Skip to main content

Not an online banking member?
Register today!

My Account Login

Not an online banking member?
Register today!

Preventing Credit Card & Debit Card Fraud

  • Use caution when shopping online and only make purchases from reputable websites.
  • Make sure your home computer is equipped with virus, spyware, and malware protection to ensure your security from outside threats. Additionally, make sure your home wireless network is password protected.
  • Never enter your account information on a public computer or network.
  • Never leave receipts such as ATM, supermarket, and self-service gasoline pump receipts behind where someone could pick them up.
  • Don’t allow anyone to put your account number on a check or any other document not associated with a purchase on your account. (In some states, this is against the law.)
  • Never give your account number to someone calling you on the phone, even if the caller says it will be used to claim a prize or award.
  • Store your credit card and/or debit card in a secure place where you will immediately know if it is missing.
  • Sign the back of your credit card and/or debit card in ink as soon as you receive it.
  • Never leave your credit card and/or debit card as a “security deposit” or as identification. Instead, use your driver’s license.
  • Never lend your credit card and/or debit card to anyone.
  • When you are expecting a new or replacement credit card or debit card, look for it in the mail.
  • Report a lost or stolen credit or debit card immediately by calling the institution or the number on the back of the card.
  • Never carry your PIN in your wallet or write it on the back of your credit card or debit card, and never choose an obvious number (such as your birth date or telephone number) for your PIN.
  • Routinely change the PIN for your debit card or ATM card.
  • Monitor your accounts weekly to detect – and report – any unauthorized transactions.
  • Review your credit bureau reports regularly. This may be the only way to identify if you are a victim of identity theft. An annual credit report can be view for free by visiting:
  • Only carry the cards you intend to use. Leave the others at home in a safe place.
  • Be aware of any skimming devices used at ATMs, Gas Stations, etc.

Identity theft occurs when someone else uses your name and social security number to set up false credit accounts, write bad checks and/or enter into contracts in order to defraud. In order for someone to do this they must have access to personal information such as name, social security number, address, date of birth etc. Unfortunately this information is not that hard to obtain these days. There are some things you can do to protect yourself:

  1. Don’t put your social security number on your checks or any other papers that you may give out.
  2. Take inventory of the things you carry in your wallet. You may carry your Social Security card or have store credit cards you hardly ever use. These can be stolen and used before you even know they are missing. Check them on a monthly basis. 
  3. The federal government has passed a law that allows you to check your credit rating once a year.  Here is the link or call toll free (877) 322-8228.
  4. When a wallet is stolen or your house broken into let us know immediately.
  5. Pay attention if you get a collection call from a company you've never heard of or if you get turned down for a loan. This may be the first indication someone else is using your name.
  • Come see us, we will help you through the process
  • Come in even if you aren’t sure, we won’t mind, we’d be relieved to tell you its nothing
  • Once it is confirmed report it to the police

Are you following these day-to-day guidelines to keep your information secure?

Take a look at the Top 10 Security Dos and Donts!

Lost or Stolen Card

If your card has been misplaced or you suspect it has been stolen, take action right away to reduce your risk of identity theft or fraud.

To report a lost or stolen VISA® Debit Card: 1-800-472-3272

To report a lost or stolen VISA® Credit Card: 1-866-873-9702


HRCU is seeing an increase in scams and fraud attempts, especially during the holiday season.

Here are some possible scams to be aware of: 

  • Receiving a call that appears to be from HRCU and the caller begins asking you for personal information (this could include card number, expiration date, CVV number, account numbers, usernames, and personal identifying information).
  • False claims of fraudulent activity, claims that HRCU is responsible for the fraudulent access to your account, and requests you not to tell HRCU what is happening. This can also include coaching you on how to answer questions when visiting a branch to perform a transaction.
  • Requests for you to pay the caller in gift cards, or purchase gift cards online and immediately give the caller the gift card numbers.
  • Online notifications via a pop up, email or phone call claiming that something is wrong with your computer and that they can take care of it for you remotely.

When in doubt, keep the following in mind: 

  1. Callers can spoof HRCU's number to make it appear as if HRCU is calling you. HRCU will NEVER call you and ask for personal information. Hang up and call us directly if ever in doubt.    
  2. NEVER make payments in gift cards.
  3. If someone tells you not to tell HRCU about your recent activity, give us a call and let us know. 
  4. If you have computer concerns that may be legitimate, take your computer to a specialist to be looked at. 

