HomeContact UsATM LocationsFormsLinksFAQsSitemapAndroid AppiPhone AppFacebook



Security threats

News stories continue to appear about fraud committed with stolen personal information. Our website maintains headlines regarding identity theft and phishing on a regular basis. Why is this so important? In today's information era, it is quite easy to have your identity stolen. As your credit union, committed to your financial safety, we feel the first step to keeping you safe is to educate you.

Remember Duke Credit Union will NEVER ask for your personal information, account number, password, or any sensitive account information via email. If you receive an e-mail that looks to be from Duke Credit Union, but asks for account information, consider it to be an attempt to obtain your personal account data for an illegal purpose. You should NEVER follow the instructions in any suspicious email. If you are unsure and would like to verify the request, simply call 919-684-6704.

Current Threats

Find out more about identity theft and how to protect yourself.

Security Policy

When you visit our secure web site to access your account, you will be asked for a Username and Password, which will give you access to the member only section of our web site. This information enables Duke University Federal Credit Union to regulate entry to the member only portions of our web site and to measure member usage. Any identifying information gathered is not sold or given away to third parties.

Secure Sockets Layer (SSL) Encryption

Using cryptography ensures the privacy of the communications between you (your browser) and our server. Cryptography simply scrambles messages exchanged between your internet browser and our I-Access server. Encryption happens as follows: when you submit your Username for I-Access, your browser establishes a secure session with our server. All information sent is encrypted for your safety, using a protocol called Secure Sockets Layer (SSL) Encryption.

The SSL protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to de-scramble (decrypt) the messages when they are received.

The SSL protocol, not only ensures privacy, but also ensures that no other browser can "impersonate" your browser, nor alter any of the information sent. You can tell whether your browser is in secure mode by looking for the secured lock symbol at the bottom of your browser window. You will also know your are in the secure site by the https:// designation in the location bar of your web browser.

Today's browsers offer 128-bit or 256-bit encryption. All result in a very large number of possible combinations. Our servers are compatible with these encryption levels, however, we recommend the use of 256-bit capable browsers for the highest level of security.

Your Browser's Encryption Level

The use of SSL requires that you have a capable browser. While older browser versions may support SSL sessions, Duke University Federal Credit Union recommends using the most current browsers to access our web site.


You can download the latest browser versions from the links below.

i-Access Security

Duke University Federal Credit Union is dedicated to providing alternative financial options while maintaining a high standard of security to protect our members. We have your privacy, protection, and piece of mind at the forefront of our online I-Access solution.

It is also important to verify that only authorized persons log into your I-Access account. This is achieved by creating security questions when you first login to your i-Access account. When you enter your password and/or security answers at the log-in screen, it is compared with the password we have stored in our secure server. We allow you to enter your password/answers incorrectly three (3) times per log-in. After 3 failed attempts, it is determined to be fraudulent activity and the account is "locked out" and no further log-in attempts will be allowed until you contact the Credit Union to regain access to your online account. We recommend that you change your password and establish your security questions when you log-in for the first time.

You play a crucial role in preventing others from logging on to your account. Never use a password that is easy to guess. You can and should periodically change your password from the Other Options drop down in I-Access.

Duke University Federal Credit Union is dedicated to providing alternative credit union options with stringent security measures for our members. We have your privacy, protection, and piece of mind at the forefront of our online Internet Account Access solution.


Automatic Sign-off

We provide a number of security features in our online I-Access service. One such feature of I-Access is that it will "timeout" or sign you off after pre-determined period of inactivity. This prevents others from continuing your I-Access session after you have left your PC unattended.*

*We strongly recommend that you continue to log-off when you are done with your I-Access session as there is still a risk of others gaining access prior to the session timeout.


It is important to point out that the computers that store your actual account information are not hooked up to the Internet. The requests you make through the Internet are handled by our I-Access servers, which retrieve the information you requested from our data processor's mainframe via a proxy-based firewall server. All incoming IP (internet protocol) traffic is actually addressed to the firewall, which only allows authorized information to flow into the credit union's servers. This firewall server acts as the go-between when you conduct transactions on our online I-Access computers.

To protect the accuracy of data and guard against unanticipated threats, standard data processing practices are employed for regular backup of data. This includes archiving and off-site storage, computer virus protection and identification as part of our formal disaster recovery plan. The plan includes regular testing, as well as, a business resumption plan in the event of a disaster. In addition, we routinely have data processing and security audits to review appropriate access to customer data and other standard security objectives. Our Internet processes also include data security devices to protect against unauthorized access. We will permit only authorized employees who are trained in the proper handling of member information to have access to your information.

Our goal is to provide you with the best financial products and services available. Our commitment is to protect your privacy in all situations and to work closely with members to meet their needs.