftly.   This experience was a powerful personal reminder of how technology can now mitigate the risk of fraud in our banking relationships.   

The message my coworker received is called an alert. Banks send alerts to inform or remind you of important transactions, including those that might place you at risk.  Alerts can be sent to an individual, a group, or even a department. Best of all, online banking allows you to set up alerts to meet your specific needs.

For example, you can configure alerts to inform you when:

• All transactions from the previous day exceed a certain threshold
• A check has cleared
• Your balance drops below a pre-selected dollar amount

In addition to helping combat fraud, alerts can also help you manage your account by understanding transaction posting times and balance levels. 

At ECCU we offer these types of alerts and more through online banking. To find out more, follow this link.

How have you used alerts on your online bank accounts?

“As hard as it may be to believe, embezzlement is a relatively common occurrence in churches.”  — Richard Hammar, attorney and CPA

I recently did some research on fraud while preparing a presentation for ministry leaders about protecting their ministry assets. I expected to find some news articles but was surprised to find so many reports of fraud recently discovered in churches and nonprofits.

Like me, many in the ministry world probably think that embezzlement rarely happens. Unfortunately, we are wrong.

So why is fraud on the rise—and what can we do to prevent it?

We know that three things must exist for fraud to occur: pressure, opportunity, and rationalization. Certainly, the current economic environment has created financial pressure for some workers and volunteers who, given the opportunity, might rationalize this immoral behavior. While we can’t control the pressure workers or volunteers may experience, or even how they may rationalize stealing, we can control the opportunities for fraud or embezzlement within our ministries.

The first step is to conduct a risk assessment. This simply means sitting down with your team and talking about where losses might occur. As you begin to identify those risk areas, you can determine which ones pose the greatest risk for your organization, workers, and volunteers. Typical high-risk areas include inadequate separation of duties between related tasks and a lack of dual custody when handling valuable assets such as contributions.

Addressing these areas doesn’t mean you are creating an environment of distrust. On the contrary; you are building accountability and transparency—protecting both your ministry and the people who work or volunteer for it.

Guarding your ministry against fraud begins with an honest assessment of your vulnerability. Then, apply a sound system of internal controls such as separation of duties, dual custody, and transparency in financial reporting. (You may also want to revisit who has authority over your accounts.)

To learn more about preventing fraud, you might want to read our white paper Handling Cash: A Common Sense Approach to Securing Your Ministry’s Most Liquid Asset.

Has your ministry taken any other steps to reduce opportunities for fraud?

Question: What is one way to make it easier for someone to cover up fraudulent activity with your church’s finances?

Answer: Create too many church bank accounts.

According to a recent Managing Your Church blog by Matt Branaugh, this is one of five reasons church treasurers should keep accounts to a minimum. In Q&A: Limit the Number of Church Bank Accounts, Branaugh writes that “conventional wisdom in the church finance world is for churches to limit the number of bank accounts the church uses. Ideally, a church should use only one or two.”

The five reasons underscore the importance of accountability and internal controls.

Does your church limit the number of bank accounts? Why or why not?

When I joined the ECCU staff, I was surprised by the scope of training we receive here. Regular training on matters of banking security is mandatory, even for those like me who don’t handle member’s money or have access to their personal information. 

Some of this training is fascinating. In one session a video showed us the sophisticated methods hackers use to get at people’s information online. It had an effect similar to that old documentary Scared Straight. I left the session and immediately changed many of my passwords to make them more secure. 

A recent Forbes article used a little intrigue to underscore the importance of picking smart passwords. “25 ‘Worst Passwords’ of 2011 Revealed” makes you smile unless yours is on the list. My favorite is “letmein.” 

Besides a chuckle, the article gives readers practical guidance, including three tips from a list of password best practices created by NASA to help safeguard their rocket science, including: “It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.” 

Have you chosen smart passwords to protect your important information and assets?