If someone starts asking questions, or you are unsure of the conversation, hang up the phone and call our Member Support at 603-332-6840 OR talk to our advisors at your nearest branch location. 

Fraud Protection

When it comes to protecting yourself and your finances, it's essential to always be mindful of how you use, share and guard your sensitive information.

  • Use caution when asked for personal information
  • Always know who you are speaking with when discussing personal information
  • NEVER give a Social Security or Personal Identification Number out over the phone or via email

Avoiding Social Engineering Attacks

Social Engineering

In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information.  People have a natural tendency to trust.  Social engineering attacks attempt to exploit this tendency in order to steal your information.  Once the information has been stolen it can be used to commit fraud or identity theft.

Criminals use a variety of social engineering attacks to attempt to steal information, including:

  1. Website Spoofing
  2. Phishing

The following sections explain the meaning of these common attacks and provide tips you can use to avoid being a victim.

Website Spoofing

Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information.  Spoofed websites are typically created to look exactly like a legitimate website published by a trusted organization.

Prevention Tips:

  1. Pay attention to the web address (URL) of websites.  A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
  2. If you are suspicious of a website, close it and contact the company directly.
  3. Do not click links on social media sites, pop-up windows, or non-trusted websites.  Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
  4. Only give sensitive information to websites using a secure connection.  Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://".
  5. Avoid using websites when your browser displays certificate errors or warnings.


Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication.   Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, social media, and text messages (SMS).

Prevention Tips:

  1. Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don't ask for sensitive information through email or text messages.
  2. Beware of messages sent through social media.  Legitimate companies don't ask for sensitive information through social media. Beware of visiting website addresses sent to you in an unsolicited message.
  3. Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
  4. Try to independently verify any details given in the message directly with the company.
  5. Utilize anti-phishing features available in your email client and/or web browser.
  6. Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.

Report Fraudulent or Suspicious Activity

Contact us immediately if you suspect you have fallen victim to a social engineering attack and have disclosed information concerning your HRCU accounts.

Call us at (603) 332-6840 or visit your local HRCU branch location.

Regularly monitoring your account activity is a good way to detect fraudulent activity. If you notice unauthorized transactions under your account, notify HRCU immediately.

Additional Resources

To learn more about information security visit any of the following websites:

© Tandem

Mobile Financial Services

Mobile Device Protection

  • Create a complex passcode for your mobile device. Avoid using personal information (i.e., names and important dates) in your passcode. Do not share your mobile device passcode with anyone
  • Enable available security features, such as an auto-wipe feature after excessive password failures or auto-lock after a specified time frame
  • Keep your mobile device’s software up-to-date. If your mobile device prompts you to install an operating system or firmware update, review the update and install it as soon as you can to address any identfied security vulnerabilities in previous update(s).
  • Disable features not actively in use, such as Bluetooth, Wi-Fi, and infrared. Set Bluetooth-enabled devices to “non-discoverable” when Bluetooth is enabled.
  • Utilize antivirus software where applicable (i.e., Androids, Windows, etc.).
  • Do not root, jailbreak, or otherwise circumvent security controls on your device. Compromised security controls could result in the introduction of malware onto the device.
  • When finished with the device, lock it to require a passcode before the device can be used again.

Mobile Applications

  • Download and install mobile applications only from trusted sources authorized by the device manufacturer, such as Apple’s App Store, Google Play, or the Windows Store.
  • Enable mobile device features to block mobile application downloads from unknown sources.
  • When available, require a passcode to download mobile applications to prevent unauthorized installation.
  • Protect yourself from fraudulent mobile applications by watching for these signs:
    • Typos, poor image quality, or formatting issues.
    • Low number of downloads.
    • Negative user reviews.
  • Additionally, review other mobile applications created by the app developer to validate the application’s legitimacy.
  • If possible, create a passcode on any mobile application you install that may have access to your personal information.
  • When finished with a mobile application, always “Sign Out” or “Log Off” rather than just closing it.

Be On Alert

People are trying to steal your personal information. Remember to be on alert for the following types of threats to your mobile financial services.

Social Engineering

Phishing is a social engineering tactic used to obtain personal information by masquerading as a trust worthy individual through electronic communications. Some specific types of phishing include spoofing, SMiShing, and vishing.

