• 
• 
• 
• 
• 
• 
• 

 

Security threats

News stories continue to appear about fraud committed with stolen personal information. Our own website seemingly maintains headlines regarding identity theft and phishing on a regular basis. Why is this so important? In today's information era, it is quite simply easy to have your identity stolen. As your credit union, committed to your financial safety, we feel you need to know the latest info to keep your self and your accounts safe.

Remember DUFCU will NEVER ask for your personal information, account number, PIN, or any sensitive account information via email. If you receive an e-mail that purports to be from DUFCU and asks for account information- you should consider it to be a fraudulent attempt to obtain your personal account data for an illegal purpose and you should not follow the instructions in the email. If you are confused or would like to verify the request, simply call 919.684.6704 option 1.

Current Threats- Identity Theft- New Alert

Find out more about identity theft and how to protect yourself.

Security Policy

When you visit our secure web site to access your account, you will be asked for a personal identification number, which will give you access to the member only section of our web site. This information enables Duke University Federal Credit Union to regulate entry to the member only portions of our web site and to measure member usage. Any identifying information gathered is not sold or given away to third parties.

Secure Sockets Layer (SSL) Encryption

Using cryptography ensures the privacy of the communications between you (your browser) and our server. Cryptography simply scrambles messages exchanged between your internet browser and our Internet Account Access server. Encryption happens as follows: when you go to the Log-in page for Internet Account Access, your browser establishes a secure session with our server. The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption.

The SSL protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received.

The SSL protocol, not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the information sent. You can tell whether your browser is in secure mode by looking for the secured lock symbol at the bottom of your browser window. You will also know your are in the secure site by the https:// designation in the location bar of your web browser.

Today's browsers offer 40-bit, 56-bit or 128-bit encryption. All result in a very large number of possible combinations. Our servers are compatible with these encryption levels, however we recommend the use of 128-bit capable browsers for the highest level of security. Members accessing their account from international countries will be limited to 40-bit encryption due to international standards.

Duke University Federal Credit Union Home Page (www.dukefcu.org)

Portions of this web site are also secure with SSL in the same manner as outlined for the Internet Account Access server at a 40-bit encryption level only. The areas of this web site that are secured include online forms and applications. All other areas of this web site are for information purposes only and no member information is sent over the internet from these pages.

Your Browser's Encryption Level

Follow these steps to determine the level of encryption that your browser supports. In Netscape, go to a secure page then click on View in the main menu, then on Page Info. The level of encryption should be shown under Security. In Internet Explorer, go to Help then About Internet Explorer. Some information will appear, including Cipher Strength (encryption level). To determine the security of a Web page within a frame, use the right mouse button to click inside the frame, click Properties on the menu that appears.

Obtaining a Secure Connection

The use of SSL requires that you have an SSL compatible browser. While older browser versions may support SSL sessions, Duke University Federal Credit Union recommends using the following browsers to access our web site.

Windows and Unix operating systems: Minimum browser requirements: Netscape 4.7 or later or Microsoft Internet Explorer 4.01 or later.

Macintosh: Minimum browser requirements: Netscape 4.7 or later or Microsoft Internet Explorer 4.01 or later.

You can download the latest browser versions from either of the links below.

• Netscape 4.7
• Internet Explorer 5.0

Personal Identification Number (PIN)

Duke University Federal Credit Union is dedicated to providing alternative financial options with stringent security measures to protect our members. Our online Internet Account Access solution is dedicated to providing you privacy and protection.

So, it is also important to verify that only authorized persons log into your Internet Account Access account. This is achieved by verifying your PIN. You will receive a PIN when you sign-up for Internet Account Access. When you enter your PIN at the log-in screen, it is compared with the PIN we have stored in our secure server. We allow you to enter your PIN incorrectly three (3) times per log-in. After 3 failed attempts, it is determined to be fraudulent activity and the account is "locked out" and no further log-in attempts will be allowed until you contact the Credit Union to regain access to your online account. We recommend that you change your PIN after you log-in the first time for security reasons.

You play a crucial role in preventing others from logging on to your account. Never use a PIN that is easy to guess. You can and should periodically change your PIN from the Change PIN button in Internet Account Access.

Duke University Federal Credit Union is dedicated to providing alternative credit union options with stringent security measures for our members. We have your privacy, protection, and piece of mind at the forefront of our online Internet Account Access solution.

Since you will have the capability to print account information displayed on your computer screen, remember to secure this information in the same manner as your normal credit union statements and receipts.

Automatic Sign-off

We provide a number of additional security features in our online Internet Account Access service. Internet Account Access will "timeout" or sign you off after pre-determined period of inactivity. This prevents curious persons from continuing your Internet Account Access session in case you have left your PC unattended without logging out.

However, we strongly recommend that you always sign-off (log out) when you are done with your Internet Account Access session.

Firewalls

It is important to point out that the computers that store your actual account information are not hooked up to the Internet. The requests you make through the Internet are handled by our Internet Account Access servers, which retrieve the information you requested from our data processor's mainframe via a proxy-based firewall server. All incoming IP (internet protocol) traffic is actually addressed to the firewall, which only allows authorized information to flow into the credit union's servers. This firewall server acts as the go-between when you conduct transactions on our online Internet Account Access computers, which are secured as discussed earlier.

To protect the accuracy of data and guard against unanticipated threats, standard data processing practices are employed for regular backup of data. This includes archiving and off-site storage, computer virus protection and identification as part of our formal disaster recovery plan. This plan includes regular testing of this plan as well as a business resumption plan in the event of a disaster. We have also instituted data processing auditing processes to regularly review processes for appropriate access to customer data and other standard security objectives. Our Internet processes also include data security devices to protect against unauthorized access. We will permit only authorized employees who are trained in the proper handling of member information to have access to your information.

Our goal is to provide you with the best financial products and services available. Our commitment is to protect your privacy in all situations and to work closely with members to meet their needs.