Online Banking and Mobile Banking use multifactor authentication to verify user identity at login.

Our Online and Mobile Banking platforms do not store any information in the user’s device or the web browser cache. All data is securely transmitted to servers using Transport Layer Security (TLS).

No; answers to challenge questions can be discovered or guessed easily. Instead, we use one-time passcodes (OTPs) sent out via SMS or phone calls.

In the event your mobile device is lost or stolen, it’s beneficial to be able to remotely wipe your data to prevent unauthorized access. Install and configure an app that will let you remotely locate and wipe your mobile device (’Find My iPhone’ for iOS devices is an example of such software).

No; to reduce risk, our mobile solutions do not allow risky activities such as changing profile information. 

No; if a member’s mobile device or tablet is lost or stolen after authentication, the account cannot be accessed without the username and password. 

Going paperless will reduce the chance of mail fraud. Sign up for paperless statements by logging in to Online Banking.

Only download apps from trusted sources such as the Apple App Store, Google Play, and Amazon Stores. This will protect you from downloading fraudulent or malicious mobile apps that may target your data.

Yes; add your Chevron Federal Credit Union debit or credit card into mobile payment apps that use tokenization – like Apple Pay^®, Android Pay™ or Samsung Pay™. When you use mobile payment technology may help to protect your card number from fraud. 

At home and on the go, protect the information on your electronic devices with these tips:

• Log off Online Banking or Mobile Banking when you have completed your transactions.
• If your device is Bluetooth capable, make sure ’Discoverable’ mode is disabled. This prevents your phone from being detected by others scanning for Bluetooth devices in the area.
• Keep your internet browser up-to-date with auto updates, or manually update your browser as follows:
  • Internet Explorer: Go to Tools, click Windows Update, and follow instructions to download the latest patches.
  • Firefox: If you have an older version, click Check for Updates in the Help menu. For newer versions, go to Options, and the Update tab allows you to select how you’d like to check for updates.
  • Chrome: Click the Chrome menu, and select About Google Chrome. The current version number is the series of numbers beneath the Google Chrome heading. Chrome will check for updates when you’re on this page. Click Relaunch to apply an available update.
  • Safari: Keep Safari updated by keeping your software system updated.
• Keep your computer system and anti-virus software up-to-date with auto updates, or you can manually update as follows:
  • Windows: Go to Tools in your browser. Click Windows Update, and follow instructions to download the latest patches.
  • Mac: Choose Software Update from the Apple menu.
• Disconnect from the internet, or shut down your computer when you are not using it.
• Do not store more personal information on your computer than is necessary, especially on laptops.
• Run anti-spyware software to remove any spyware from your computer or mobile device. 
• Use an anti-spam filter to protect you from malicious email content.
  Install a personal firewall, or use your computer’s firewall, to help prevent unauthorized access.
• Immediately leave suspicious websites, and do not follow instructions on them. For Internet Explorer (IE) users, you can adjust your browser security setting to Medium, a level that makes it more difficult for some malware to attack (select Internet Options from the Tools menu, then choose the Security tab).
• Avoid using Online and Mobile Banking on public WiFi networks. 
• Educate yourself on internet fraud with the Federal Trade Commission’s Identity Theft section. 
• Monitor your credit report, and conduct an in-depth review once per year.
• Look for the padlock symbol in the url bar to verify that a website is secure before you enter confidential personal information.
• In order to protect your accounts from unauthorized access, always use strong passwords: 
  • Update your Online Banking password regularly.
  • Misspell a word or change a letter to a symbol.
  • Avoid keeping a list of passwords by your computer.
  • Change your password immediately if you believe it has been compromised.
  • Do not give your passwords to anyone.
  • Do not use the same password on multiple sites.
• Email
  • Regular emails are not encrypted or secure, and it’s not difficult for hackers to access them. If you are emailing personal information, be sure to use our secure email options in Online Banking and Mobile Banking.
  • Remember these tips when using email: 
    • Do not reply to emails that ask for or request you update any of the following: passwords, Personal Identification Number (PIN), credit or debit card numbers, Social Security number, or other personal information. 
    • Delete spam instead of unsubscribing from it. This will avoid your clicking on a malicious link.
    • Do not engage with get-rich-quick offers. 
    • Do not open emails and/or email attachments when you do not know or recognize the sender. 
    • Chevron Federal Credit Union will never send emails requesting personal information.
• Fraud
  • If you think someone is trying to get your personal information, or if you are worried you gave out too much information, report the incident to Chevron Federal Credit Union immediately by calling 800-232-8101 (those outside the U.S. can call 510-627-5000). Then change your passwords and monitor your account online to verify account transactions are valid.
  • Balance your account(s) at least once per month. Report any discrepancies in a timely manner.

The following are examples of how an unauthorized user may attempt to gain access to or exploit online and mobile systems:

• Identity theft — a successful social engineering attack in which a person deliberately assumes the identity of another person for financial gain.
• Phishing — a form of social engineering characterized by attempts to gain access or personal information by impersonating a legitimate organization or individual via email, instant message, or a website.
• Pharming — the exploitation of vulnerabilities in the DNS servers that allows a hacker to acquire the Domain Name (e.g. “mycompany.com”) for a site and to redirect traffic from that company’s legitimate site to the hacker’s website.
• Viruses / Trojans — malicious software intended to intercept or take control of a computer’s operation without the user’s consent. Viruses are typically used to destroy data or harm the computer: some are fairly benign while others are designed to capture personal information and transmit it back to the hacker’s web site.
• Spyware / Keystroke loggers — this malicious software is used to capture personal information without the user’s knowledge. They are similar to viruses and trojans, although spyware and keystroke loggers are typically not self-replicating.