Unsecured Wireless Networks

If you can access an Internet network without entering a password or network key, unauthorized individuals are also able to do so. If you are on an unsecured wireless network, such as a mobile or WiFi hotspot, do not use your mobile device to transmit sensitive data.

Compromised Websites

Watch for potentially compromised websites. If the website has a security error or your browser gives you a warning about the site, use caution. If you go to one web address and are redirected to another, close your mobile device’s browser immediately and remember: When in doubt, don’t click.


Our Services

  • Log into HRCU’s mobile banking site at this web address:
  • Do not type your mobile banking username and password into a site other than this.
  • HRCU's website contains direct links to the application. Visit our website at:
  • Do not download the app from other stores, as they have not been authorized and the application may be compromised.

Learn More

To learn more about information security, visit any of the following websites:

© Tandem

Online Banking Security Tips

Mobile Device Security

  • Configure your device to require a passcode to gain access if this feature is supported in your device.
  • Avoid storing sensitive information.  Mobile devices have a high likelihood of being lost or stolen so you should avoid using them to store sensitive information (e.g. passwords, account numbers, etc.).  If sensitive data is stored, enable encryption to secure it.
  • Keep your mobile device's software up-to-date.  These devices are small computers running software that needs to be updated just as you would update your PC.  Use the automatic update option if one is available.
  • Review the privacy policy and data access of any applications (apps) before installing them. Only download apps from trusted app stores (Apple, Google Play).
  • Disable features not actively in use such as Bluetooth, Wi-Fi, and infrared.  Set Bluetooth-enabled devices to non-discoverable when Bluetooth is enabled.
  • Delete all information stored on a device before the device changes ownership.  Use a "hard factory reset" to permanently erase all content and settings stored on the device.
  • "Sign out" or "Log off" when finished with an app rather than just closing it.
  • Utilize antivirus software where applicable (i.e. Android, Windows, etc.).
  • Do not jailbreak or otherwise circumvent security controls.

Online Security

  • Never click on suspicious links in emails, tweets, posts, or online advertising.  Links can take you to a different website than their labels indicate. Typing an address in your browser instead of clicking a link in an email is a safer alternative.
  • Only submit sensitive information to websites using encryption to ensure your information is protected as it travels across the Internet.  Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://".  Some browsers also display a closed padlock.
  • Do not trust sites with certificate warnings or errors.  These messages could be caused by your connection being intercepted or the web server misrepresenting its identity.
  • Avoid using public computers or public wireless access points for online banking and other activities involving sensitive information when possible.
  • Always "sign out" or "log off" of password protected websites when finished to prevent unauthorized access.  Simply closing the browser window may not actually end your session.
  • Be cautious of unsolicited phone calls, emails, or texts directing you to a website or requesting information.

General PC Security

  • Maintain active and up-to-date antivirus protection provided by a reputable vendor.  Schedule regular scans of your computer in addition to real-time scanning.
  • Update your software frequently to ensure you have the latest security patches.  This includes your computer's operating system and other installed software (e.g. web browsers, Adobe Flash Player, Adobe Reader, Java, Microsoft Office, etc.).
  • Automate software updates, when the software supports it, to ensure it's not overlooked.
  • If you suspect your computer is infected with malware, discontinue using it for banking, shopping, or other activities involving sensitive information.  Use security software and/or professional help to find and remove malware.
  • Use firewalls on your local network to add another layer of protection for all the devices that connect through the firewall (e.g. PCs, smart phones, and tablets).
  • Require a password to gain access. Log off or lock your computer when not in use.
  • Use a cable lock to physically secure laptops when the device is stored in an untrusted location.


  • Create a unique password for all the different systems/websites you use.  Otherwise, one breach leaves all your accounts vulnerable.
  • Never share your password over the phone, in texts, by email, or in person.  If you are asked for your password it's probably a scam.
  • Use unpredictable passwords with a combination of lowercase letters, capital letters, numbers, and special characters.
  • The longer the password, the tougher it is to crack.  Use a password with at least 8 characters.  Every additional character exponentially strengthens a password. Passphrases are most effective. A passphrase is a short sentence and generally easier to remember.
  • Avoid using obvious passwords such as:
    • Names (your name, family member names, business name, user name, etc.)
    • Dates (birthdays, anniversaries, etc.)
    • Dictionary words
  • Choose a password you can remember without writing it down.  If you do choose to write it down, store it in a secure location.

Additional Resources

To learn more about information security visit any of the following websites:

© Tandem