Privacy and Security

 

San Francisco Federal Credit Union has a robust Member Information Security program that ensures adequate security is built into our platforms, which include the latest cutting-edge technology, internal processes and staff manpower. We take extensive measures to protect your personal information, and are constantly monitoring accounts for fraud and identity theft. We ensure ongoing compliance to industry required security frameworks to verify that our internal procedural operations have security built into them.

 

If you believe you have been a victim of fraud please call us immediately 415.775.5377.

1. Introduction and Intention

San Francisco Federal Credit Union strives to serve your needs and to protect your identity and any information we collect about you.

Our Privacy Policy:

  • covers your interaction with San Francisco Federal Credit Union, its affiliates, and companies engaged by San Francisco Federal Credit Union and its affiliates to render online services when you visit any mobile or online site or application that we own, including, but not limited to, our website, SanFranciscoFCU.com, and our mobile apps (“Site”);
  • describes the categories of personally identifiable information (“Personal Information”) that we may collect about you when you visit our Site;
  • describes the categories of other persons or entities with whom we may share your Personal Information;
  • discloses whether other parties may collect Personal Information about your online activities over time and across different websites when you use our Site;
  • describes the way you can review and request changes to any of your Personal Information that we collect;
  • describes how we will inform you of important changes to our Privacy Policy;
  • discloses how we respond to web browser “do not track” signals or other opt-out mechanisms;
  • discloses if we engage in the collection of your Personal Information about your online activities over time and across different websites;
  • describes how we safeguard children’s privacy;
  • describes the European Union’s General Data Protection Regulation; and
  • makes clear that no action on your part is needed.

2. What Information Do We Collect?

We may collect Personal Information when you enter data into an application for new products or services or when you use our products and services. Personal Information may include your name, Member Number, home or other physical address, Social Security Number, telephone number, and email address. We do not collect Personal Information from you when you simply browse our Site. However, our Site may collect non-Personal Information such as your IP address and device identifier.

We take your online privacy seriously and make the safeguarding of your Personal Information a priority. We collect Personal Information only as allowed by law. Use of the internet makes it possible for other parties to collect data about your online activities over time and across different websites, including when you use our Site. Please scroll down to learn more about Mobile and Online Security.

3. With Whom Do We Share the Information We Collect?

We do not share your Personal Information with affiliates as set forth in our Consumer Privacy Policy . We do not sell your Personal Information. We may use or share your non-Personal Information to enhance your experience on our Site, to help deliver our ads on your web browser, and to measure advertising campaign effectiveness.

4. Keeping Your Information Accurate

It is important that we have accurate and up-to-date information about you. If you notice that your information is incomplete, inaccurate, or out of date, please contact us at 1-415-775-5377 or visit a branch. You can also review and request changes to certain Personal Information such as your email address, mailing address, and telephone number on our Site.

5. Policy Updates

We may change our policy from time to time. When we do, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. Any changes to our policy will become effective when posted unless indicated otherwise. On May 25, 2018, new privacy regulations from the European Union, known as the GDPR, took effect. The regulations are designed to protect privacy rights of residents of EU countries. We comply with the GDPR as applicable.

6. How You Can Control Your Information

Our Site is designed for optimal viewing with cookies enabled (cookies are small text files that collect internet traffic data). For example, cookies store your preferences for when you visit our Site. If your web browser settings allow cookies, our Site will utilize them. You may disable or remove cookies by accessing your web browser settings. Our Site will still function without cookies, but some features may not work properly. Please note that due to a lack of consistent standards across browsers, our Site may not respond to “do not track” browser settings. We do not monitor your online activities after you leave our Site.

We only use your Personal Information for certain purposes allowed by law (see Section 3 and refer to our  Consumer Privacy Policy ), which you cannot limit. Additionally, you cannot opt out of our sharing non-Personal Information such as your IP address and device identifier.

You may, however, be able to opt out of certain advertisements. To learn more about a particular advertising network (including how to opt out), click on the industry group network symbol or link located on the advertisement.

7. Children’s Privacy

We do not knowingly collect Personal Information from individuals under the age of 13 who use our Site without obtaining consent from a parent or legal guardian.

To learn more about the Children’s Online Privacy Protection Act (COPPA), please visit the National Credit Union Administration Regulatory Alert by clicking  here  or the Federal Trade Commission’s website by clicking  here .

8. Do You Need to Take Any Action at This Time?

No, you do not need to take any action regarding any of the above.

Review the below tools and information available to help you recognize fraudulent activity, and steps to take if this occurs.

COMMON SCAMS, MOTIVES & TIPS TO AVOID FALLING VICTIM

Phishing is a scam that attempts to trick consumers into providing personal information. A communication claiming a need to verify personal information is sent, often directing consumers to a fake website to verify personal details or prove eligibility for a non-existent prize. These fake websites and email messages can look legitimate, using logos and other elements from actual financial or government institutions.

E-mail Phishing

  • The attempt to acquire confidential information through spam and e-mail spoofing.
  • Usually contain an E-mail with a fake logo and an urgent call to action.
  • San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply.

Web Phishing

  • The attempt to acquire confidential information through malicious or fake cloned websites.
  • Usually comes in the form of a Website requesting sensitive data.
  • San Francisco FCU will never send you an e-mail asking you to verify or send personal information in reply or via a website.

Phone/SMS Phishing

  • The attempt to acquire confidential information through phone impersonation. The calls or text messages often instruct consumers to urgently call a telephone number.
  • Consumers who fall victim to these call the number and furnish sensitive information to a person they believe is trusted.
  • Security attacks that include text messages are especially important, as often the consumer is tricked into clicking on a link and thereby downloading a Trojan horse, virus or other malware onto their cellular phone or other mobile device.

Social Engineering

  • The attempt to use Psychological manipulation of people into giving confidential information for the purpose of information gathering, fraud, or system access. Also known as Human hacking.
  • Social engineering has many attack vectors including email, phone, in-person conversation, social networking, and even snail-mail or fax.

The Attacker's Motives

  • Financial gain:  For obvious reasons.
  • Political gain:  Think of cyber warfare and terrorism. For instance, you may have heard about the alleged state-sponsored attacks coming from China or Russia. Or the hacker groups that have formed and launched attacks in support of ISIS.
  • Personal vendettas:  This can include revenge, disgruntled employees and insider attacks. However, this could also be disgruntled members or non-members with the same motives.
  • Malice or curiosity:  The classic stereotype of hackers depicted in TV and film. While some may want to prove their SE expertise, some could be amateurs who are curious to test what they are capable of.

Tips To Avoid Falling Victim to Scams

  • Never give out bank account or credit card numbers over the phone if you didn't initiate the call to a reputable, known business. Scam artists constantly try fresh stories to trick consumers into giving out their private personal and financial information.
  • Do not reply to the unsolicited e-mail or respond by clicking on a link within the unsolicited e-mail message. Make sure you know who or where an e-mail is from before opening any attachments.
  • If entering personal data, be careful and be sure to only do so on Web sites known to be legitimate and secure.  Always look for a “locked padlock” in the browser or “https” at the beginning of the Web site's URL address for proof of security.
  • Check your accounts, view statements, and verify all transactions a few times per month for any unauthorized charges.
  • Regularly update anti-virus software and system security patches.
  • Try to stay away from "free offers," especially those that ask you for private information bank account or credit card numbers. Keep in mind that such great offers tend to cover up the real purpose of just persuading you to give up your financial information.

For more information about Phishing scams, please visit these sites:

www.bbb.org/phishing
www.callforaction.org
www.ftc.gov/bcp/edu/microsites/idtheft